Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 293211 Details for
Bug 430421
setroubleshoot - audit_listener_database.xml:3029: parser error in xmlParseDoc()
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
audit_listener_database.xml
audit_listener_database_bug430421.xml (text/plain), 85.50 KB, created by
Andrew Farris
on 2008-01-28 22:17:19 UTC
(
hide
)
Description:
audit_listener_database.xml
Filename:
MIME Type:
Creator:
Andrew Farris
Created:
2008-01-28 22:17:19 UTC
Size:
85.50 KB
patch
obsolete
><?xml version="1.0" encoding="utf-8"?> ><sigs version="2.0"> > <signature_list> > <siginfo> > <analysis_id>allow_execstack</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="344" seconds="1201512990" serial="89"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { execstack } for pid=6010 comm="gnome-screensav" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process</body_text> > <event_id host="cirithungol" milli="344" seconds="1201512990" serial="89"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=125 success=yes exit=0 a0=bff30000 a1=1000 a2=1000007 a3=fffff000 items=0 ppid=2993 pid=6010 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="cirithungol" milli="344" seconds="1201512990" serial="89"/> > </audit_record> > </records> > </audit_event> > <category>Memory</category> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T06:41:36Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T09:36:30Z</last_seen_date> > <local_id>a17416c0-8543-45b9-93e9-cc834af042ab</local_id> > <report_count>3</report_count> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_t" user="unconfined_u"/> > <sig version="3.0"> > <access> > <operation>execstack</operation> > </access> > <analysis_id>allow_execstack</analysis_id> > <host>cirithungol</host> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_t" user="unconfined_u"/> > <tclass>process</tclass> > <tcontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_t" user="unconfined_u"/> > </sig> > <solution version="1.0"> > <fix_cmd>chcon -t unconfined_execmem_exec_t gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper)</fix_cmd> > <fix_description><![CDATA[ > Sometimes a library is accidentally marked with the execstack flag, > if you find a library with this flag you can clear it with the > execstack -c LIBRARY_PATH. Then retry your application. If the > app continues to not work, you can turn the flag back on with > execstack -s LIBRARY_PATH. Otherwise, if you trust gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper) to > run correctly, you can change the context of the executable to > unconfined_execmem_exec_t. "chcon -t unconfined_execmem_exec_t > gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper)" > You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t unconfined_execmem_exec_t gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper)" > > ]]></fix_description> > <problem_description><![CDATA[ > The gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper) application attempted to make its stack > executable. This is a potential security problem. This should > never ever be necessary. Stack memory is not executable on most > OSes these days and this will not change. Executable stack memory > is one of the biggest security problems. An execstack error might > in fact be most likely raised by malicious code. Applications are > sometimes coded incorrectly and request this permission. The > <a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a> > web page explains how to remove this requirement. If gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper) does not > work and you need it to work, you can configure SELinux > temporarily to allow this access until the application is fixed. Please file a <a > href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug > report</a> against this package. > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper) from making the program stack executable. > ]]></summary> > </solution> > <spath>glxinfo(/usr/bin/glxinfo)</spath> > <tclass>process</tclass> > <tcontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_t" user="unconfined_u"/> > <users> > <user delete_flag="False" seen_flag="False" username="lordmorgul"> > <filter> > <count>3</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="10" seconds="1201517431" serial="99"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { getsched } for pid=6450 comm="console-kit-dae" scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=process</body_text> > <event_id host="cirithungol" milli="10" seconds="1201517431" serial="99"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=155 success=yes exit=0 a0=1932 a1=b7fda91c a2=a5aff4 a3=b7fda710 items=0 ppid=6449 pid=6450 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="10" seconds="1201517431" serial="99"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:31Z</last_seen_date> > <local_id>92ba47dd-8b8f-4b06-8ec0-727b7b7fbc33</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>getsched</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>process</tclass> > <tcontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "getsched" to <Unknown> (system_dbusd_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>process</tclass> > <tcontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>0</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="14" seconds="1201517431" serial="100"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { getattr } for pid=6451 comm="console-kit-dae" path="pipe:[25707]" dev=pipefs ino=25707 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=fifo_file</body_text> > <event_id host="cirithungol" milli="14" seconds="1201517431" serial="100"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=197 success=yes exit=0 a0=3 a1=bfde7a8c a2=a0bff4 a3=3 items=0 ppid=6450 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="14" seconds="1201517431" serial="100"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:31Z</last_seen_date> > <local_id>11217106-980e-4ce7-8de2-6bd4cd2ad439</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>getattr</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>fifo_file</tclass> > <tcontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tpath>pipe</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "getattr" to pipe (system_dbusd_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>fifo_file</tclass> > <tcontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tpath>pipe</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="26" seconds="1201517431" serial="101"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { search } for pid=6451 comm="console-kit-dae" name="log" dev=sdb3 ino=346395 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir</body_text> > <event_id host="cirithungol" milli="26" seconds="1201517431" serial="101"/> > </audit_record> > <audit_record record_type="AVC"> > <body_text>avc: denied { search } for pid=6451 comm="console-kit-dae" name="ConsoleKit" dev=sdb3 ino=31814 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir</body_text> > <event_id host="cirithungol" milli="26" seconds="1201517431" serial="101"/> > </audit_record> > <audit_record record_type="AVC"> > <body_text>avc: denied { append } for pid=6451 comm="console-kit-dae" name="history" dev=sdb3 ino=31815 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file</body_text> > <event_id host="cirithungol" milli="26" seconds="1201517431" serial="101"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=5 success=yes exit=10 a0=8d7d3d8 a1=20401 a2=180 a3=8d74078 items=0 ppid=1 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="26" seconds="1201517431" serial="101"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:31Z</last_seen_date> > <local_id>c797e1a0-bb0b-44da-89e0-7aec68fcad5d</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>search</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>dir</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, > <p> > restorecon -v <Unknown> > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "search" to <Unknown> (var_log_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>dir</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="system_u"/> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="41" seconds="1201517431" serial="102"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { setattr } for pid=6451 comm="console-kit-dae" name="history" dev=sdb3 ino=31815 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file</body_text> > <event_id host="cirithungol" milli="41" seconds="1201517431" serial="102"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=207 success=yes exit=0 a0=a a1=0 a2=0 a3=a items=0 ppid=1 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="41" seconds="1201517431" serial="102"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:31Z</last_seen_date> > <local_id>2eeca3f6-8203-4426-825d-08eafc1d092b</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>setattr</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="unconfined_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, > <p> > restorecon -v <Unknown> > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "setattr" to <Unknown> (var_log_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="unconfined_u"/> > </siginfo> > <siginfo> > <analysis_id>allow_daemons_use_tty</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="62" seconds="1201517431" serial="104"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=6451 comm="console-kit-dae" name="tty0" dev=tmpfs ino=237 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file</body_text> > <event_id host="cirithungol" milli="62" seconds="1201517431" serial="104"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=5 success=yes exit=12 a0=80626d6 a1=100 a2=a0d120 a3=ffffffff items=0 ppid=1 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="62" seconds="1201517431" serial="104"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:31Z</last_seen_date> > <local_id>3ab7edc9-4fc2-42f4-8979-856e8d17c2e4</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > </access> > <analysis_id>allow_daemons_use_tty</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>chr_file</tclass> > <tcontext mls="s0" role="object_r" type="tty_device_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd>setsebool -P allow_daemons_use_tty=1</fix_cmd> > <fix_description><![CDATA[ > Changing the "allow_daemons_use_tty" boolean to true will allow this access: > "setsebool -P allow_daemons_use_tty=1." > ]]></fix_description> > <problem_description><![CDATA[ > SELinux prevented console-kit-dae(/usr/sbin/console-kit-daemon) from using the terminal <Unknown>. > In most cases daemons do not need to interact with the terminal, usually > these avc messages can be ignored. All of the confined daemons should > have dontaudit rules around using the terminal. Please file a <a > href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug > report</a> against this selinux-policy. If you would like to allow all > daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. > ]]></problem_description> > <summary><![CDATA[ > SELinux prevented console-kit-dae(/usr/sbin/console-kit-daemon) from using the terminal <Unknown>. > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>chr_file</tclass> > <tcontext mls="s0" role="object_r" type="tty_device_t" user="system_u"/> > </siginfo> > <siginfo> > <analysis_id>allow_daemons_use_tty</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="65" seconds="1201517431" serial="105"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { ioctl } for pid=6451 comm="console-kit-dae" path="/dev/tty0" dev=tmpfs ino=237 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file</body_text> > <event_id host="cirithungol" milli="65" seconds="1201517431" serial="105"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=54 success=yes exit=0 a0=c a1=5603 a2=bfde70b6 a3=c items=0 ppid=1 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="65" seconds="1201517431" serial="105"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:31Z</last_seen_date> > <local_id>b1b29a95-34c2-4593-b0fd-52fb864e8a88</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>ioctl</operation> > </access> > <analysis_id>allow_daemons_use_tty</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>chr_file</tclass> > <tcontext mls="s0" role="object_r" type="tty_device_t" user="system_u"/> > <tpath>/dev/tty0</tpath> > </sig> > <solution version="1.0"> > <fix_cmd>setsebool -P allow_daemons_use_tty=1</fix_cmd> > <fix_description><![CDATA[ > Changing the "allow_daemons_use_tty" boolean to true will allow this access: > "setsebool -P allow_daemons_use_tty=1." > ]]></fix_description> > <problem_description><![CDATA[ > SELinux prevented console-kit-dae(/usr/sbin/console-kit-daemon) from using the terminal /dev/tty0. > In most cases daemons do not need to interact with the terminal, usually > these avc messages can be ignored. All of the confined daemons should > have dontaudit rules around using the terminal. Please file a <a > href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug > report</a> against this selinux-policy. If you would like to allow all > daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. > ]]></problem_description> > <summary><![CDATA[ > SELinux prevented console-kit-dae(/usr/sbin/console-kit-daemon) from using the terminal /dev/tty0. > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>chr_file</tclass> > <tcontext mls="s0" role="object_r" type="tty_device_t" user="system_u"/> > <tpath>/dev/tty0</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="78" seconds="1201517431" serial="107"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { search } for pid=6451 comm="console-kit-dae" name="misc" dev=sdb3 ino=346400 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:system_crond_var_lib_t:s0 tclass=dir</body_text> > <event_id host="cirithungol" milli="78" seconds="1201517431" serial="107"/> > </audit_record> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=6451 comm="console-kit-dae" name="PolicyKit.reload" dev=sdb3 ino=347190 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:system_crond_var_lib_t:s0 tclass=file</body_text> > <event_id host="cirithungol" milli="78" seconds="1201517431" serial="107"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=292 success=yes exit=3 a0=b a1=2adc400 a2=106 a3=8d84f38 items=0 ppid=1 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="78" seconds="1201517431" serial="107"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:31Z</last_seen_date> > <local_id>9f68fb90-143a-4178-89cf-c3b585f115bc</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>search</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>dir</tclass> > <tcontext mls="s0" role="object_r" type="system_crond_var_lib_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, > <p> > restorecon -v <Unknown> > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "search" to <Unknown> (system_crond_var_lib_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>dir</tclass> > <tcontext mls="s0" role="object_r" type="system_crond_var_lib_t" user="system_u"/> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="211" seconds="1201517431" serial="110"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { search } for pid=6451 comm="console-kit-dae" name="2691" dev=proc ino=9772 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=dir</body_text> > <event_id host="cirithungol" milli="211" seconds="1201517431" serial="110"/> > </audit_record> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=6451 comm="console-kit-dae" name="stat" dev=proc ino=15974 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=file</body_text> > <event_id host="cirithungol" milli="211" seconds="1201517431" serial="110"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=5 success=yes exit=14 a0=8d7ecf8 a1=8000 a2=0 a3=8000 items=0 ppid=1 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="211" seconds="1201517431" serial="110"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:31Z</last_seen_date> > <local_id>733d0f87-0c52-4a38-b5d9-530e2a964fb0</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>search</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>dir</tclass> > <tcontext mls="s0" role="system_r" type="hald_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, > <p> > restorecon -v <Unknown> > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "search" to <Unknown> (hald_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>dir</tclass> > <tcontext mls="s0" role="system_r" type="hald_t" user="system_u"/> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="215" seconds="1201517431" serial="111"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { getattr } for pid=6451 comm="console-kit-dae" path="/proc/2691/stat" dev=proc ino=15974 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=file</body_text> > <event_id host="cirithungol" milli="215" seconds="1201517431" serial="111"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=197 success=yes exit=0 a0=e a1=bfde64c8 a2=a0bff4 a3=8d7ecf8 items=0 ppid=1 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="215" seconds="1201517431" serial="111"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:31Z</last_seen_date> > <local_id>4cafdbc8-20f0-4dbc-9f1a-0bbcae99b14c</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>getattr</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="system_r" type="hald_t" user="system_u"/> > <tpath>/proc/2691/stat</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /proc/2691/stat, > <p> > restorecon -v /proc/2691/stat > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "getattr" to /proc/2691/stat (hald_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>file</tclass> > <tcontext mls="s0" role="system_r" type="hald_t" user="system_u"/> > <tpath>/proc/2691/stat</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="216" seconds="1201517431" serial="112"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { sys_nice } for pid=6451 comm="console-kit-dae" capability=23 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=capability</body_text> > <event_id host="cirithungol" milli="216" seconds="1201517431" serial="112"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=3 success=yes exit=199 a0=e a1=bfde6528 a2=1000 a3=0 items=0 ppid=1 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="216" seconds="1201517431" serial="112"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:31Z</last_seen_date> > <local_id>a3646f9b-f194-47bf-bc1d-3b8f8eb6c6f9</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>sys_nice</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>capability</tclass> > <tcontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "sys_nice" to <Unknown> (system_dbusd_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>capability</tclass> > <tcontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="694" seconds="1201517433" serial="113"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { search } for pid=6451 comm="console-kit-dae" name="6514" dev=proc ino=25717 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=dir</body_text> > <event_id host="cirithungol" milli="694" seconds="1201517433" serial="113"/> > </audit_record> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=6451 comm="console-kit-dae" name="stat" dev=proc ino=26883 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file</body_text> > <event_id host="cirithungol" milli="694" seconds="1201517433" serial="113"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=5 success=yes exit=14 a0=8d7ece0 a1=8000 a2=0 a3=8000 items=0 ppid=1 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="694" seconds="1201517433" serial="113"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:33Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:33Z</last_seen_date> > <local_id>a3eb6e13-5604-457c-a9f4-6b1ea87bd400</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>search</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>dir</tclass> > <tcontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, > <p> > restorecon -v <Unknown> > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "search" to <Unknown> (xdm_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>dir</tclass> > <tcontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="694" seconds="1201517433" serial="114"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { getattr } for pid=6451 comm="console-kit-dae" path="/proc/6514/stat" dev=proc ino=26883 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=file</body_text> > <event_id host="cirithungol" milli="694" seconds="1201517433" serial="114"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=197 success=yes exit=0 a0=e a1=bfde6498 a2=a0bff4 a3=8d7ece0 items=0 ppid=1 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="694" seconds="1201517433" serial="114"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:33Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:33Z</last_seen_date> > <local_id>b1c20ab1-500d-439b-80b1-65bd34f74c3e</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>getattr</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <tpath>/proc/6514/stat</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /proc/6514/stat, > <p> > restorecon -v /proc/6514/stat > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "getattr" to /proc/6514/stat (xdm_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>file</tclass> > <tcontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <tpath>/proc/6514/stat</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="695" seconds="1201517433" serial="115"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { sys_ptrace } for pid=6451 comm="console-kit-dae" capability=19 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=capability</body_text> > <event_id host="cirithungol" milli="695" seconds="1201517433" serial="115"/> > </audit_record> > <audit_record record_type="AVC"> > <body_text>avc: denied { ptrace } for pid=6451 comm="console-kit-dae" scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process</body_text> > <event_id host="cirithungol" milli="695" seconds="1201517433" serial="115"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=3 success=yes exit=587 a0=e a1=bfde6558 a2=1000 a3=0 items=0 ppid=1 pid=6451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="695" seconds="1201517433" serial="115"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:33Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:33Z</last_seen_date> > <local_id>a2f89a22-f56c-41f9-acbf-5bbb1ff1c214</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>sys_ptrace</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>capability</tclass> > <tcontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "sys_ptrace" to <Unknown> (system_dbusd_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>capability</tclass> > <tcontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="675" seconds="1201517437" serial="117"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { getattr } for pid=6452 comm="console-kit-dae" path="/var/log/ConsoleKit/history" dev=sdb3 ino=31815 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file</body_text> > <event_id host="cirithungol" milli="675" seconds="1201517437" serial="117"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=197 success=yes exit=0 a0=a a1=b7ff6200 a2=a0bff4 a3=3 items=0 ppid=1 pid=6452 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="675" seconds="1201517437" serial="117"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:37Z</last_seen_date> > <local_id>ba083d98-baba-403d-ac00-e428bb8efacb</local_id> > <report_count>2</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>getattr</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="unconfined_u"/> > <tpath>/var/log/ConsoleKit/history</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /var/log/ConsoleKit/history, > <p> > restorecon -v /var/log/ConsoleKit/history > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "getattr" to /var/log/ConsoleKit/history (var_log_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="unconfined_u"/> > <tpath>/var/log/ConsoleKit/history</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="676" seconds="1201517437" serial="118"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=6452 comm="console-kit-dae" name="history" dev=sdb3 ino=31815 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file</body_text> > <event_id host="cirithungol" milli="676" seconds="1201517437" serial="118"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=5 success=yes exit=14 a0=8d7d3d8 a1=800 a2=180 a3=8d7e3c0 items=0 ppid=1 pid=6452 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="console-kit-dae" exe="/usr/sbin/console-kit-daemon" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="676" seconds="1201517437" serial="118"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Permissive</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T10:50:31Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T10:50:37Z</last_seen_date> > <local_id>b4fc1135-c4cc-4dee-8938-f7ec97f3b4c5</local_id> > <report_count>2</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="unconfined_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, > <p> > restorecon -v <Unknown> > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by console-kit-dae(/usr/sbin/console-kit-daemon). It is not > expected that this access is required by console-kit-dae(/usr/sbin/console-kit-daemon) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing console-kit-dae(/usr/sbin/console-kit-daemon) (system_dbusd_t) "read" to <Unknown> (var_log_t). > ]]></summary> > </solution> > <spath>console-kit-dae(/usr/sbin/console-kit-daemon)</spath> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="unconfined_u"/> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="504" seconds="1201518184" serial="48"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { append } for pid=6667 comm="depmod" path="/var/cache/akmodsd/nvidia/.last.log" dev=sdb3 ino=15836 scontext=unconfined_u:system_r:depmod_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file</body_text> > <event_id host="cirithungol" milli="504" seconds="1201518184" serial="48"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=11 success=yes exit=0 a0=874adf0 a1=874a088 a2=8749e50 a3=0 items=0 ppid=6666 pid=6667 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 comm="depmod" exe="/sbin/depmod" subj=unconfined_u:system_r:depmod_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="504" seconds="1201518184" serial="48"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T11:03:04Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T11:03:04Z</last_seen_date> > <local_id>ee81e765-5897-471e-82bb-2f931742fbfe</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="depmod_t" user="unconfined_u"/> > <sig version="3.0"> > <access> > <operation>append</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="depmod_t" user="unconfined_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_t" user="unconfined_u"/> > <tpath>/var/cache/akmodsd/nvidia/.last.log</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /var/cache/akmodsd/nvidia/.last.log, > <p> > restorecon -v /var/cache/akmodsd/nvidia/.last.log > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by depmod(/sbin/depmod). It is not > expected that this access is required by depmod(/sbin/depmod) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing depmod(/sbin/depmod) (depmod_t) "append" to /var/cache/akmodsd/nvidia/.last.log (var_t). > ]]></summary> > </solution> > <spath>depmod(/sbin/depmod)</spath> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_t" user="unconfined_u"/> > <tpath>/var/cache/akmodsd/nvidia/.last.log</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="911" seconds="1201518441" serial="63"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { link } for pid=7155 comm="gdm-session-wor" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tclass=key</body_text> > <event_id host="cirithungol" milli="911" seconds="1201518441" serial="63"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=288 success=no exit=-13 a0=8 a1=fffffffc a2=fffffffd a3=1f4 items=0 ppid=7119 pid=7155 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="cirithungol" milli="911" seconds="1201518441" serial="63"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T11:07:21Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T11:07:21Z</last_seen_date> > <local_id>1ae78b5d-9c2f-4fb3-9743-7174e6324af9</local_id> > <report_count>1</report_count> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>link</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>cirithungol</host> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <tclass>key</tclass> > <tcontext mls="s0-s0:c0.c1023" role="system_r" type="local_login_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by gdm-session-wor(/usr/libexec/gdm-session-worker). It is not > expected that this access is required by gdm-session-wor(/usr/libexec/gdm-session-worker) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing gdm-session-wor(/usr/libexec/gdm-session-worker) (xdm_t) "link" to <Unknown> (local_login_t). > ]]></summary> > </solution> > <spath>gdm-session-wor(/usr/libexec/gdm-session-worker)</spath> > <tclass>key</tclass> > <tcontext mls="s0-s0:c0.c1023" role="system_r" type="local_login_t" user="system_u"/> > </siginfo> > <siginfo> > <analysis_id>allow_execmem</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="639" seconds="1201520632" serial="85"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { execmem } for pid=7751 comm="gnome-screensav" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process</body_text> > <event_id host="cirithungol" milli="639" seconds="1201520632" serial="85"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=192 success=no exit=-13 a0=48f000 a1=1b000 a2=7 a3=812 items=0 ppid=7254 pid=7751 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="gnome-screensav" exe="/usr/libexec/gnome-screensaver-gl-helper" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="cirithungol" milli="639" seconds="1201520632" serial="85"/> > </audit_record> > </records> > </audit_event> > <category>Memory</category> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-27T15:01:57Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T11:43:52Z</last_seen_date> > <local_id>10c8826c-0d04-4c04-987f-277adcf3009e</local_id> > <report_count>9</report_count> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_t" user="unconfined_u"/> > <sig version="3.0"> > <access> > <operation>execmem</operation> > </access> > <analysis_id>allow_execmem</analysis_id> > <host>cirithungol</host> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_t" user="unconfined_u"/> > <tclass>process</tclass> > <tcontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_t" user="unconfined_u"/> > </sig> > <solution version="1.0"> > <fix_cmd>chcon -t unconfined_execmem_exec_t gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper)</fix_cmd> > <fix_description><![CDATA[ > If you trust gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper) to run correctly, you can change the context > of the executable to unconfined_execmem_exec_t. > "chcon -t unconfined_execmem_exec_t gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper)". > You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t unconfined_execmem_exec_t gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper)" > ]]></fix_description> > <problem_description><![CDATA[ > The gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper) application attempted to change the access protection > of memory (e.g., allocated using malloc). This is a potential > security problem. Applications should not be doing this. Applications > are sometimes coded incorrectly and request this permission. The > <a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a> > web page explains how to remove this requirement. If gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper) does not work and you > need it to work, you can configure SELinux temporarily to allow this > access until the application is fixed. Please file a <a > href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug > report</a> against this package. > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper) from changing a writable memory segment executable. > ]]></summary> > </solution> > <spath>gnome-screensav(/usr/libexec/gnome-screensaver-gl-helper)</spath> > <tclass>process</tclass> > <tcontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_t" user="unconfined_u"/> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>9</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="822" seconds="1201522986" serial="88"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { getattr } for pid=8259 comm="df" name="/" dev=sdd3 ino=1 scontext=system_u:system_r:logwatch_t:s0 tcontext=system_u:object_r:public_content_rw_t:s0 tclass=filesystem</body_text> > <event_id host="cirithungol" milli="822" seconds="1201522986" serial="88"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=268 success=no exit=-13 a0=9694468 a1=54 a2=bffeeee8 a3=0 items=0 ppid=8257 pid=8259 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="df" exe="/bin/df" subj=system_u:system_r:logwatch_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="822" seconds="1201522986" serial="88"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-28T12:23:06Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T12:23:06Z</last_seen_date> > <local_id>b7419fe4-6914-46e1-87d2-7d9dd8c36ea2</local_id> > <report_count>2</report_count> > <scontext mls="s0" role="system_r" type="logwatch_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>getattr</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="logwatch_t" user="system_u"/> > <tclass>filesystem</tclass> > <tcontext mls="s0" role="object_r" type="public_content_rw_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by ß(/bin/df). It is not > expected that this access is required by ß(/bin/df) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing ß(/bin/df) (logwatch_t) "getattr" to <Unknown> (public_content_rw_t). > ]]></summary> > </solution> > <spath>ß(/bin/df)</spath> > <tclass>filesystem</tclass> > <tcontext mls="s0" role="object_r" type="public_content_rw_t" user="system_u"/> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="cirithungol" milli="301" seconds="1201557343" serial="98"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { execute } for pid=9482 comm="dbus-daemon-lau" name="console-kit-daemon" dev=sdb6 ino=375457 scontext=system_u:system_r:system_dbusd_t:s0 tcontext=system_u:object_r:consolekit_exec_t:s0 tclass=file</body_text> > <event_id host="cirithungol" milli="301" seconds="1201557343" serial="98"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=40000003 syscall=11 success=no exit=-13 a0=93d8020 a1=93d7c80 a2=93d7008 a3=a0d99c items=0 ppid=9481 pid=9482 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dbus-daemon-lau" exe="/lib/dbus-1/dbus-daemon-launch-helper" subj=system_u:system_r:system_dbusd_t:s0 key=(null)</body_text> > <event_id host="cirithungol" milli="301" seconds="1201557343" serial="98"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>cirithungol</hostname> > <kernel>2.6.24-2.fc9 i686</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.5-19.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>21</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux cirithungol 2.6.24-2.fc9 #1 SMP Fri Jan 25 13:14:54 EST 2008 i686 i686</uname> > </environment> > <first_seen_date>2008-01-27T17:46:04Z</first_seen_date> > <host>cirithungol</host> > <last_seen_date>2008-01-28T21:55:43Z</last_seen_date> > <local_id>668d74f8-cd20-4e05-8afd-0c2eb27c090a</local_id> > <report_count>37</report_count> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>execute</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>cirithungol</host> > <scontext mls="s0" role="system_r" type="system_dbusd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="consolekit_exec_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, > <p> > restorecon -v <Unknown> > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by dbus-daemon-lau(/lib/dbus-1/dbus-daemon-launch-helper). It is not > expected that this access is required by dbus-daemon-lau(/lib/dbus-1/dbus-daemon-launch-helper) and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing dbus-daemon-lau(/lib/dbus-1/dbus-daemon-launch-helper) (system_dbusd_t) "execute" to <Unknown> (consolekit_exec_t). > ]]></summary> > </solution> > <spath>dbus-daemon-lau(/lib/dbus-1/dbus-daemon-launch-helper)</spath> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="consolekit_exec_t" user="system_u"/> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>8</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > </signature_list> > <users version="1.0"> > <user_list> > <user username="lordmorgul" version="1.0"> > <email_alert>False</email_alert> > </user> > </user_list> > </users> ></sigs>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=293211">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 430421
: 293211