Login
Log in using an SSO provider:
Fedora Account System
Red Hat Associate
Red Hat Customer
Login using a Red Hat Bugzilla account
Forgot Password
Create an Account
Red Hat Bugzilla – Attachment 121370 Details for
Bug 172496
(selinux) AVCs with targeted policy on clean system (some pam_abl related)
Home
New
Search
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh92 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
[?]
This site requires JavaScript to be enabled to function correctly, please enable it.
Relevant parts from audit.log
audit.txt (text/plain), 5.70 KB, created by
Robert Scheck
on 2005-11-22 20:26:53 UTC
(
hide
)
Description:
Relevant parts from audit.log
Filename:
MIME Type:
Creator:
Robert Scheck
Created:
2005-11-22 20:26:53 UTC
Size:
5.70 KB
patch
obsolete
>Switching from non-root user to root using "su" (with pam_abl): > >type=AVC msg=audit(1132683423.493:2401): avc: denied { read } for pid=21371 comm="su" name="mtab" dev=cciss/c0d0p2 ino=262191 scontext=user_u:system_r:sysadm_su_t:s0-s0:c0.c255 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file >type=SYSCALL msg=audit(1132683423.493:2401): arch=40000003 syscall=5 success=yes exit=3 a0=d236e1 a1=0 a2=1b6 a3=8b805e8 items=1 pid=21371 auid=500 uid=500 gid=100 euid=0 suid=0 fsuid=0 egid=100 sgid=100 fsgid=100 comm="su" exe="/bin/su" >type=CWD msg=audit(1132683423.493:2401): cwd="/home/robert" >type=PATH msg=audit(1132683423.493:2401): item=0 name="/etc/mtab" flags=101 inode=262191 dev=68:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 >type=AVC msg=audit(1132683423.493:2402): avc: denied { getattr } for pid=21371 comm="su" name="mtab" dev=cciss/c0d0p2 ino=262191 scontext=user_u:system_r:sysadm_su_t:s0-s0:c0.c255 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file >type=SYSCALL msg=audit(1132683423.493:2402): arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfc833ac a2=d2fff4 a3=3 items=0 pid=21371 auid=500 uid=500 gid=100 euid=0 suid=0 fsuid=0 egid=100 sgid=100 fsgid=100 comm="su" exe="/bin/su" >type=AVC_PATH msg=audit(1132683423.493:2402): path="/etc/mtab" >type=AVC msg=audit(1132683423.497:2403): avc: denied { getattr } for pid=21371 comm="su" name="tmp" dev=cciss/c0d0p2 ino=344065 scontext=user_u:system_r:sysadm_su_t:s0-s0:c0.c255 tcontext=system_u:object_r:tmp_t:s0 tclass=dir >type=SYSCALL msg=audit(1132683423.497:2403): arch=40000003 syscall=195 success=yes exit=0 a0=5cd07b a1=bfc8578c a2=d2fff4 a3=64 items=1 pid=21371 auid=500 uid=500 gid=100 euid=0 suid=0 fsuid=0 egid=100 sgid=100 fsgid=100 comm="su" exe="/bin/su" >type=AVC_PATH msg=audit(1132683423.497:2403): path="/var/tmp" >type=CWD msg=audit(1132683423.497:2403): cwd="/home/robert" >type=PATH msg=audit(1132683423.497:2403): item=0 name="/var/tmp" flags=1 inode=344065 dev=68:02 mode=041777 ouid=0 ogid=0 rdev=00:00 > > >Sending a mail where saslauthd is involved (with pam_abl): > >type=AVC msg=audit(1132683690.873:2410): avc: denied { read } for pid=2318 comm="saslauthd" name="mtab" dev=cciss/c0d0p2 ino=262191 scontext=system_u:system_r:saslauthd_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file >type=SYSCALL msg=audit(1132683690.873:2410): arch=40000003 syscall=5 success=yes exit=8 a0=2506e1 a1=0 a2=1b6 a3=9235f10 items=1 pid=2318 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="saslauthd" exe="/usr/sbin/saslauthd" >type=CWD msg=audit(1132683690.873:2410): cwd="/var/run/saslauthd" >type=PATH msg=audit(1132683690.873:2410): item=0 name="/etc/mtab" flags=101 inode=262191 dev=68:02 mode=0100644 ouid=0 ogid=0 rdev=00:00 >type=AVC msg=audit(1132683690.873:2411): avc: denied { getattr } for pid=2318 comm="saslauthd" name="mtab" dev=cciss/c0d0p2 ino=262191 scontext=system_u:system_r:saslauthd_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file >type=SYSCALL msg=audit(1132683690.873:2411): arch=40000003 syscall=197 success=yes exit=0 a0=8 a1=bff116bc a2=25cff4 a3=8 items=0 pid=2318 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="saslauthd" exe="/usr/sbin/saslauthd" >type=AVC_PATH msg=audit(1132683690.873:2411): path="/etc/mtab" >type=AVC msg=audit(1132683690.873:2412): avc: denied { search } for pid=2318 comm="saslauthd" name="abl" dev=cciss/c0d0p2 ino=262697 scontext=system_u:system_r:saslauthd_t:s0 tcontext=system_u:object_r:var_auth_t:s0 tclass=dir >type=AVC msg=audit(1132683690.873:2412): avc: denied { getattr } for pid=2318 comm="saslauthd" name="users.db" dev=cciss/c0d0p2 ino=262775 scontext=system_u:system_r:saslauthd_t:s0 tcontext=system_u:object_r:var_auth_t:s0 tclass=file >type=SYSCALL msg=audit(1132683690.873:2412): arch=40000003 syscall=195 success=yes exit=0 a0=9235fe8 a1=bff13a5c a2=25cff4 a3=64 items=1 pid=2318 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="saslauthd" exe="/usr/sbin/saslauthd" >type=AVC_PATH msg=audit(1132683690.873:2412): path="/var/lib/abl/users.db" >type=CWD msg=audit(1132683690.873:2412): cwd="/var/run/saslauthd" >type=PATH msg=audit(1132683690.873:2412): item=0 name="/var/lib/abl/users.db" flags=1 inode=262775 dev=68:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 >type=AVC msg=audit(1132683690.877:2413): avc: denied { read write } for pid=2318 comm="saslauthd" name="users.db" dev=cciss/c0d0p2 ino=262775 scontext=system_u:system_r:saslauthd_t:s0 tcontext=system_u:object_r:var_auth_t:s0 tclass=file >type=SYSCALL msg=audit(1132683690.877:2413): arch=40000003 syscall=5 success=yes exit=8 a0=9235fe8 a1=8002 a2=0 a3=8002 items=1 pid=2318 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="saslauthd" exe="/usr/sbin/saslauthd" >type=CWD msg=audit(1132683690.877:2413): cwd="/var/run/saslauthd" >type=PATH msg=audit(1132683690.877:2413): item=0 name="/var/lib/abl/users.db" flags=101 inode=262775 dev=68:02 mode=0100600 ouid=0 ogid=0 rdev=00:00 >type=AVC msg=audit(1132683690.881:2414): avc: denied { getattr } for pid=2318 comm="saslauthd" name="tmp" dev=cciss/c0d0p2 ino=344065 scontext=system_u:system_r:saslauthd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir >type=SYSCALL msg=audit(1132683690.881:2414): arch=40000003 syscall=195 success=yes exit=0 a0=36007b a1=bff13a9c a2=25cff4 a3=64 items=1 pid=2318 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="saslauthd" exe="/usr/sbin/saslauthd" >type=AVC_PATH msg=audit(1132683690.881:2414): path="/var/tmp" >type=CWD msg=audit(1132683690.881:2414): cwd="/var/run/saslauthd" >type=PATH msg=audit(1132683690.881:2414): item=0 name="/var/tmp" flags=1 inode=344065 dev=68:02 mode=041777 ouid=0 ogid=0 rdev=00:00
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=121370">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 172496
:
120753
|
120999
|
121369
| 121370 |
121612
|
121815