Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 156037 Details for
Bug 242384
many selinux policy errors
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
policy errors
selinux_alert.txt (text/plain), 43.86 KB, created by
Alvin Thompson
on 2007-06-03 21:39:54 UTC
(
hide
)
Description:
policy errors
Filename:
MIME Type:
Creator:
Alvin Thompson
Created:
2007-06-03 21:39:54 UTC
Size:
43.86 KB
patch
obsolete
>Summary > SELinux is preventing /usr/sbin/prelink (prelink_t) "read" on starfighter > (usr_t). > >Detailed Description > SELinux denied prelink read on starfighter. The prelink program is only > allowed to manipulate files that are identified as executables or shared > librares by SELinux. Libraries that get placed in lib directories get > labeled by default as a shared library. Similarly executables that get > placed in a bin or sbin directory get labeled as executables by SELinux. > However, if these files get installed in other directories they might not > get the correct label. If prelink is trying to manipulate a file that is > not a binary or share library this may indicate an intrusion attack. > >Allowing Access > You can alter the file context by executing chcon -t bin_t starfighter or > chcon -t lib_t starfighter if it is a shared library. If you want to make > these changes permanant you must execute the semanage command. semanage > fcontext -a -t bin_t starfighter or semanage fcontext -a -t shlib_t > starfighter. If you feel this executable/shared library is in the wrong > location please file a bug against the package that includes the file, if > you feel that SELinux should know about this file and label it correctly > please file a bug against > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi. > >Additional Information > >Source Context system_u:system_r:prelink_t >Target Context system_u:object_r:usr_t >Target Objects starfighter [ file ] >Affected RPM Packages prelink-0.3.10-1 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.prelink_mislabled >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 12:19:49 AM EDT >Last Seen Sun 03 Jun 2007 12:19:49 AM EDT >Local ID 68909bf6-c433-41af-a9e4-d4c337e92047 >Line Numbers > >Raw Audit Messages > >avc: denied { read } for comm="prelink" dev=sda1 egid=0 euid=0 >exe="/usr/sbin/prelink" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 >name="starfighter" pid=24557 scontext=system_u:system_r:prelink_t:s0 sgid=0 >subj=system_u:system_r:prelink_t:s0 suid=0 tclass=file >tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context user_u:system_r:cyrus_t >Target Context system_u:object_r:default_t >Target Objects root [ dir ] >Affected RPM Packages cyrus-imapd-2.3.8-3.fc7 > [application]filesystem-2.4.6-1.fc7 [target] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.default >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 14 >First Seen Sun 03 Jun 2007 03:17:36 AM EDT >Last Seen Sun 03 Jun 2007 03:17:36 AM EDT >Local ID 90176df5-33ac-4ec5-87f2-87287c13c0d1 >Line Numbers > >Raw Audit Messages > >avc: denied { search } for comm="cyrus-master" dev=sda1 egid=0 euid=0 >exe="/usr/lib/cyrus-imapd/cyrus-master" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 >name="root" pid=10990 scontext=user_u:system_r:cyrus_t:s0 sgid=0 >subj=user_u:system_r:cyrus_t:s0 suid=0 tclass=dir >tcontext=system_u:object_r:default_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/saslauthd (saslauthd_t) "create" to > <Unknown> (saslauthd_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/saslauthd. It is not expected > that this access is required by /usr/sbin/saslauthd and this access may > signal an intrusion attempt. It is also possible that the specific version > or configuration of the application is causing it to require additional > access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:saslauthd_t >Target Context system_u:system_r:saslauthd_t >Target Objects None [ netlink_audit_socket ] >Affected RPM Packages cyrus-sasl-2.1.22-6 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.catchall >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 2 >First Seen Sun 03 Jun 2007 03:53:33 AM EDT >Last Seen Sun 03 Jun 2007 03:53:33 AM EDT >Local ID 5bcc69ed-ac06-49cb-a630-9c438236511c >Line Numbers > >Raw Audit Messages > >avc: denied { create } for comm="saslauthd" egid=0 euid=0 >exe="/usr/sbin/saslauthd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=2867 >scontext=system_u:system_r:saslauthd_t:s0 sgid=0 >subj=system_u:system_r:saslauthd_t:s0 suid=0 tclass=netlink_audit_socket >tcontext=system_u:system_r:saslauthd_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/saslauthd (saslauthd_t) "write" to <Unknown> > (saslauthd_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/saslauthd. It is not expected > that this access is required by /usr/sbin/saslauthd and this access may > signal an intrusion attempt. It is also possible that the specific version > or configuration of the application is causing it to require additional > access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:saslauthd_t >Target Context system_u:system_r:saslauthd_t >Target Objects None [ netlink_audit_socket ] >Affected RPM Packages cyrus-sasl-2.1.22-6 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.catchall >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 04:02:53 AM EDT >Last Seen Sun 03 Jun 2007 04:02:53 AM EDT >Local ID c9f62c29-6892-422f-b683-8c163ab8a4ea >Line Numbers > >Raw Audit Messages > >avc: denied { write } for comm="saslauthd" egid=0 euid=0 >exe="/usr/sbin/saslauthd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=2868 >scontext=system_u:system_r:saslauthd_t:s0 sgid=0 >subj=system_u:system_r:saslauthd_t:s0 suid=0 tclass=netlink_audit_socket >tcontext=system_u:system_r:saslauthd_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/saslauthd (saslauthd_t) "nlmsg_relay" to > <Unknown> (saslauthd_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/saslauthd. It is not expected > that this access is required by /usr/sbin/saslauthd and this access may > signal an intrusion attempt. It is also possible that the specific version > or configuration of the application is causing it to require additional > access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:saslauthd_t >Target Context system_u:system_r:saslauthd_t >Target Objects None [ netlink_audit_socket ] >Affected RPM Packages cyrus-sasl-2.1.22-6 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.catchall >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 04:11:26 AM EDT >Last Seen Sun 03 Jun 2007 04:11:26 AM EDT >Local ID 13ef41cc-f190-4f30-ad80-a80eb9017d3a >Line Numbers > >Raw Audit Messages > >avc: denied { nlmsg_relay } for comm="saslauthd" egid=0 euid=0 >exe="/usr/sbin/saslauthd" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 pid=2869 >scontext=system_u:system_r:saslauthd_t:s0 sgid=0 >subj=system_u:system_r:saslauthd_t:s0 suid=0 tclass=netlink_audit_socket >tcontext=system_u:system_r:saslauthd_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/saslauthd (saslauthd_t) "audit_write" to > <Unknown> (saslauthd_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/saslauthd. It is not expected > that this access is required by /usr/sbin/saslauthd and this access may > signal an intrusion attempt. It is also possible that the specific version > or configuration of the application is causing it to require additional > access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:saslauthd_t >Target Context system_u:system_r:saslauthd_t >Target Objects None [ capability ] >Affected RPM Packages cyrus-sasl-2.1.22-6 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 3 >First Seen Sun 03 Jun 2007 04:17:23 AM EDT >Last Seen Sun 03 Jun 2007 05:34:19 PM EDT >Local ID 3ea8d658-08a8-43e0-9b52-26ee060fb801 >Line Numbers > >Raw Audit Messages > >avc: denied { audit_write } for comm="saslauthd" egid=0 euid=0 >exe="/usr/sbin/saslauthd" exit=120 fsgid=0 fsuid=0 gid=0 items=0 pid=2762 >scontext=system_u:system_r:saslauthd_t:s0 sgid=0 >subj=system_u:system_r:saslauthd_t:s0 suid=0 tclass=capability >tcontext=system_u:system_r:saslauthd_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/saslauthd (saslauthd_t) "read" to <Unknown> > (saslauthd_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/saslauthd. It is not expected > that this access is required by /usr/sbin/saslauthd and this access may > signal an intrusion attempt. It is also possible that the specific version > or configuration of the application is causing it to require additional > access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:saslauthd_t >Target Context system_u:system_r:saslauthd_t >Target Objects None [ netlink_audit_socket ] >Affected RPM Packages cyrus-sasl-2.1.22-6 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 2 >First Seen Sun 03 Jun 2007 04:17:23 AM EDT >Last Seen Sun 03 Jun 2007 05:34:19 PM EDT >Local ID 00ba15f3-f2d1-4447-9e7a-e3eaa2b7914e >Line Numbers > >Raw Audit Messages > >avc: denied { read } for comm="saslauthd" egid=0 euid=0 >exe="/usr/sbin/saslauthd" exit=36 fsgid=0 fsuid=0 gid=0 items=0 pid=2762 >scontext=system_u:system_r:saslauthd_t:s0 sgid=0 >subj=system_u:system_r:saslauthd_t:s0 suid=0 tclass=netlink_audit_socket >tcontext=system_u:system_r:saslauthd_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/prelink (prelink_t) "read" on starfighter > (usr_t). > >Detailed Description > SELinux denied prelink read on starfighter. The prelink program is only > allowed to manipulate files that are identified as executables or shared > librares by SELinux. Libraries that get placed in lib directories get > labeled by default as a shared library. Similarly executables that get > placed in a bin or sbin directory get labeled as executables by SELinux. > However, if these files get installed in other directories they might not > get the correct label. If prelink is trying to manipulate a file that is > not a binary or share library this may indicate an intrusion attack. > >Allowing Access > You can alter the file context by executing chcon -t bin_t starfighter or > chcon -t lib_t starfighter if it is a shared library. If you want to make > these changes permanant you must execute the semanage command. semanage > fcontext -a -t bin_t starfighter or semanage fcontext -a -t shlib_t > starfighter. If you feel this executable/shared library is in the wrong > location please file a bug against the package that includes the file, if > you feel that SELinux should know about this file and label it correctly > please file a bug against > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi. > >Additional Information > >Source Context user_u:system_r:prelink_t >Target Context system_u:object_r:usr_t >Target Objects starfighter [ file ] >Affected RPM Packages prelink-0.3.10-1 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.prelink_mislabled >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 04:46:02 AM EDT >Last Seen Sun 03 Jun 2007 04:46:02 AM EDT >Local ID 3b68e846-3d4e-4ebc-be56-0ef82f77bd56 >Line Numbers > >Raw Audit Messages > >avc: denied { read } for comm="prelink" dev=sda1 egid=0 euid=0 >exe="/usr/sbin/prelink" exit=5 fsgid=0 fsuid=0 gid=0 items=0 name="starfighter" >pid=18901 scontext=user_u:system_r:prelink_t:s0 sgid=0 >subj=user_u:system_r:prelink_t:s0 suid=0 tclass=file >tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /lib64/ld-2.6.so (prelink_t) "execute" to > /usr/games/starfighter (usr_t). > >Detailed Description > SELinux denied access requested by /lib64/ld-2.6.so. It is not expected that > this access is required by /lib64/ld-2.6.so and this access may signal an > intrusion attempt. It is also possible that the specific version or > configuration of the application is causing it to require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /usr/games/starfighter, > restorecon -v /usr/games/starfighter If this does not work, there is > currently no automatic way to allow this access. Instead, you can generate > a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context user_u:system_r:prelink_t >Target Context system_u:object_r:usr_t >Target Objects /usr/games/starfighter [ file ] >Affected RPM Packages glibc-2.6-3 [application]starfighter-1.1-8.fc6 > [target] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 04:46:02 AM EDT >Last Seen Sun 03 Jun 2007 04:46:02 AM EDT >Local ID 8e863643-7ce5-431a-85ef-b7a7e0cb432b >Line Numbers > >Raw Audit Messages > >avc: denied { execute } for comm="ld-linux-x86-64" dev=sda1 egid=0 euid=0 >exe="/lib64/ld-2.6.so" exit=4194304 fsgid=0 fsuid=0 gid=0 items=0 >name="starfighter" path="/usr/games/starfighter" pid=18952 >scontext=user_u:system_r:prelink_t:s0 sgid=0 subj=user_u:system_r:prelink_t:s0 >suid=0 tclass=file tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/prelink (prelink_t) "create" on > starfighter.#prelink#.CL6fVK (usr_t). > >Detailed Description > SELinux denied prelink create on starfighter.#prelink#.CL6fVK. The prelink > program is only allowed to manipulate files that are identified as > executables or shared librares by SELinux. Libraries that get placed in lib > directories get labeled by default as a shared library. Similarly > executables that get placed in a bin or sbin directory get labeled as > executables by SELinux. However, if these files get installed in other > directories they might not get the correct label. If prelink is trying to > manipulate a file that is not a binary or share library this may indicate an > intrusion attack. > >Allowing Access > You can alter the file context by executing chcon -t bin_t > starfighter.#prelink#.CL6fVK or chcon -t lib_t starfighter.#prelink#.CL6fVK > if it is a shared library. If you want to make these changes permanant you > must execute the semanage command. semanage fcontext -a -t bin_t > starfighter.#prelink#.CL6fVK or semanage fcontext -a -t shlib_t > starfighter.#prelink#.CL6fVK. If you feel this executable/shared library is > in the wrong location please file a bug against the package that includes > the file, if you feel that SELinux should know about this file and label it > correctly please file a bug against > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi. > >Additional Information > >Source Context user_u:system_r:prelink_t >Target Context user_u:object_r:usr_t >Target Objects starfighter.#prelink#.CL6fVK [ file ] >Affected RPM Packages prelink-0.3.10-1 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.prelink_mislabled >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 04:46:14 AM EDT >Last Seen Sun 03 Jun 2007 04:46:14 AM EDT >Local ID fe291118-2b69-4201-acfb-d0f35e3a3be5 >Line Numbers > >Raw Audit Messages > >avc: denied { create } for comm="prelink" egid=0 euid=0 exe="/usr/sbin/prelink" >exit=4 fsgid=0 fsuid=0 gid=0 items=0 name="starfighter.#prelink#.CL6fVK" >pid=18901 scontext=user_u:system_r:prelink_t:s0 sgid=0 >subj=user_u:system_r:prelink_t:s0 suid=0 tclass=file >tcontext=user_u:object_r:usr_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/prelink (prelink_t) "write" on > starfighter.#prelink#.CL6fVK (usr_t). > >Detailed Description > SELinux denied prelink write on starfighter.#prelink#.CL6fVK. The prelink > program is only allowed to manipulate files that are identified as > executables or shared librares by SELinux. Libraries that get placed in lib > directories get labeled by default as a shared library. Similarly > executables that get placed in a bin or sbin directory get labeled as > executables by SELinux. However, if these files get installed in other > directories they might not get the correct label. If prelink is trying to > manipulate a file that is not a binary or share library this may indicate an > intrusion attack. > >Allowing Access > You can alter the file context by executing chcon -t bin_t > starfighter.#prelink#.CL6fVK or chcon -t lib_t starfighter.#prelink#.CL6fVK > if it is a shared library. If you want to make these changes permanant you > must execute the semanage command. semanage fcontext -a -t bin_t > starfighter.#prelink#.CL6fVK or semanage fcontext -a -t shlib_t > starfighter.#prelink#.CL6fVK. If you feel this executable/shared library is > in the wrong location please file a bug against the package that includes > the file, if you feel that SELinux should know about this file and label it > correctly please file a bug against > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi. > >Additional Information > >Source Context user_u:system_r:prelink_t >Target Context user_u:object_r:usr_t >Target Objects starfighter.#prelink#.CL6fVK [ file ] >Affected RPM Packages prelink-0.3.10-1 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.prelink_mislabled >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 04:46:14 AM EDT >Last Seen Sun 03 Jun 2007 04:46:14 AM EDT >Local ID 108e2eeb-13b9-46f8-a88c-c3eca6db0d6f >Line Numbers > >Raw Audit Messages > >avc: denied { write } for comm="prelink" dev=sda1 egid=0 euid=0 >exe="/usr/sbin/prelink" exit=0 fsgid=0 fsuid=0 gid=0 items=0 >name="starfighter.#prelink#.CL6fVK" pid=18901 >scontext=user_u:system_r:prelink_t:s0 sgid=0 subj=user_u:system_r:prelink_t:s0 >suid=0 tclass=file tcontext=user_u:object_r:usr_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/prelink (prelink_t) "setattr" on > starfighter.#prelink#.CL6fVK (usr_t). > >Detailed Description > SELinux denied prelink setattr on starfighter.#prelink#.CL6fVK. The prelink > program is only allowed to manipulate files that are identified as > executables or shared librares by SELinux. Libraries that get placed in lib > directories get labeled by default as a shared library. Similarly > executables that get placed in a bin or sbin directory get labeled as > executables by SELinux. However, if these files get installed in other > directories they might not get the correct label. If prelink is trying to > manipulate a file that is not a binary or share library this may indicate an > intrusion attack. > >Allowing Access > You can alter the file context by executing chcon -t bin_t > starfighter.#prelink#.CL6fVK or chcon -t lib_t starfighter.#prelink#.CL6fVK > if it is a shared library. If you want to make these changes permanant you > must execute the semanage command. semanage fcontext -a -t bin_t > starfighter.#prelink#.CL6fVK or semanage fcontext -a -t shlib_t > starfighter.#prelink#.CL6fVK. If you feel this executable/shared library is > in the wrong location please file a bug against the package that includes > the file, if you feel that SELinux should know about this file and label it > correctly please file a bug against > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi. > >Additional Information > >Source Context user_u:system_r:prelink_t >Target Context user_u:object_r:usr_t >Target Objects starfighter.#prelink#.CL6fVK [ file ] >Affected RPM Packages prelink-0.3.10-1 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.prelink_mislabled >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 04:46:14 AM EDT >Last Seen Sun 03 Jun 2007 04:46:14 AM EDT >Local ID 87079709-4401-4082-956d-83c5b5b3cb71 >Line Numbers > >Raw Audit Messages > >avc: denied { setattr } for comm="prelink" dev=sda1 egid=0 euid=0 >exe="/usr/sbin/prelink" exit=0 fsgid=0 fsuid=0 gid=0 items=0 >name="starfighter.#prelink#.CL6fVK" pid=18901 >scontext=user_u:system_r:prelink_t:s0 sgid=0 subj=user_u:system_r:prelink_t:s0 >suid=0 tclass=file tcontext=user_u:object_r:usr_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/prelink (prelink_t) "relabelto" to > starfighter.#prelink#.CL6fVK (usr_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/prelink. It is not expected > that this access is required by /usr/sbin/prelink and this access may signal > an intrusion attempt. It is also possible that the specific version or > configuration of the application is causing it to require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for starfighter.#prelink#.CL6fVK, > restorecon -v starfighter.#prelink#.CL6fVK If this does not work, there is > currently no automatic way to allow this access. Instead, you can generate > a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context user_u:system_r:prelink_t >Target Context system_u:object_r:usr_t >Target Objects starfighter.#prelink#.CL6fVK [ file ] >Affected RPM Packages prelink-0.3.10-1 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 04:46:14 AM EDT >Last Seen Sun 03 Jun 2007 04:46:14 AM EDT >Local ID c634b04f-6654-49fa-8ee9-87906562cc2e >Line Numbers > >Raw Audit Messages > >avc: denied { relabelto } for comm="prelink" dev=sda1 egid=0 euid=0 >exe="/usr/sbin/prelink" exit=0 fsgid=0 fsuid=0 gid=0 items=0 >name="starfighter.#prelink#.CL6fVK" pid=18901 >scontext=user_u:system_r:prelink_t:s0 sgid=0 subj=user_u:system_r:prelink_t:s0 >suid=0 tclass=file tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/prelink (prelink_t) "unlink" on starfighter > (usr_t). > >Detailed Description > SELinux denied prelink unlink on starfighter. The prelink program is only > allowed to manipulate files that are identified as executables or shared > librares by SELinux. Libraries that get placed in lib directories get > labeled by default as a shared library. Similarly executables that get > placed in a bin or sbin directory get labeled as executables by SELinux. > However, if these files get installed in other directories they might not > get the correct label. If prelink is trying to manipulate a file that is > not a binary or share library this may indicate an intrusion attack. > >Allowing Access > You can alter the file context by executing chcon -t bin_t starfighter or > chcon -t lib_t starfighter if it is a shared library. If you want to make > these changes permanant you must execute the semanage command. semanage > fcontext -a -t bin_t starfighter or semanage fcontext -a -t shlib_t > starfighter. If you feel this executable/shared library is in the wrong > location please file a bug against the package that includes the file, if > you feel that SELinux should know about this file and label it correctly > please file a bug against > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi. > >Additional Information > >Source Context user_u:system_r:prelink_t >Target Context system_u:object_r:usr_t >Target Objects starfighter [ file ] >Affected RPM Packages prelink-0.3.10-1 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.prelink_mislabled >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 04:46:14 AM EDT >Last Seen Sun 03 Jun 2007 04:46:14 AM EDT >Local ID cd15f2c4-5019-4232-b354-a07327266a85 >Line Numbers > >Raw Audit Messages > >avc: denied { unlink } for comm="prelink" dev=sda1 egid=0 euid=0 >exe="/usr/sbin/prelink" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="starfighter" >pid=18901 scontext=user_u:system_r:prelink_t:s0 sgid=0 >subj=user_u:system_r:prelink_t:s0 suid=0 tclass=file >tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) > "create" to <Unknown> (dovecot_auth_t). > >Detailed Description > SELinux denied access requested by /usr/libexec/dovecot/dovecot-auth. It is > not expected that this access is required by /usr/libexec/dovecot/dovecot- > auth and this access may signal an intrusion attempt. It is also possible > that the specific version or configuration of the application is causing it > to require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:dovecot_auth_t >Target Context system_u:system_r:dovecot_auth_t >Target Objects None [ netlink_audit_socket ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 3 >First Seen Sun 03 Jun 2007 03:19:47 PM EDT >Last Seen Sun 03 Jun 2007 05:19:00 PM EDT >Local ID 9ae306ac-0060-4166-9779-01ecdc005550 >Line Numbers > >Raw Audit Messages > >avc: denied { create } for comm="dovecot-auth" egid=0 euid=0 >exe="/usr/libexec/dovecot/dovecot-auth" exit=11 fsgid=0 fsuid=0 gid=0 items=0 >pid=5118 scontext=system_u:system_r:dovecot_auth_t:s0 sgid=0 >subj=system_u:system_r:dovecot_auth_t:s0 suid=0 tclass=netlink_audit_socket >tcontext=system_u:system_r:dovecot_auth_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) > "audit_write" to <Unknown> (dovecot_auth_t). > >Detailed Description > SELinux denied access requested by /usr/libexec/dovecot/dovecot-auth. It is > not expected that this access is required by /usr/libexec/dovecot/dovecot- > auth and this access may signal an intrusion attempt. It is also possible > that the specific version or configuration of the application is causing it > to require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:dovecot_auth_t >Target Context system_u:system_r:dovecot_auth_t >Target Objects None [ capability ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 2 >First Seen Sun 03 Jun 2007 03:19:47 PM EDT >Last Seen Sun 03 Jun 2007 05:19:00 PM EDT >Local ID bf0b6cb7-a856-472f-91c5-1a978f29e111 >Line Numbers > >Raw Audit Messages > >avc: denied { audit_write } for comm="dovecot-auth" egid=0 euid=0 >exe="/usr/libexec/dovecot/dovecot-auth" exit=180 fsgid=0 fsuid=0 gid=0 items=0 >pid=5118 scontext=system_u:system_r:dovecot_auth_t:s0 sgid=0 >subj=system_u:system_r:dovecot_auth_t:s0 suid=0 tclass=capability >tcontext=system_u:system_r:dovecot_auth_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) > "read" to <Unknown> (dovecot_auth_t). > >Detailed Description > SELinux denied access requested by /usr/libexec/dovecot/dovecot-auth. It is > not expected that this access is required by /usr/libexec/dovecot/dovecot- > auth and this access may signal an intrusion attempt. It is also possible > that the specific version or configuration of the application is causing it > to require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:dovecot_auth_t >Target Context system_u:system_r:dovecot_auth_t >Target Objects None [ netlink_audit_socket ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 3 >First Seen Sun 03 Jun 2007 03:19:47 PM EDT >Last Seen Sun 03 Jun 2007 05:19:00 PM EDT >Local ID cc3f6c18-5843-43a3-8ca6-a218f68c0337 >Line Numbers > >Raw Audit Messages > >avc: denied { read } for comm="dovecot-auth" egid=0 euid=0 >exe="/usr/libexec/dovecot/dovecot-auth" exit=36 fsgid=0 fsuid=0 gid=0 items=0 >pid=5118 scontext=system_u:system_r:dovecot_auth_t:s0 sgid=0 >subj=system_u:system_r:dovecot_auth_t:s0 suid=0 tclass=netlink_audit_socket >tcontext=system_u:system_r:dovecot_auth_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/sbin/postdrop (postfix_postdrop_t) "getattr" to > pipe:[43172] (fsdaemon_t). > >Detailed Description > SELinux denied access requested by /usr/sbin/postdrop. It is not expected > that this access is required by /usr/sbin/postdrop and this access may > signal an intrusion attempt. It is also possible that the specific version > or configuration of the application is causing it to require additional > access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:postfix_postdrop_t >Target Context system_u:system_r:fsdaemon_t >Target Objects pipe:[43172] [ fifo_file ] >Affected RPM Packages postfix-2.3.6-1 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 03:32:33 PM EDT >Last Seen Sun 03 Jun 2007 03:32:33 PM EDT >Local ID 901ad9a4-bb7a-4366-8a9d-9154e1df41d9 >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm="postdrop" dev=pipefs egid=90 euid=0 >exe="/usr/sbin/postdrop" exit=0 fsgid=90 fsuid=0 gid=0 items=0 name="[43172]" >path="pipe:[43172]" pid=3869 scontext=system_u:system_r:postfix_postdrop_t:s0 >sgid=90 subj=system_u:system_r:postfix_postdrop_t:s0 suid=0 tclass=fifo_file >tcontext=system_u:system_r:fsdaemon_t:s0 tty=(none) uid=0 > > >Summary > SELinux is preventing /usr/libexec/dovecot/dovecot-auth (dovecot_auth_t) > "nlmsg_relay" to <Unknown> (dovecot_auth_t). > >Detailed Description > SELinux denied access requested by /usr/libexec/dovecot/dovecot-auth. It is > not expected that this access is required by /usr/libexec/dovecot/dovecot- > auth and this access may signal an intrusion attempt. It is also possible > that the specific version or configuration of the application is causing it > to require additional access. > >Allowing Access > You can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:dovecot_auth_t >Target Context system_u:system_r:dovecot_auth_t >Target Objects None [ netlink_audit_socket ] >Affected RPM Packages dovecot-1.0.0-11.fc7 [application] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall >Host Name io >Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 > 22:47:07 EDT 2007 x86_64 x86_64 >Alert Count 1 >First Seen Sun 03 Jun 2007 03:51:27 PM EDT >Last Seen Sun 03 Jun 2007 03:51:27 PM EDT >Local ID 2482ca26-0542-4f1c-a06d-1d1b1c6d3bed >Line Numbers > >Raw Audit Messages > >avc: denied { nlmsg_relay } for comm="dovecot-auth" egid=0 euid=0 >exe="/usr/libexec/dovecot/dovecot-auth" exit=180 fsgid=0 fsuid=0 gid=0 items=0 >pid=4211 scontext=system_u:system_r:dovecot_auth_t:s0 sgid=0 >subj=system_u:system_r:dovecot_auth_t:s0 suid=0 tclass=netlink_audit_socket >tcontext=system_u:system_r:dovecot_auth_t:s0 tty=(none) uid=0 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 242384
: 156037