New Years Resolution
Steve Blackwell
zephod at cfl.rr.com
Sat Jan 2 17:39:56 UTC 2010
OK, here is one of my New Year's resolutions:
Get a better understanding of SELinux.
I'm running a F11 box in permissive mode and I get hundreds of AVCs.
Let start with this one.
SELinux is preventing dbus-daemon (system_dbusd_t) "search"
unconfined_t.
node=steve.blackwell type=AVC msg=audit(1262408462.863:1162): avc:
denied { search } for pid=1613 comm="dbus-daemon" name="23667" dev=proc
ino=584443 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
Now, if I'm reading this correctly, the dbus-daemon process tried to
search a directory called 23667 but didn't have permission to do so.
The problem with that is that I don't have a directory called 23667.
At least there isn't one now but I suppose it could have existed at the
time the AVC was generated which was just after midnight. I'm getting
one of these every hour with different numbers for the target
directory. I thought that it might be related to a cron job but it
seems that the hourly crom job just calls anacron to check to see if
the daily, weekly or monthly cron job needs to be run. The other
possibility is that it has something to do with BackupPC.
One thing I don't understand is why SELinux is flagging this in the
first place. Since the target context is unconfined_t, should anything
be able to search it?
Steve.
More information about the fedora-selinux-list
mailing list