selinux alerts consoletype (consoletype_t) "read" to pipe
Daniel J Walsh
dwalsh at redhat.com
Mon Oct 8 12:10:13 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> (unconfined_t).
> To: fedora-test-list at redhat.com
> Cc: fedora-selinux-list at redhat.com
> MIME-Version: 1.0
> Content-Type: text/plain; charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> Message-ID: <292321.49938.qm at web52609.mail.re2.yahoo.com>
>
> Dear all,
>
> I am getting new alerts on the laptop, on the other
> computers the following alerts do not appear. I did
> not have the setroubleshooter working on the laptop,
> but all of a sudden because of the updates, it and the
> system updater started working.
>
> Should I dismiss these as not important?
>
> Thanks,
>
> Antonio
>
> Summary
> SELinux is preventing consoletype (consoletype_t)
> "read" to pipe
> (unconfined_t).
>
> Detailed Description
> SELinux denied access requested by consoletype. It
> is not expected that this
> access is required by consoletype and this access
> may signal an intrusion
> attempt. It is also possible that the specific
> version or configuration of
> the application is causing it to require
> additional access.
>
> Allowing Access
> You can generate a local policy module to allow
> this access - see
>
> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
> Or you can disable
> SELinux protection altogether. Disabling SELinux
> protection is not
> recommended. Please file a
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
>
> Additional Information
>
> Source Context
> system_u:system_r:consoletype_t
> Target Context
> system_u:system_r:unconfined_t
> Target Objects pipe [ fifo_file ]
> Affected RPM Packages
> Policy RPM
> selinux-policy-3.0.8-17.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name plugins.catchall
> Host Name localhost.localdomain
> Platform Linux
> localhost.localdomain
>
> 2.6.23-0.217.rc9.git1.fc8 #1 SMP Tue Oct 2
> 21:38:47 EDT 2007 i686
> i686
> Alert Count 17
> First Seen Wed 26 Sep 2007 06:34:54
> PM CDT
> Last Seen Sun 07 Oct 2007 08:56:57
> AM CDT
> Local ID
> 8b0eaa38-b9e4-4472-9cd0-ddd5b686793e
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { read } for comm=consoletype dev=pipefs
> path=pipe:[12036] pid=3102
> scontext=system_u:system_r:consoletype_t:s0
> tclass=fifo_file
> tcontext=system_u:system_r:unconfined_t:s0
>
> Summary
> SELinux is preventing consoletype (consoletype_t)
> "write" to pipe
> (unconfined_t).
>
> Detailed Description
> SELinux denied access requested by consoletype. It
> is not expected that this
> access is required by consoletype and this access
> may signal an intrusion
> attempt. It is also possible that the specific
> version or configuration of
> the application is causing it to require
> additional access.
>
> Allowing Access
> You can generate a local policy module to allow
> this access - see
>
> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
> Or you can disable
> SELinux protection altogether. Disabling SELinux
> protection is not
> recommended. Please file a
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
>
> Additional Information
>
> Source Context
> system_u:system_r:consoletype_t
> Target Context
> system_u:system_r:unconfined_t
> Target Objects pipe [ fifo_file ]
> Affected RPM Packages
> Policy RPM
> selinux-policy-3.0.8-17.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name plugins.catchall
> Host Name localhost.localdomain
> Platform Linux
> localhost.localdomain
>
> 2.6.23-0.217.rc9.git1.fc8 #1 SMP Tue Oct 2
> 21:38:47 EDT 2007 i686
> i686
> Alert Count 31
> First Seen Wed 26 Sep 2007 06:34:54
> PM CDT
> Last Seen Sun 07 Oct 2007 08:56:57
> AM CDT
> Local ID
> a29d7946-1930-4194-8c71-7edfbf95f972
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { write } for comm=consoletype dev=pipefs
> path=pipe:[12036] pid=3104
> scontext=system_u:system_r:consoletype_t:s0
> tclass=fifo_file
> tcontext=system_u:system_r:unconfined_t:s0
>
>
>
>
>
>
>
> ____________________________________________________________________________________
> Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
> http://answers.yahoo.com/dir/?link=list&sid=396545469
>
Yes this is not important. This was caused by a redirection of
STDIN/STDERR/STDOUT to a fifo file and some script probably rpm causing
a transition to consoletype, and consoletype not being allowed to talk
to the terminal. the kernel would just close the open file descriptor
and consoletype would work properly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHCh4lrlYvE4MpobMRAh4BAJ4jt6x+Ut7yUtc8Cdec+EPuxW61/wCeJ4EL
074m0LrC+hAcmjZkqDAjVPk=
=gin1
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list