selinux alerts consoletype (consoletype_t) "read" to pipe

Daniel J Walsh dwalsh at redhat.com
Mon Oct 8 12:10:13 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> (unconfined_t).
> To: fedora-test-list at redhat.com
> Cc: fedora-selinux-list at redhat.com
> MIME-Version: 1.0
> Content-Type: text/plain; charset=iso-8859-1
> Content-Transfer-Encoding: 8bit
> Message-ID: <292321.49938.qm at web52609.mail.re2.yahoo.com>
> 
> Dear all,
> 
> I am getting new alerts on the laptop, on the other
> computers the following alerts do not appear.  I did
> not have the setroubleshooter working on the laptop,
> but all of a sudden because of the updates, it and the
> system updater started working.  
> 
> Should I dismiss these as not important?
> 
> Thanks,
> 
> Antonio 
> 
> Summary
>     SELinux is preventing consoletype (consoletype_t)
> "read" to pipe
>     (unconfined_t).
> 
> Detailed Description
>     SELinux denied access requested by consoletype. It
> is not expected that this
>     access is required by consoletype and this access
> may signal an intrusion
>     attempt. It is also possible that the specific
> version or configuration of
>     the application is causing it to require
> additional access.
> 
> Allowing Access
>     You can generate a local policy module to allow
> this access - see
>    
> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
> Or you can disable
>     SELinux protection altogether. Disabling SELinux
> protection is not
>     recommended. Please file a
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
>     against this package.
> 
> Additional Information        
> 
> Source Context               
> system_u:system_r:consoletype_t
> Target Context               
> system_u:system_r:unconfined_t
> Target Objects                pipe [ fifo_file ]
> Affected RPM Packages         
> Policy RPM                   
> selinux-policy-3.0.8-17.fc8
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   plugins.catchall
> Host Name                     localhost.localdomain
> Platform                      Linux
> localhost.localdomain
>                              
> 2.6.23-0.217.rc9.git1.fc8 #1 SMP Tue Oct 2
>                               21:38:47 EDT 2007 i686
> i686
> Alert Count                   17
> First Seen                    Wed 26 Sep 2007 06:34:54
> PM CDT
> Last Seen                     Sun 07 Oct 2007 08:56:57
> AM CDT
> Local ID                     
> 8b0eaa38-b9e4-4472-9cd0-ddd5b686793e
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> avc: denied { read } for comm=consoletype dev=pipefs
> path=pipe:[12036] pid=3102
> scontext=system_u:system_r:consoletype_t:s0
> tclass=fifo_file
> tcontext=system_u:system_r:unconfined_t:s0
> 
> Summary
>     SELinux is preventing consoletype (consoletype_t)
> "write" to pipe
>     (unconfined_t).
> 
> Detailed Description
>     SELinux denied access requested by consoletype. It
> is not expected that this
>     access is required by consoletype and this access
> may signal an intrusion
>     attempt. It is also possible that the specific
> version or configuration of
>     the application is causing it to require
> additional access.
> 
> Allowing Access
>     You can generate a local policy module to allow
> this access - see
>    
> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
> Or you can disable
>     SELinux protection altogether. Disabling SELinux
> protection is not
>     recommended. Please file a
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
>     against this package.
> 
> Additional Information        
> 
> Source Context               
> system_u:system_r:consoletype_t
> Target Context               
> system_u:system_r:unconfined_t
> Target Objects                pipe [ fifo_file ]
> Affected RPM Packages         
> Policy RPM                   
> selinux-policy-3.0.8-17.fc8
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   plugins.catchall
> Host Name                     localhost.localdomain
> Platform                      Linux
> localhost.localdomain
>                              
> 2.6.23-0.217.rc9.git1.fc8 #1 SMP Tue Oct 2
>                               21:38:47 EDT 2007 i686
> i686
> Alert Count                   31
> First Seen                    Wed 26 Sep 2007 06:34:54
> PM CDT
> Last Seen                     Sun 07 Oct 2007 08:56:57
> AM CDT
> Local ID                     
> a29d7946-1930-4194-8c71-7edfbf95f972
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> avc: denied { write } for comm=consoletype dev=pipefs
> path=pipe:[12036] pid=3104
> scontext=system_u:system_r:consoletype_t:s0
> tclass=fifo_file
> tcontext=system_u:system_r:unconfined_t:s0
> 
> 
> 
> 
> 
> 
>        
> ____________________________________________________________________________________
> Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out.
> http://answers.yahoo.com/dir/?link=list&sid=396545469
> 

Yes this is not important.  This was caused by a redirection of
STDIN/STDERR/STDOUT to a fifo file and some script probably rpm causing
a transition to consoletype, and consoletype not being allowed to talk
to the terminal.  the kernel would just close the open file descriptor
and consoletype would work properly.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHCh4lrlYvE4MpobMRAh4BAJ4jt6x+Ut7yUtc8Cdec+EPuxW61/wCeJ4EL
074m0LrC+hAcmjZkqDAjVPk=
=gin1
-----END PGP SIGNATURE-----

More information about the fedora-test-list mailing list