Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 297902 Details for
Bug 436032
SEtroubleshoot browser hangs 'mark delete' or 'remove marked deleted'
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
audit_listener_database.xml with more than 20 audits, 99k file
audit_listener_database.xml (text/xml), 98.97 KB, created by
Andrew Farris
on 2008-03-13 07:59:12 UTC
(
hide
)
Description:
audit_listener_database.xml with more than 20 audits, 99k file
Filename:
MIME Type:
Creator:
Andrew Farris
Created:
2008-03-13 07:59:12 UTC
Size:
98.97 KB
patch
obsolete
><?xml version="1.0" encoding="utf-8"?> ><sigs version="3.0"> > <signature_list> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="586" seconds="1203234737" serial="24"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read write } for pid=3637 comm="Xorg" path="/var/log/Xorg.setup.log" dev=sda3 ino=967182 scontext=system_u:system_r:xdm_xserver_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="586" seconds="1203234737" serial="24"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=59 success=yes exit=0 a0=b00400 a1=b0f1d0 a2=b0f070 a3=3c9816c9f0 items=0 ppid=3636 pid=3637 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=1 comm="Xorg" exe="/usr/bin/Xorg" subj=system_u:system_r:xdm_xserver_t:s0 key=(null)</body_text> > <event_id host="durthangnix" milli="586" seconds="1203234737" serial="24"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.40.rc1.git2.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.7-6.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.40.rc1.git2.fc9 #1 SMP Wed Feb 13 17:17:48 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-02-17T07:52:17Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-02-17T07:52:17Z</last_seen_date> > <local_id>fe576537-225f-4faa-91f2-dc25f8955ef2</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="xdm_xserver_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > <operation>write</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0" role="system_r" type="xdm_xserver_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="system_u"/> > <tpath>/var/log/Xorg.setup.log</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /var/log/Xorg.setup.log, > <p> > restorecon -v '/var/log/Xorg.setup.log' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by Xorg. It is not > expected that this access is required by Xorg and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing Xorg (xdm_xserver_t) "read write" to /var/log/Xorg.setup.log (var_log_t). > ]]></summary> > </solution> > <source>Xorg</source> > <spath>/usr/bin/Xorg</spath> > <src_rpm_list> > <rpm>xorg-x11-server-Xorg-1.4.99.1-0.19.20080107.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="system_u"/> > <tpath>/var/log/Xorg.setup.log</tpath> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>0</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>home_tmp_bad_labels</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="49" seconds="1203315700" serial="354"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read append } for pid=28286 comm="ntpd" path="/home/lordmorgul/.xsession-errors" dev=sdb1 ino=1540108 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="49" seconds="1203315700" serial="354"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=59 success=yes exit=0 a0=8c9470 a1=8c8300 a2=8c9c50 a3=7fff56b173e0 items=0 ppid=28285 pid=28286 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=28 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)</body_text> > <event_id host="durthangnix" milli="49" seconds="1203315700" serial="354"/> > </audit_record> > </records> > </audit_event> > <category>File Label</category> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.40.rc1.git2.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.8-1.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.40.rc1.git2.fc9 #1 SMP Wed Feb 13 17:17:48 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-02-17T04:53:14Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-02-18T06:21:40Z</last_seen_date> > <local_id>15bdd171-cd47-4824-b79d-19d4936eadfd</local_id> > <report_count>2</report_count> > <scontext mls="s0" role="system_r" type="ntpd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > <operation>append</operation> > </access> > <analysis_id>home_tmp_bad_labels</analysis_id> > <host>durthangnix</host> > <scontext mls="s0" role="system_r" type="ntpd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="user_home_t" user="system_u"/> > <tpath>/home/lordmorgul/.xsession-errors</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > If you want ntpd to access this files, you need to > relabel them using restorecon -v '/home/lordmorgul/.xsession-errors'. You might want to > relabel the entire directory using restorecon -R -v '/home/lordmorgul'. > ]]></fix_description> > <problem_description><![CDATA[ > SELinux has denied ntpd access to potentially > mislabeled file(s) (/home/lordmorgul/.xsession-errors). This means that SELinux will not > allow ntpd to use these files. It is common for users to edit > files in their home directory or tmp directories and then move > (mv) them to system directories. The problem is that the files > end up with the wrong file context which confined applications are not allowed to access. > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing the ntpd from using potentially mislabeled files (/home/lordmorgul/.xsession-errors). > ]]></summary> > </solution> > <source>ntpd</source> > <spath>/usr/sbin/ntpd</spath> > <src_rpm_list> > <rpm>ntp-4.2.4p4-2.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="user_home_t" user="system_u"/> > <tpath>/home/lordmorgul/.xsession-errors</tpath> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>2</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="528" seconds="1203757626" serial="29"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { mount } for pid=2960 comm="mount" name="/" dev=fusectl ino=1 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem</body_text> > <event_id host="durthangnix" milli="528" seconds="1203757626" serial="29"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=165 success=no exit=-13 a0=7f7d8d9c3820 a1=7f7d8d9c4be0 a2=7f7d8d9c4c10 a3=ffffffffc0ed0001 items=0 ppid=2955 pid=2960 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mount" exe="/bin/mount" subj=system_u:system_r:mount_t:s0 key=(null)</body_text> > <event_id host="durthangnix" milli="528" seconds="1203757626" serial="29"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.40.rc1.git2.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.9-1.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.40.rc1.git2.fc9 #1 SMP Wed Feb 13 17:17:48 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-02-23T09:07:06Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-02-23T09:07:06Z</last_seen_date> > <local_id>591a4940-e0d5-4a04-b642-ddfcab6d771e</local_id> > <report_count>2</report_count> > <scontext mls="s0" role="system_r" type="mount_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>mount</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>durthangnix</host> > <scontext mls="s0" role="system_r" type="mount_t" user="system_u"/> > <tclass>filesystem</tclass> > <tcontext mls="s0" role="object_r" type="unlabeled_t" user="system_u"/> > <tpath>/</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by mount. It is not > expected that this access is required by mount and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing mount (mount_t) "mount" to / (unlabeled_t). > ]]></summary> > </solution> > <source>mount</source> > <spath>/bin/mount</spath> > <src_rpm_list> > <rpm>util-linux-ng-2.13.1-4.fc9</rpm> > </src_rpm_list> > <tclass>filesystem</tclass> > <tcontext mls="s0" role="object_r" type="unlabeled_t" user="system_u"/> > <tgt_rpm_list> > <rpm>filesystem-2.4.11-2.fc9</rpm> > </tgt_rpm_list> > <tpath>/</tpath> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>0</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="635" seconds="1203771582" serial="119"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { sys_resource } for pid=15695 comm="semodule" capability=24 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tclass=capability</body_text> > <event_id host="durthangnix" milli="635" seconds="1203771582" serial="119"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=1 success=yes exit=4192 a0=5 a1=7fff6615fd00 a2=1060 a3=7fff6615fa70 items=0 ppid=15694 pid=15695 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=3 comm="semodule" exe="/usr/sbin/semodule" subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="635" seconds="1203771582" serial="119"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.40.rc1.git2.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.2.9-1.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.40.rc1.git2.fc9 #1 SMP Wed Feb 13 17:17:48 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-02-23T12:59:42Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-02-23T12:59:42Z</last_seen_date> > <local_id>9895ff1f-98f7-42a1-ad5d-7ebe5a65d4fd</local_id> > <report_count>24</report_count> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="semanage_t" user="unconfined_u"/> > <sig version="3.0"> > <access> > <operation>sys_resource</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="semanage_t" user="unconfined_u"/> > <tclass>capability</tclass> > <tcontext mls="s0-s0:c0.c1023" role="unconfined_r" type="semanage_t" user="unconfined_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by semodule. It is not > expected that this access is required by semodule and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing semodule (semanage_t) "sys_resource" to <Unknown> (semanage_t). > ]]></summary> > </solution> > <source>semodule</source> > <spath>/usr/sbin/semodule</spath> > <src_rpm_list> > <rpm>policycoreutils-2.0.43-2.fc9</rpm> > </src_rpm_list> > <tclass>capability</tclass> > <tcontext mls="s0-s0:c0.c1023" role="unconfined_r" type="semanage_t" user="unconfined_u"/> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>24</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>mislabeled_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="553" seconds="1204085503" serial="12"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { write } for pid=2674 comm="cp" name="resolv.conf.predhclient.eth0" dev=sda3 ino=426837 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="553" seconds="1204085503" serial="12"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=2 success=no exit=-13 a0=7fff17a22c93 a1=201 a2=0 a3=7fff17a219b0 items=0 ppid=2632 pid=2674 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cp" exe="/bin/cp" subj=system_u:system_r:dhcpc_t:s0 key=(null)</body_text> > <event_id host="durthangnix" milli="553" seconds="1204085503" serial="12"/> > </audit_record> > </records> > </audit_event> > <category>File Label</category> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.40.rc1.git2.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.0-1.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.40.rc1.git2.fc9 #1 SMP Wed Feb 13 17:17:48 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-02-17T04:02:46Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-02-27T04:11:43Z</last_seen_date> > <local_id>d3698b37-4bfb-4764-9389-68e69cc58ebb</local_id> > <report_count>4</report_count> > <scontext mls="s0" role="system_r" type="dhcpc_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>write</operation> > </access> > <analysis_id>mislabeled_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0" role="system_r" type="dhcpc_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="etc_t" user="unconfined_u"/> > <tpath>./resolv.conf.predhclient.eth0</tpath> > </sig> > <solution version="1.0"> > <fix_cmd>restorecon './resolv.conf.predhclient.eth0'</fix_cmd> > <fix_description><![CDATA[ > You can attempt to fix file context by executing restorecon -v './resolv.conf.predhclient.eth0' > ]]></fix_description> > <problem_description><![CDATA[ > SELinux is preventing cp (dhcpc_t) "write" to ./resolv.conf.predhclient.eth0 (etc_t). > The SELinux type etc_t, is a generic type for all files in the directory and very few processes (SELinux Domains) are allowed to write to this SELinux type. This type of denial usual indicates a mislabeled file. By default a file created in a directory has the gets the context of the parent directory, but SELinux policy has rules about the creation of directories, that say if a process running in one SELinux Domain (D1) creates a file in a directory with a particular SELinux File Context (F1) the file gets a different File Context (F2). The policy usually allows the SELinux Domain (D1) the ability to write, unlink, and append on (F2). But if for some reason a file (./resolv.conf.predhclient.eth0) was created with the wrong context, this domain will be denied. The usual solution to this problem is to reset the file context on the target file, restorecon -v './resolv.conf.predhclient.eth0'. If the file context does not change from etc_t, then this is probably a bug in policy. Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> against the selinux-policy package. >If it does change, you can try your application again to see if it works. The file context could have been mislabeled by editing the file or moving the file from a different directory, if the file keeps getting mislabeled, check the init scripts to see if they are doing something to mislabel the file. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing cp (dhcpc_t) "write" to ./resolv.conf.predhclient.eth0 (etc_t). > ]]></summary> > </solution> > <source>cp</source> > <spath>/bin/cp</spath> > <src_rpm_list> > <rpm>coreutils-6.10-8.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="etc_t" user="unconfined_u"/> > <tpath>./resolv.conf.predhclient.eth0</tpath> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>2</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>mislabeled_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="559" seconds="1204085503" serial="13"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { unlink } for pid=2674 comm="cp" name="resolv.conf.predhclient.eth0" dev=sda3 ino=426837 scontext=system_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:etc_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="559" seconds="1204085503" serial="13"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=87 success=no exit=-13 a0=7fff17a22c93 a1=ffffffff a2=d a3=7fff17a219b0 items=0 ppid=2632 pid=2674 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cp" exe="/bin/cp" subj=system_u:system_r:dhcpc_t:s0 key=(null)</body_text> > <event_id host="durthangnix" milli="559" seconds="1204085503" serial="13"/> > </audit_record> > </records> > </audit_event> > <category>File Label</category> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.40.rc1.git2.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.0-1.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.40.rc1.git2.fc9 #1 SMP Wed Feb 13 17:17:48 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-02-17T04:02:36Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-02-27T04:11:43Z</last_seen_date> > <local_id>2e1e1cbd-9c93-481a-a136-115463406680</local_id> > <report_count>8</report_count> > <scontext mls="s0" role="system_r" type="dhcpc_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>unlink</operation> > </access> > <analysis_id>mislabeled_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0" role="system_r" type="dhcpc_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="etc_t" user="unconfined_u"/> > <tpath>./resolv.conf.predhclient.eth0</tpath> > </sig> > <solution version="1.0"> > <fix_cmd>restorecon './resolv.conf.predhclient.eth0'</fix_cmd> > <fix_description><![CDATA[ > You can attempt to fix file context by executing restorecon -v './resolv.conf.predhclient.eth0' > ]]></fix_description> > <problem_description><![CDATA[ > SELinux is preventing cp (dhcpc_t) "unlink" to ./resolv.conf.predhclient.eth0 (etc_t). > The SELinux type etc_t, is a generic type for all files in the directory and very few processes (SELinux Domains) are allowed to write to this SELinux type. This type of denial usual indicates a mislabeled file. By default a file created in a directory has the gets the context of the parent directory, but SELinux policy has rules about the creation of directories, that say if a process running in one SELinux Domain (D1) creates a file in a directory with a particular SELinux File Context (F1) the file gets a different File Context (F2). The policy usually allows the SELinux Domain (D1) the ability to write, unlink, and append on (F2). But if for some reason a file (./resolv.conf.predhclient.eth0) was created with the wrong context, this domain will be denied. The usual solution to this problem is to reset the file context on the target file, restorecon -v './resolv.conf.predhclient.eth0'. If the file context does not change from etc_t, then this is probably a bug in policy. Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> against the selinux-policy package. >If it does change, you can try your application again to see if it works. The file context could have been mislabeled by editing the file or moving the file from a different directory, if the file keeps getting mislabeled, check the init scripts to see if they are doing something to mislabel the file. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing cp (dhcpc_t) "unlink" to ./resolv.conf.predhclient.eth0 (etc_t). > ]]></summary> > </solution> > <source>rm</source> > <spath>/bin/rm</spath> > <src_rpm_list> > <rpm>coreutils-6.10-8.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="etc_t" user="unconfined_u"/> > <tpath>./resolv.conf.predhclient.eth0</tpath> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>4</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="558" seconds="1204117907" serial="96"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=1 comm="init" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir</body_text> > <event_id host="durthangnix" milli="558" seconds="1204117907" serial="96"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.65.rc2.git7.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.0-1.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.65.rc2.git7.fc9 #1 SMP Sat Feb 23 22:40:55 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-02-27T13:11:47Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-02-27T13:11:47Z</last_seen_date> > <local_id>6193446f-c3fe-40e3-b5b1-c7cfe444b8a4</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="init_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0" role="system_r" type="init_t" user="system_u"/> > <tclass>dir</tclass> > <tcontext mls="s0" role="object_r" type="inotifyfs_t" user="system_u"/> > <tpath>inotify</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for inotify, > <p> > restorecon -v 'inotify' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by init. It is not > expected that this access is required by init and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing init (init_t) "read" to inotify (inotifyfs_t). > ]]></summary> > </solution> > <source>init</source> > <tclass>dir</tclass> > <tcontext mls="s0" role="object_r" type="inotifyfs_t" user="system_u"/> > <tpath>inotify</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="190" seconds="1204200694" serial="418"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { sys_resource } for pid=1364 comm="perl" capability=24 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tclass=capability</body_text> > <event_id host="durthangnix" milli="190" seconds="1204200694" serial="418"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=1 success=yes exit=4096 a0=1 a1=1dac8b0 a2=1000 a3=536d6447203a4755 items=0 ppid=1350 pid=1364 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=32 comm="perl" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="190" seconds="1204200694" serial="418"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.65.rc2.git7.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.0-1.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.65.rc2.git7.fc9 #1 SMP Sat Feb 23 22:40:55 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-02-28T12:11:33Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-02-28T12:11:34Z</last_seen_date> > <local_id>9992309e-a632-4655-8553-6f4b4b7db5bc</local_id> > <report_count>107</report_count> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="logwatch_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>sys_resource</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="logwatch_t" user="system_u"/> > <tclass>capability</tclass> > <tcontext mls="s0-s0:c0.c1023" role="system_r" type="logwatch_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by perl. It is not > expected that this access is required by perl and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing perl (logwatch_t) "sys_resource" to <Unknown> (logwatch_t). > ]]></summary> > </solution> > <source>perl</source> > <spath>/usr/bin/perl</spath> > <src_rpm_list> > <rpm>perl-5.8.8-31.fc9</rpm> > </src_rpm_list> > <tclass>capability</tclass> > <tcontext mls="s0-s0:c0.c1023" role="system_r" type="logwatch_t" user="system_u"/> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>0</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="705" seconds="1204334675" serial="13"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { getcap } for pid=2166 comm="avahi-daemon" scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:system_r:avahi_t:s0 tclass=process</body_text> > <event_id host="durthangnix" milli="705" seconds="1204334675" serial="13"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=125 success=no exit=-13 a0=1e17b64 a1=0 a2=1e17b50 a3=343b56b9f0 items=0 ppid=1 pid=2166 auid=4294967295 uid=498 gid=495 euid=498 suid=498 fsuid=498 egid=495 sgid=495 fsgid=495 tty=(none) ses=4294967295 comm="avahi-daemon" exe="/usr/sbin/avahi-daemon" subj=system_u:system_r:avahi_t:s0 key=(null)</body_text> > <event_id host="durthangnix" milli="705" seconds="1204334675" serial="13"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.73.rc3.git1.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.0-1.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.73.rc3.git1.fc9 #1 SMP Wed Feb 27 21:16:02 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-02-23T23:56:42Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-01T01:24:35Z</last_seen_date> > <local_id>598dc4b7-fcb8-4aac-b7c5-55833957f8be</local_id> > <report_count>36</report_count> > <scontext mls="s0" role="system_r" type="avahi_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>getcap</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>durthangnix</host> > <scontext mls="s0" role="system_r" type="avahi_t" user="system_u"/> > <tclass>process</tclass> > <tcontext mls="s0" role="system_r" type="avahi_t" user="system_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by avahi-daemon. It is not > expected that this access is required by avahi-daemon and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing avahi-daemon (avahi_t) "getcap" to <Unknown> (avahi_t). > ]]></summary> > </solution> > <source>avahi-daemon</source> > <spath>/usr/sbin/avahi-daemon</spath> > <src_rpm_list> > <rpm>avahi-0.6.22-7.fc9</rpm> > </src_rpm_list> > <tclass>process</tclass> > <tcontext mls="s0" role="system_r" type="avahi_t" user="system_u"/> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>0</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>allow_daemons_use_tty</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="822" seconds="1204339207" serial="23"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read write } for pid=3543 comm="dbus-daemon" path="/dev/tty2" dev=tmpfs ino=1793 scontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unconfined_tty_device_t:s0 tclass=chr_file</body_text> > <event_id host="durthangnix" milli="822" seconds="1204339207" serial="23"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=59 success=yes exit=0 a0=40516c a1=7ffff5bf5a00 a2=7ffff5bf7fc8 a3=7ffff5bf7890 items=0 ppid=3542 pid=3543 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=2 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="822" seconds="1204339207" serial="23"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.73.rc3.git1.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-6.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.73.rc3.git1.fc9 #1 SMP Wed Feb 27 21:16:02 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-02-27T14:00:24Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-01T02:40:07Z</last_seen_date> > <local_id>bb604f23-f8d0-45d6-bb7a-25af8bfe7363</local_id> > <report_count>2</report_count> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_dbusd_t" user="unconfined_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > <operation>write</operation> > </access> > <analysis_id>allow_daemons_use_tty</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_dbusd_t" user="unconfined_u"/> > <tclass>chr_file</tclass> > <tcontext mls="s0" role="object_r" type="unconfined_tty_device_t" user="unconfined_u"/> > <tpath>/dev/tty2</tpath> > </sig> > <solution version="1.0"> > <fix_cmd>setsebool -P allow_daemons_use_tty=1</fix_cmd> > <fix_description><![CDATA[ > Changing the "allow_daemons_use_tty" boolean to true will allow this access: > "setsebool -P allow_daemons_use_tty=1." > ]]></fix_description> > <problem_description><![CDATA[ > SELinux prevented dbus-daemon from using the terminal /dev/tty2. > In most cases daemons do not need to interact with the terminal, usually > these avc messages can be ignored. All of the confined daemons should > have dontaudit rules around using the terminal. Please file a <a > href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug > report</a> against this selinux-policy. If you would like to allow all > daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. > ]]></problem_description> > <summary><![CDATA[ > SELinux prevented dbus-daemon from using the terminal /dev/tty2. > ]]></summary> > </solution> > <source>dbus-daemon</source> > <spath>/bin/dbus-daemon</spath> > <src_rpm_list> > <rpm>dbus-1.1.20-1.fc9</rpm> > </src_rpm_list> > <tclass>chr_file</tclass> > <tcontext mls="s0" role="object_r" type="unconfined_tty_device_t" user="unconfined_u"/> > <tpath>/dev/tty2</tpath> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>0</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>allow_daemons_use_tty</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="193" seconds="1204522017" serial="34"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read write } for pid=7538 comm="dbus-daemon" path="/dev/tty1" dev=tmpfs ino=1791 scontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:unconfined_tty_device_t:s0 tclass=chr_file</body_text> > <event_id host="durthangnix" milli="193" seconds="1204522017" serial="34"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=59 success=yes exit=0 a0=40516c a1=7fff2781e3b0 a2=7fff27820978 a3=8101010101010100 items=0 ppid=7537 pid=7538 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="193" seconds="1204522017" serial="34"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.73.rc3.git1.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-6.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.73.rc3.git1.fc9 #1 SMP Wed Feb 27 21:16:02 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-02-29T07:03:06Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-03T05:26:57Z</last_seen_date> > <local_id>e4c2ac70-e5e2-42fc-b741-379deb0f24ce</local_id> > <report_count>2</report_count> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_dbusd_t" user="unconfined_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > <operation>write</operation> > </access> > <analysis_id>allow_daemons_use_tty</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_dbusd_t" user="unconfined_u"/> > <tclass>chr_file</tclass> > <tcontext mls="s0" role="object_r" type="unconfined_tty_device_t" user="unconfined_u"/> > <tpath>/dev/tty1</tpath> > </sig> > <solution version="1.0"> > <fix_cmd>setsebool -P allow_daemons_use_tty=1</fix_cmd> > <fix_description><![CDATA[ > Changing the "allow_daemons_use_tty" boolean to true will allow this access: > "setsebool -P allow_daemons_use_tty=1." > ]]></fix_description> > <problem_description><![CDATA[ > SELinux prevented dbus-daemon from using the terminal /dev/tty1. > In most cases daemons do not need to interact with the terminal, usually > these avc messages can be ignored. All of the confined daemons should > have dontaudit rules around using the terminal. Please file a <a > href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug > report</a> against this selinux-policy. If you would like to allow all > daemons to interact with the terminal, you can turn on the allow_daemons_use_tty boolean. > ]]></problem_description> > <summary><![CDATA[ > SELinux prevented dbus-daemon from using the terminal /dev/tty1. > ]]></summary> > </solution> > <source>dbus-daemon</source> > <spath>/bin/dbus-daemon</spath> > <src_rpm_list> > <rpm>dbus-1.1.20-1.fc9</rpm> > </src_rpm_list> > <tclass>chr_file</tclass> > <tcontext mls="s0" role="object_r" type="unconfined_tty_device_t" user="unconfined_u"/> > <tpath>/dev/tty1</tpath> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>0</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="475" seconds="1205018825" serial="57"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=5464 comm="rsyslogd" name="System.map-2.6.25-0.95.rc4.fc9" dev=sda1 ino=6045 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="475" seconds="1205018825" serial="57"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=2 success=no exit=-13 a0=e58e00 a1=0 a2=1b6 a3=7fae2b99c6f0 items=0 ppid=5463 pid=5464 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="rsyslogd" exe="/sbin/rsyslogd" subj=unconfined_u:system_r:syslogd_t:s0 key=(null)</body_text> > <event_id host="durthangnix" milli="475" seconds="1205018825" serial="57"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.95.rc4.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-12.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.95.rc4.fc9 #1 SMP Thu Mar 6 00:50:28 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-08T23:27:05Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-08T23:27:05Z</last_seen_date> > <local_id>473b96de-8ced-42c7-a8c7-885c469cc47f</local_id> > <report_count>1</report_count> > <scontext mls="s0" role="system_r" type="syslogd_t" user="unconfined_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0" role="system_r" type="syslogd_t" user="unconfined_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="system_map_t" user="system_u"/> > <tpath>./System.map-2.6.25-0.95.rc4.fc9</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for ./System.map-2.6.25-0.95.rc4.fc9, > <p> > restorecon -v './System.map-2.6.25-0.95.rc4.fc9' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by rsyslogd. It is not > expected that this access is required by rsyslogd and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing rsyslogd (syslogd_t) "read" to ./System.map-2.6.25-0.95.rc4.fc9 (system_map_t). > ]]></summary> > </solution> > <source>rsyslogd</source> > <spath>/sbin/rsyslogd</spath> > <src_rpm_list> > <rpm>rsyslog-3.12.1-1.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="system_map_t" user="system_u"/> > <tpath>./System.map-2.6.25-0.95.rc4.fc9</tpath> > </siginfo> > <siginfo> > <analysis_id>mislabeled_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="197" seconds="1205217932" serial="9"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { write } for pid=2486 comm="login" name="btmp" dev=sda3 ino=966787 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="197" seconds="1205217932" serial="9"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=2 success=no exit=-13 a0=404aa9 a1=1 a2=30787 a3=7fffa3aa8770 items=0 ppid=1 pid=2486 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty1 ses=4294967295 comm="login" exe="/bin/login" subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="197" seconds="1205217932" serial="9"/> > </audit_record> > </records> > </audit_event> > <category>File Label</category> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.95.rc4.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-12.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.95.rc4.fc9 #1 SMP Thu Mar 6 00:50:28 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-11T06:45:32Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-11T06:45:32Z</last_seen_date> > <local_id>dbdcbd54-55ad-4a65-994a-20efb35118aa</local_id> > <report_count>1</report_count> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="local_login_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>write</operation> > </access> > <analysis_id>mislabeled_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="local_login_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="unconfined_u"/> > <tpath>./btmp</tpath> > </sig> > <solution version="1.0"> > <fix_cmd>restorecon './btmp'</fix_cmd> > <fix_description><![CDATA[ > You can attempt to fix file context by executing restorecon -v './btmp' > ]]></fix_description> > <problem_description><![CDATA[ > SELinux is preventing login (local_login_t) "write" to ./btmp (var_log_t). > The SELinux type var_log_t, is a generic type for all files in the directory and very few processes (SELinux Domains) are allowed to write to this SELinux type. This type of denial usual indicates a mislabeled file. By default a file created in a directory has the gets the context of the parent directory, but SELinux policy has rules about the creation of directories, that say if a process running in one SELinux Domain (D1) creates a file in a directory with a particular SELinux File Context (F1) the file gets a different File Context (F2). The policy usually allows the SELinux Domain (D1) the ability to write, unlink, and append on (F2). But if for some reason a file (./btmp) was created with the wrong context, this domain will be denied. The usual solution to this problem is to reset the file context on the target file, restorecon -v './btmp'. If the file context does not change from var_log_t, then this is probably a bug in policy. Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> against the selinux-policy package. >If it does change, you can try your application again to see if it works. The file context could have been mislabeled by editing the file or moving the file from a different directory, if the file keeps getting mislabeled, check the init scripts to see if they are doing something to mislabel the file. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing login (local_login_t) "write" to ./btmp (var_log_t). > ]]></summary> > </solution> > <source>login</source> > <spath>/bin/login</spath> > <src_rpm_list> > <rpm>util-linux-ng-2.13.1-4.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="unconfined_u"/> > <tpath>./btmp</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="224" seconds="1205217979" serial="28"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read write } for pid=2723 comm="Xorg" path="socket:[9815]" dev=sockfs ino=9815 scontext=unconfined_u:unconfined_r:xdm_xserver_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket</body_text> > <event_id host="durthangnix" milli="224" seconds="1205217979" serial="28"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=59 success=yes exit=0 a0=c44cd0 a1=f85e50 a2=f2b420 a3=3b8896c9f0 items=0 ppid=2679 pid=2723 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty2 ses=2 comm="Xorg" exe="/usr/bin/Xorg" subj=unconfined_u:unconfined_r:xdm_xserver_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="224" seconds="1205217979" serial="28"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.95.rc4.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-12.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.95.rc4.fc9 #1 SMP Thu Mar 6 00:50:28 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-11T06:46:19Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-11T06:46:19Z</last_seen_date> > <local_id>18193b09-c553-4a72-abaa-cc23b3c2ff26</local_id> > <report_count>1</report_count> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="xdm_xserver_t" user="unconfined_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > <operation>write</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="xdm_xserver_t" user="unconfined_u"/> > <tclass>unix_stream_socket</tclass> > <tcontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_t" user="unconfined_u"/> > <tpath>socket</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by Xorg. It is not > expected that this access is required by Xorg and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing Xorg (xdm_xserver_t) "read write" to socket (unconfined_t). > ]]></summary> > </solution> > <source>Xorg</source> > <spath>/usr/bin/Xorg</spath> > <src_rpm_list> > <rpm>xorg-x11-server-Xorg-1.4.99.901-1.20080307.fc9</rpm> > </src_rpm_list> > <tclass>unix_stream_socket</tclass> > <tcontext mls="s0-s0:c0.c1023" role="unconfined_r" type="unconfined_t" user="unconfined_u"/> > <tpath>socket</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="396" seconds="1205293883" serial="106"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { write } for pid=32738 comm="gdb" name="rpm" dev=sda3 ino=966659 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir</body_text> > <event_id host="durthangnix" milli="396" seconds="1205293883" serial="106"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=21 success=no exit=-13 a0=267ec00 a1=2 a2=0 a3=3b8896c9f0 items=0 ppid=32737 pid=32738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gdb" exe="/usr/bin/gdb" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="396" seconds="1205293883" serial="106"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.95.rc4.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-12.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.95.rc4.fc9 #1 SMP Thu Mar 6 00:50:28 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-12T03:51:17Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-12T03:51:23Z</last_seen_date> > <local_id>eaaa236d-1e60-4b41-ab40-e2e221066bbd</local_id> > <report_count>17</report_count> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>write</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <tclass>dir</tclass> > <tcontext mls="s0" role="object_r" type="rpm_var_lib_t" user="system_u"/> > <tpath>./rpm</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for ./rpm, > <p> > restorecon -v './rpm' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by gdb. It is not > expected that this access is required by gdb and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing gdb (xdm_t) "write" to ./rpm (rpm_var_lib_t). > ]]></summary> > </solution> > <source>gdb</source> > <spath>/usr/bin/gdb</spath> > <src_rpm_list> > <rpm>gdb-6.7.50.20080227-3.fc9</rpm> > </src_rpm_list> > <tclass>dir</tclass> > <tcontext mls="s0" role="object_r" type="rpm_var_lib_t" user="system_u"/> > <tpath>./rpm</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="398" seconds="1205293883" serial="107"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { getattr } for pid=32738 comm="gdb" path="/var/lib/rpm/Packages" dev=sda3 ino=966663 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="398" seconds="1205293883" serial="107"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=4 success=no exit=-13 a0=2a2fbf0 a1=7fff8a651f80 a2=7fff8a651f80 a3=1a4 items=0 ppid=32737 pid=32738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gdb" exe="/usr/bin/gdb" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="398" seconds="1205293883" serial="107"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.95.rc4.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-12.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.95.rc4.fc9 #1 SMP Thu Mar 6 00:50:28 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-12T03:51:17Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-12T03:51:23Z</last_seen_date> > <local_id>5f91bc82-dd64-41e5-81df-7e55d5bc4277</local_id> > <report_count>17</report_count> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>getattr</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="rpm_var_lib_t" user="system_u"/> > <tpath>/var/lib/rpm/Packages</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /var/lib/rpm/Packages, > <p> > restorecon -v '/var/lib/rpm/Packages' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by gdb. It is not > expected that this access is required by gdb and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing gdb (xdm_t) "getattr" to /var/lib/rpm/Packages (rpm_var_lib_t). > ]]></summary> > </solution> > <source>gdb</source> > <spath>/usr/bin/gdb</spath> > <src_rpm_list> > <rpm>gdb-6.7.50.20080227-3.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="rpm_var_lib_t" user="system_u"/> > <tgt_rpm_list> > <rpm>rpm-4.4.2.3-0.2.rc1</rpm> > </tgt_rpm_list> > <tpath>/var/lib/rpm/Packages</tpath> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>0</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="472" seconds="1205293883" serial="108"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { getattr } for pid=32738 comm="gdb" path="/usr/src/debug/glibc-20080305T0857/sysdeps/unix/sysv/linux/waitpid.c" dev=sda3 ino=988586 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:src_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="472" seconds="1205293883" serial="108"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=4 success=no exit=-13 a0=7fff8a652590 a1=7fff8a6524f0 a2=7fff8a6524f0 a3=0 items=0 ppid=32737 pid=32738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gdb" exe="/usr/bin/gdb" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="472" seconds="1205293883" serial="108"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.95.rc4.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-12.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.95.rc4.fc9 #1 SMP Thu Mar 6 00:50:28 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-12T03:51:23Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-12T03:51:23Z</last_seen_date> > <local_id>8e13c5ba-dd7a-4b0a-8d57-a2e979e8a58d</local_id> > <report_count>1</report_count> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>getattr</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="src_t" user="system_u"/> > <tpath>/usr/src/debug/glibc-20080305T0857/sysdeps/unix/sysv/linux/waitpid.c</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for /usr/src/debug/glibc-20080305T0857/sysdeps/unix/sysv/linux/waitpid.c, > <p> > restorecon -v '/usr/src/debug/glibc-20080305T0857/sysdeps/unix/sysv/linux/waitpid.c' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by gdb. It is not > expected that this access is required by gdb and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing gdb (xdm_t) "getattr" to /usr/src/debug/glibc-20080305T0857/sysdeps/unix/sysv/linux/waitpid.c (src_t). > ]]></summary> > </solution> > <source>gdb</source> > <spath>/usr/bin/gdb</spath> > <src_rpm_list> > <rpm>gdb-6.7.50.20080227-3.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="src_t" user="system_u"/> > <tgt_rpm_list> > <rpm>glibc-debuginfo-2.7.90-9</rpm> > </tgt_rpm_list> > <tpath>/usr/src/debug/glibc-20080305T0857/sysdeps/unix/sysv/linux/waitpid.c</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="513" seconds="1205293883" serial="109"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=32738 comm="gdb" name="waitpid.c" dev=sda3 ino=988586 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:src_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="513" seconds="1205293883" serial="109"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=2 success=no exit=-13 a0=7fff8a652590 a1=0 a2=ffffffff a3=0 items=0 ppid=32737 pid=32738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gdb" exe="/usr/bin/gdb" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="513" seconds="1205293883" serial="109"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.95.rc4.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-12.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.95.rc4.fc9 #1 SMP Thu Mar 6 00:50:28 EST 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-12T03:51:23Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-12T03:51:23Z</last_seen_date> > <local_id>3ad340c0-0a70-4b47-b2b7-5105c3edde32</local_id> > <report_count>1</report_count> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="xdm_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="src_t" user="system_u"/> > <tpath>./waitpid.c</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for ./waitpid.c, > <p> > restorecon -v './waitpid.c' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by gdb. It is not > expected that this access is required by gdb and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing gdb (xdm_t) "read" to ./waitpid.c (src_t). > ]]></summary> > </solution> > <source>gdb</source> > <spath>/usr/bin/gdb</spath> > <src_rpm_list> > <rpm>gdb-6.7.50.20080227-3.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="src_t" user="system_u"/> > <tpath>./waitpid.c</tpath> > </siginfo> > <siginfo> > <analysis_id>mislabeled_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="427" seconds="1205366323" serial="63"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { write } for pid=5479 comm="sshd" name="wtmp" dev=sda3 ino=966784 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="427" seconds="1205366323" serial="63"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=2 success=no exit=-13 a0=5affa75a a1=1 a2=2 a3=7fff5e151c50 items=0 ppid=2227 pid=5479 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="427" seconds="1205366323" serial="63"/> > </audit_record> > </records> > </audit_event> > <category>File Label</category> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.105.rc5.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-12.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon Mar 10 20:59:23 EDT 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-12T23:58:43Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-12T23:58:43Z</last_seen_date> > <local_id>7e73f7be-7f17-477f-94f4-8791c7f8c9d7</local_id> > <report_count>1</report_count> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="sshd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>write</operation> > </access> > <analysis_id>mislabeled_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="sshd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="unconfined_u"/> > <tpath>./wtmp</tpath> > </sig> > <solution version="1.0"> > <fix_cmd>restorecon './wtmp'</fix_cmd> > <fix_description><![CDATA[ > You can attempt to fix file context by executing restorecon -v './wtmp' > ]]></fix_description> > <problem_description><![CDATA[ > SELinux is preventing sshd (sshd_t) "write" to ./wtmp (var_log_t). > The SELinux type var_log_t, is a generic type for all files in the directory and very few processes (SELinux Domains) are allowed to write to this SELinux type. This type of denial usual indicates a mislabeled file. By default a file created in a directory has the gets the context of the parent directory, but SELinux policy has rules about the creation of directories, that say if a process running in one SELinux Domain (D1) creates a file in a directory with a particular SELinux File Context (F1) the file gets a different File Context (F2). The policy usually allows the SELinux Domain (D1) the ability to write, unlink, and append on (F2). But if for some reason a file (./wtmp) was created with the wrong context, this domain will be denied. The usual solution to this problem is to reset the file context on the target file, restorecon -v './wtmp'. If the file context does not change from var_log_t, then this is probably a bug in policy. Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> against the selinux-policy package. >If it does change, you can try your application again to see if it works. The file context could have been mislabeled by editing the file or moving the file from a different directory, if the file keeps getting mislabeled, check the init scripts to see if they are doing something to mislabel the file. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing sshd (sshd_t) "write" to ./wtmp (var_log_t). > ]]></summary> > </solution> > <source>sshd</source> > <spath>/usr/sbin/sshd</spath> > <src_rpm_list> > <rpm>openssh-server-4.7p1-9.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_log_t" user="unconfined_u"/> > <tpath>./wtmp</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="315" seconds="1205370776" serial="91"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read write } for pid=5479 comm="sshd" name="utmp" dev=sda3 ino=966787 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="315" seconds="1205370776" serial="91"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=2 success=no exit=-13 a0=1f4c572 a1=80002 a2=2 a3=7fff5e152fc0 items=0 ppid=2227 pid=5479 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="315" seconds="1205370776" serial="91"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.105.rc5.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-12.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon Mar 10 20:59:23 EDT 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-12T23:58:43Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-13T01:12:56Z</last_seen_date> > <local_id>fa7d353f-1b16-4157-8e0a-204e93f56398</local_id> > <report_count>6</report_count> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="sshd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > <operation>write</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="sshd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_run_t" user="unconfined_u"/> > <tpath>./utmp</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for ./utmp, > <p> > restorecon -v './utmp' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by sshd. It is not > expected that this access is required by sshd and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing sshd (sshd_t) "read write" to ./utmp (var_run_t). > ]]></summary> > </solution> > <source>sshd</source> > <spath>/usr/sbin/sshd</spath> > <src_rpm_list> > <rpm>openssh-server-4.7p1-9.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_run_t" user="unconfined_u"/> > <tpath>./utmp</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall_file</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="315" seconds="1205370776" serial="92"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read } for pid=5479 comm="sshd" name="utmp" dev=sda3 ino=966787 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file</body_text> > <event_id host="durthangnix" milli="315" seconds="1205370776" serial="92"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=2 success=no exit=-13 a0=1f4c572 a1=80000 a2=d a3=7fff5e152fc0 items=0 ppid=2227 pid=5479 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm="sshd" exe="/usr/sbin/sshd" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="315" seconds="1205370776" serial="92"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.105.rc5.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-12.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon Mar 10 20:59:23 EDT 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-12T23:58:43Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-13T01:12:56Z</last_seen_date> > <local_id>c80783fc-0f5f-4503-b4b5-32c213517074</local_id> > <report_count>6</report_count> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="sshd_t" user="system_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > </access> > <analysis_id>catchall_file</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="system_r" type="sshd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_run_t" user="unconfined_u"/> > <tpath>./utmp</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for ./utmp, > <p> > restorecon -v './utmp' > <p> > If this does not work, there is currently no automatic way to allow this > access. Instead, you can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by sshd. It is not > expected that this access is required by sshd and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing sshd (sshd_t) "read" to ./utmp (var_run_t). > ]]></summary> > </solution> > <source>sshd</source> > <spath>/usr/sbin/sshd</spath> > <src_rpm_list> > <rpm>openssh-server-4.7p1-9.fc9</rpm> > </src_rpm_list> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="var_run_t" user="unconfined_u"/> > <tpath>./utmp</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="991" seconds="1205392698" serial="139"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { read write } for pid=7308 comm="fusermount" path="socket:[27024]" dev=sockfs ino=27024 scontext=user_u:system_r:mount_t:s0 tcontext=user_u:system_r:bootloader_t:s0 tclass=unix_stream_socket</body_text> > <event_id host="durthangnix" milli="991" seconds="1205392698" serial="139"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=59 success=yes exit=0 a0=3b88a1a551 a1=7fffb5e20460 a2=7f4de0 a3=7fffb5e21efb items=0 ppid=7297 pid=7308 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=500 sgid=500 fsgid=500 tty=(none) ses=5 comm="fusermount" exe="/bin/fusermount" subj=user_u:system_r:mount_t:s0 key=(null)</body_text> > <event_id host="durthangnix" milli="991" seconds="1205392698" serial="139"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.105.rc5.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-14.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon Mar 10 20:59:23 EDT 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-13T07:18:18Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-13T07:18:18Z</last_seen_date> > <local_id>a028b7cb-85b9-45cb-8b07-2d88ccda7d4f</local_id> > <report_count>2</report_count> > <scontext mls="s0" role="system_r" type="mount_t" user="user_u"/> > <sig version="3.0"> > <access> > <operation>read</operation> > <operation>write</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>durthangnix</host> > <scontext mls="s0" role="system_r" type="mount_t" user="user_u"/> > <tclass>unix_stream_socket</tclass> > <tcontext mls="s0" role="system_r" type="bootloader_t" user="user_u"/> > <tpath>socket</tpath> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by fusermount. It is not > expected that this access is required by fusermount and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing fusermount (mount_t) "read write" to socket (bootloader_t). > ]]></summary> > </solution> > <source>fusermount</source> > <spath>/bin/fusermount</spath> > <src_rpm_list> > <rpm>fuse-2.7.3-2.fc9</rpm> > </src_rpm_list> > <tclass>unix_stream_socket</tclass> > <tcontext mls="s0" role="system_r" type="bootloader_t" user="user_u"/> > <tpath>socket</tpath> > </siginfo> > <siginfo> > <analysis_id>catchall</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="923" seconds="1205392736" serial="206"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { unix_read unix_write } for pid=6844 comm="Xorg" key=0 scontext=unconfined_u:unconfined_r:xdm_xserver_t:s0-s0:c0.c1023 tcontext=user_u:system_r:bootloader_t:s0 tclass=shm</body_text> > <event_id host="durthangnix" milli="923" seconds="1205392736" serial="206"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=30 success=no exit=-13 a0=98003 a1=0 a2=0 a3=3b8896c9f0 items=0 ppid=6843 pid=6844 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty7 ses=4 comm="Xorg" exe="/usr/bin/Xorg" subj=unconfined_u:unconfined_r:xdm_xserver_t:s0-s0:c0.c1023 key=(null)</body_text> > <event_id host="durthangnix" milli="923" seconds="1205392736" serial="206"/> > </audit_record> > </records> > </audit_event> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.105.rc5.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-14.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon Mar 10 20:59:23 EDT 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-13T07:17:47Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-13T07:18:56Z</last_seen_date> > <local_id>2a076b2c-210e-4965-8d80-bf938ca0efb7</local_id> > <report_count>14</report_count> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="xdm_xserver_t" user="unconfined_u"/> > <sig version="3.0"> > <access> > <operation>unix_read</operation> > <operation>unix_write</operation> > </access> > <analysis_id>catchall</analysis_id> > <host>durthangnix</host> > <scontext mls="s0-s0:c0.c1023" role="unconfined_r" type="xdm_xserver_t" user="unconfined_u"/> > <tclass>shm</tclass> > <tcontext mls="s0" role="system_r" type="bootloader_t" user="user_u"/> > </sig> > <solution version="1.0"> > <fix_cmd></fix_cmd> > <fix_description><![CDATA[ > You can generate a local policy module to allow this > access - see <a href="http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385">FAQ</a> > Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. > Please file a <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug report</a> > against this package. > ]]></fix_description> > <problem_description><![CDATA[ > > SELinux denied access requested by Xorg. It is not > expected that this access is required by Xorg and this access > may signal an intrusion attempt. It is also possible that the specific > version or configuration of the application is causing it to require > additional access. > > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing Xorg (xdm_xserver_t) "unix_read unix_write" to <Unknown> (bootloader_t). > ]]></summary> > </solution> > <source>Xorg</source> > <spath>/usr/bin/Xorg</spath> > <src_rpm_list> > <rpm>xorg-x11-server-Xorg-1.4.99.901-5.20080310.fc9</rpm> > </src_rpm_list> > <tclass>shm</tclass> > <tcontext mls="s0" role="system_r" type="bootloader_t" user="user_u"/> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>10</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > <siginfo> > <analysis_id>allow_execheap</analysis_id> > <audit_event> > <event_id host="durthangnix" milli="14" seconds="1205392745" serial="208"/> > <records> > <audit_record record_type="AVC"> > <body_text>avc: denied { execheap } for pid=7378 comm="tomboy" scontext=user_u:system_r:bootloader_t:s0 tcontext=user_u:system_r:bootloader_t:s0 tclass=process</body_text> > <event_id host="durthangnix" milli="14" seconds="1205392745" serial="208"/> > </audit_record> > <audit_record record_type="SYSCALL"> > <body_text>arch=c000003e syscall=10 success=no exit=-13 a0=25c5000 a1=1000 a2=7 a3=3b8896c9f0 items=0 ppid=1 pid=7378 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=5 comm="tomboy" exe="/usr/bin/mono" subj=user_u:system_r:bootloader_t:s0 key=(null)</body_text> > <event_id host="durthangnix" milli="14" seconds="1205392745" serial="208"/> > </audit_record> > </records> > </audit_event> > <category>Memory</category> > <environment version="1.0"> > <enforce>Enforcing</enforce> > <hostname>durthangnix</hostname> > <kernel>2.6.25-0.105.rc5.fc9 x86_64</kernel> > <platform>Fedora release 8.90 (Rawhide)</platform> > <policy_rpm>selinux-policy-3.3.1-14.fc9</policy_rpm> > <policy_type>targeted</policy_type> > <policyvers>22</policyvers> > <selinux_enabled>True</selinux_enabled> > <selinux_mls_enabled>True</selinux_mls_enabled> > <uname>Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon Mar 10 20:59:23 EDT 2008 x86_64 x86_64</uname> > </environment> > <first_seen_date>2008-03-13T07:19:04Z</first_seen_date> > <host>durthangnix</host> > <last_seen_date>2008-03-13T07:19:05Z</last_seen_date> > <local_id>32193df8-367d-4801-bc34-04cb862fca00</local_id> > <report_count>2</report_count> > <scontext mls="s0" role="system_r" type="bootloader_t" user="user_u"/> > <sig version="3.0"> > <access> > <operation>execheap</operation> > </access> > <analysis_id>allow_execheap</analysis_id> > <host>durthangnix</host> > <scontext mls="s0" role="system_r" type="bootloader_t" user="user_u"/> > <tclass>process</tclass> > <tcontext mls="s0" role="system_r" type="bootloader_t" user="user_u"/> > </sig> > <solution version="1.0"> > <fix_cmd>setsebool -P allow_execheap=1</fix_cmd> > <fix_description><![CDATA[ > If you want tomboy to continue, you must turn on the > allow_execheap boolean. Note: This boolean will affect all applications > on the system. > ]]></fix_description> > <problem_description><![CDATA[ > The tomboy application attempted to change the access protection of memory on > the heap (e.g., allocated using malloc). This is a potential security > problem. Applications should not be doing this. Applications are > sometimes coded incorrectly and request this permission. The > <a href="http://people.redhat.com/drepper/selinux-mem.html">SELinux Memory Protection Tests</a> > web page explains how to remove this requirement. If tomboy does not work and > you need it to work, you can configure SELinux temporarily to allow > this access until the application is fixed. Please file a <a > href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug > report</a> against this package. > ]]></problem_description> > <summary><![CDATA[ > SELinux is preventing tomboy from changing the access > protection of memory on the heap. > ]]></summary> > </solution> > <source>mono</source> > <spath>/usr/bin/mono</spath> > <src_rpm_list> > <rpm>mono-core-1.9-2.fc9</rpm> > </src_rpm_list> > <tclass>process</tclass> > <tcontext mls="s0" role="system_r" type="bootloader_t" user="user_u"/> > <users> > <user delete_flag="False" seen_flag="True" username="lordmorgul"> > <filter> > <count>2</count> > <filter_type>0</filter_type> > </filter> > </user> > </users> > </siginfo> > </signature_list> > <users version="1.0"> > <user_list> > <user username="lordmorgul" version="1.0"> > <email_alert>False</email_alert> > </user> > </user_list> > </users> ></sigs>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=297902">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 436032
:
296822
|
296824
| 297902