denied avc's on rawhide
Antonio Olivares
olivares14031 at yahoo.com
Wed Dec 10 18:17:20 UTC 2008
--- On Wed, 12/10/08, Daniel J Walsh <dwalsh at redhat.com> wrote:
> From: Daniel J Walsh <dwalsh at redhat.com>
> Subject: Re: denied avc's on rawhide
> To: olivares14031 at yahoo.com
> Cc: fedora-test-list at redhat.com, fedora-selinux-list at redhat.com
> Date: Wednesday, December 10, 2008, 8:33 AM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Antonio Olivares wrote:
> >> If you update to
> selinux-policy-3.6.1-8.fc11.noarch
> >> These should be fixed.
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.4.9 (GNU/Linux)
> >> Comment: Using GnuPG with Fedora -
> >> http://enigmail.mozdev.org
> >>
> >>
> iEYEARECAAYFAkk+2DIACgkQrlYvE4MpobN1TwCdF5LmqDAhnTEkvYVDYeahBzAW
> >> ddsAoLmrjp/0XyRA/5kiNLPqDxJ0xega
> >> =euz2
> >> -----END PGP SIGNATURE-----
> >
> > Yes, they are :), thank you very much. Now selinux is
> denying the setroubleshoot daemon from kicking in :(,
> selinux denying itself in some ways. I got new avcs:
> >
> > [olivares at riohigh ~]$ dmesg | grep 'avc'
> > type=1400 audit(1228868792.540:4): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
>
> > type=1400 audit(1228868792.546:5): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
>
> > type=1400 audit(1228868792.569:6): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
>
> > type=1400 audit(1228868792.574:7): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
>
> > type=1400 audit(1228868792.582:8): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
>
> > type=1400 audit(1228868792.600:9): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
>
> > type=1400 audit(1228868792.617:10): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868792.647:11): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868792.653:12): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868792.665:13): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868798.247:59): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868798.259:60): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868798.269:61): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868798.277:62): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868798.283:63): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868798.296:64): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868798.304:65): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868798.309:66): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868798.322:67): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868798.354:68): avc: denied {
> write } for pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> > type=1400 audit(1228868811.296:89): avc: denied {
> read } for pid=2492 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=23265
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
>
> > type=1400 audit(1228868811.414:90): avc: denied {
> read } for pid=2492 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=23265
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
>
> > type=1400 audit(1228868818.290:91): avc: denied {
> read } for pid=2502 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
>
> > type=1400 audit(1228868818.597:92): avc: denied {
> read } for pid=2502 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
>
> > type=1400 audit(1228868932.171:93): avc: denied {
> read } for pid=2502 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
>
> > type=1400 audit(1228868932.997:94): avc: denied {
> read write } for pid=2537 comm="gdm-session-wor"
> name=".xsession-errors" dev=sda5 ino=298
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
>
>
> > type=1400 audit(1228868932.997:95): avc: denied {
> read append } for pid=2537 comm="gdm-session-wor"
> name=".xsession-errors" dev=sda5 ino=298
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
>
>
> > type=1400 audit(1228868978.329:96): avc: denied {
> read } for pid=3281 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
>
> > type=1400 audit(1228868978.569:97): avc: denied {
> read } for pid=3281 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
>
> > type=1400 audit(1228868986.153:98): avc: denied {
> read } for pid=3281 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> > type=1400 audit(1228868986.899:99): avc: denied {
> read write } for pid=3315 comm="gdm-session-wor"
> name=".xsession-errors" dev=sda5 ino=298
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> > type=1400 audit(1228868986.899:100): avc: denied {
> read append } for pid=3315 comm="gdm-session-wor"
> name=".xsession-errors" dev=sda5 ino=298
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> > type=1400 audit(1228868986.901:101): avc: denied {
> read } for pid=3315 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> > type=1400 audit(1228868986.906:102): avc: denied {
> unlink } for pid=3315 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> > [olivares at riohigh ~]$ rpm -qa selinux-policy
> > selinux-policy-3.6.1-8.fc11.noarch
> >
> >
> > Thanks,
> >
> > Antonio
> >
> >
> >
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> >
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> restorecon -R -v ~/
>
I'll try that. Thanks :)
> Also did you edit some files in
> /usr/share/setroubleshoot/plugins directory?
No, I have not messed with anything manually.
>
> pychecker /usr/share/setroubleshoot/plugins/*.py
>
> Should fix
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> http://enigmail.mozdev.org
>
> iEYEARECAAYFAkk/708ACgkQrlYvE4MpobPPJACeKiH91oxxXywvIiHKvad0qSnM
> U0kAoNpMW3+vCD8lInhtdvAwtgn+nuk5
> =/cQM
> -----END PGP SIGNATURE-----
Will report back. Thank you for advising.
Regards,
Antonio
More information about the fedora-test-list
mailing list