Attachment 298216 Details for Bug 437707 – Export of the alert from the audit viewer

Export of the alert from the audit viewer

selinux_alert.txt (text/plain), 10.79 KB, created by Filip Miletic on 2008-03-16 20:28:22 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Filip Miletic

Created: 2008-03-16 20:28:22 UTC

Size: 10.79 KB

patch

obsolete

>
>Samenvatting:
>
>SELinux is preventing pop3 (dovecot_t) "write" to ./INBOX (home_root_t).
>
>Gedetailleerde omschrijving:
>
>SELinux denied access requested by pop3. It is not expected that this access is
>required by pop3 and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for ./INBOX,
>
>restorecon -v './INBOX'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additionele informatie:
>
>Source Context                system_u:system_r:dovecot_t:s0
>Target Context                system_u:object_r:home_root_t:s0
>Target Objects                ./INBOX [ dir ]
>Source                        pop3
>Source Path                   /usr/libexec/dovecot/pop3
>Port                          <Onbekend>
>Host                          cow.arcen.nl
>Source RPM Packages           dovecot-1.0.13-6.fc8
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.0.8-87.fc8
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall_file
>Hostnaam                      cow.arcen.nl
>Platform                      Linux cow.arcen.nl 2.6.24.3-12.fc8 #1 SMP Tue Feb
>                              26 14:58:29 EST 2008 i686 i686
>Alert Count                   2
>First Seen                    zo 16 mrt 2008 21:15:38 CET
>Last Seen                     zo 16 mrt 2008 21:16:42 CET
>Local ID                      b4f31d56-f2c2-4966-bf3a-85e3e0214a52
>Regelnummers                  
>
>Raw Audit Messages            
>
>host=cow.arcen.nl type=AVC msg=audit(1205698602.748:153): avc:  denied  { write } for  pid=12482 comm="pop3" name="INBOX" dev=sda3 ino=26447654 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
>
>host=cow.arcen.nl type=SYSCALL msg=audit(1205698602.748:153): arch=40000003 syscall=5 success=no exit=-13 a0=891d150 a1=80c2 a2=1b6 a3=80c2 items=0 ppid=8083 pid=12482 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pop3" exe="/usr/libexec/dovecot/pop3" subj=system_u:system_r:dovecot_t:s0 key=(null)
>
>
>
>
>Samenvatting:
>
>SELinux is preventing pop3 (dovecot_t) "write" to ./mail (home_root_t).
>
>Gedetailleerde omschrijving:
>
>SELinux denied access requested by pop3. It is not expected that this access is
>required by pop3 and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for ./mail,
>
>restorecon -v './mail'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additionele informatie:
>
>Source Context                system_u:system_r:dovecot_t:s0
>Target Context                system_u:object_r:home_root_t:s0
>Target Objects                ./mail [ dir ]
>Source                        pop3
>Source Path                   /usr/libexec/dovecot/pop3
>Port                          <Onbekend>
>Host                          cow.arcen.nl
>Source RPM Packages           dovecot-1.0.13-6.fc8
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.0.8-87.fc8
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall_file
>Hostnaam                      cow.arcen.nl
>Platform                      Linux cow.arcen.nl 2.6.24.3-12.fc8 #1 SMP Tue Feb
>                              26 14:58:29 EST 2008 i686 i686
>Alert Count                   3
>First Seen                    zo 16 mrt 2008 21:03:24 CET
>Last Seen                     zo 16 mrt 2008 21:09:38 CET
>Local ID                      bf8d6dad-0a53-41d5-9f18-e0f9ded201c9
>Regelnummers                  
>
>Raw Audit Messages            
>
>host=cow.arcen.nl type=AVC msg=audit(1205698178.686:122): avc:  denied  { write } for  pid=11536 comm="pop3" name="mail" dev=sda3 ino=26447652 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir
>
>host=cow.arcen.nl type=SYSCALL msg=audit(1205698178.686:122): arch=40000003 syscall=33 success=no exit=-13 a0=8f18050 a1=7 a2=8f18050 a3=bf8b5fb7 items=0 ppid=8083 pid=11536 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pop3" exe="/usr/libexec/dovecot/pop3" subj=system_u:system_r:dovecot_t:s0 key=(null)
>
>
>
>
>Samenvatting:
>
>SELinux is preventing pop3 (dovecot_t) "read write" to ./dovecot.index
>(home_root_t).
>
>Gedetailleerde omschrijving:
>
>SELinux denied access requested by pop3. It is not expected that this access is
>required by pop3 and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for ./dovecot.index,
>
>restorecon -v './dovecot.index'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additionele informatie:
>
>Source Context                system_u:system_r:dovecot_t:s0
>Target Context                system_u:object_r:home_root_t:s0
>Target Objects                ./dovecot.index [ file ]
>Source                        pop3
>Source Path                   /usr/libexec/dovecot/pop3
>Port                          <Onbekend>
>Host                          cow.arcen.nl
>Source RPM Packages           dovecot-1.0.13-6.fc8
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.0.8-87.fc8
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall_file
>Hostnaam                      cow.arcen.nl
>Platform                      Linux cow.arcen.nl 2.6.24.3-12.fc8 #1 SMP Tue Feb
>                              26 14:58:29 EST 2008 i686 i686
>Alert Count                   2
>First Seen                    zo 16 mrt 2008 21:03:24 CET
>Last Seen                     zo 16 mrt 2008 21:09:38 CET
>Local ID                      fc5fa429-3de1-493e-a424-f12a04dc5474
>Regelnummers                  
>
>Raw Audit Messages            
>
>host=cow.arcen.nl type=AVC msg=audit(1205698178.706:123): avc:  denied  { read write } for  pid=11536 comm="pop3" name="dovecot.index" dev=sda3 ino=26447656 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=file
>
>host=cow.arcen.nl type=SYSCALL msg=audit(1205698178.706:123): arch=40000003 syscall=5 success=no exit=-13 a0=8f22f20 a1=8002 a2=500ff4 a3=8002 items=0 ppid=8083 pid=11536 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pop3" exe="/usr/libexec/dovecot/pop3" subj=system_u:system_r:dovecot_t:s0 key=(null)
>
>
>
>
>Samenvatting:
>
>SELinux is preventing pop3 (dovecot_t) "read" to ./dovecot.index (home_root_t).
>
>Gedetailleerde omschrijving:
>
>SELinux denied access requested by pop3. It is not expected that this access is
>required by pop3 and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for ./dovecot.index,
>
>restorecon -v './dovecot.index'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additionele informatie:
>
>Source Context                system_u:system_r:dovecot_t:s0
>Target Context                system_u:object_r:home_root_t:s0
>Target Objects                ./dovecot.index [ file ]
>Source                        pop3
>Source Path                   /usr/libexec/dovecot/pop3
>Port                          <Onbekend>
>Host                          cow.arcen.nl
>Source RPM Packages           dovecot-1.0.13-6.fc8
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.0.8-87.fc8
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall_file
>Hostnaam                      cow.arcen.nl
>Platform                      Linux cow.arcen.nl 2.6.24.3-12.fc8 #1 SMP Tue Feb
>                              26 14:58:29 EST 2008 i686 i686
>Alert Count                   2
>First Seen                    zo 16 mrt 2008 21:03:24 CET
>Last Seen                     zo 16 mrt 2008 21:09:38 CET
>Local ID                      ffd6e3c4-95b0-4c3a-b657-d797889d5004
>Regelnummers                  
>
>Raw Audit Messages            
>
>host=cow.arcen.nl type=AVC msg=audit(1205698178.706:124): avc:  denied  { read } for  pid=11536 comm="pop3" name="dovecot.index" dev=sda3 ino=26447656 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=file
>
>host=cow.arcen.nl type=SYSCALL msg=audit(1205698178.706:124): arch=40000003 syscall=5 success=no exit=-13 a0=8f22f20 a1=8000 a2=0 a3=8000 items=0 ppid=8083 pid=11536 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="pop3" exe="/usr/libexec/dovecot/pop3" subj=system_u:system_r:dovecot_t:s0 key=(null)
>
>

Actions: View

Attachments on bug 437707: 298216