Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 298321 Details for
Bug 437902
setroubleshooter fires off notifications when Services Module
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
setroubleshoot browser log
selinux_alert-03-17a.txt (text/plain), 40.16 KB, created by
Robert Gray
on 2008-03-18 00:53:32 UTC
(
hide
)
Description:
setroubleshoot browser log
Filename:
MIME Type:
Creator:
Robert Gray
Created:
2008-03-18 00:53:32 UTC
Size:
40.16 KB
patch
obsolete
> >Summary: > >SELinux is preventing rsyslogd (syslogd_t) "read" to ./System.map-2.6.24-2.fc9 >(system_map_t). > >Detailed Description: > >SELinux denied access requested by rsyslogd. It is not expected that this access >is required by rsyslogd and this access may signal an intrusion attempt. It is >also possible that the specific version or configuration of the application is >causing it to require additional access. > >Allowing Access: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./System.map-2.6.24-2.fc9, > >restorecon -v './System.map-2.6.24-2.fc9' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:system_r:syslogd_t:s0 >Target Context system_u:object_r:system_map_t:s0 >Target Objects ./System.map-2.6.24-2.fc9 [ file ] >Source rsyslogd >Source Path /sbin/rsyslogd >Port <Unknown> >Host localhost.localdomain >Source RPM Packages rsyslog-3.12.1-1.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall_file >Host Name localhost.localdomain >Platform Linux localhost.localdomain 2.6.24-2.fc9 #1 SMP > Fri Jan 25 13:14:54 EST 2008 i686 athlon >Alert Count 1 >First Seen Fri 14 Mar 2008 01:06:38 AM PDT >Last Seen Fri 14 Mar 2008 01:06:38 AM PDT >Local ID eab9da9e-5d5c-4840-a9fc-c0ab7178e5d6 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205481998.388:127): avc: denied { read } for pid=12315 comm="rsyslogd" name="System.map-2.6.24-2.fc9" dev=sdb1 ino=12 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205481998.388:127): arch=40000003 syscall=5 success=no exit=-13 a0=2f67c0 a1=0 a2=1b6 a3=0 items=0 ppid=12314 pid=12315 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rsyslogd" exe="/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null) > > > > >Summary: > >SELinux is preventing rsyslogd (syslogd_t) "read" to >./System.map-2.6.25-0.113.rc5.git2.fc9 (system_map_t). > >Detailed Description: > >SELinux denied access requested by rsyslogd. It is not expected that this access >is required by rsyslogd and this access may signal an intrusion attempt. It is >also possible that the specific version or configuration of the application is >causing it to require additional access. > >Allowing Access: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./System.map-2.6.25-0.113.rc5.git2.fc9, > >restorecon -v './System.map-2.6.25-0.113.rc5.git2.fc9' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context unconfined_u:system_r:syslogd_t:s0 >Target Context system_u:object_r:system_map_t:s0 >Target Objects ./System.map-2.6.25-0.113.rc5.git2.fc9 [ file ] >Source rsyslogd >Source Path /sbin/rsyslogd >Port <Unknown> >Host localhost.localdomain >Source RPM Packages rsyslog-3.12.1-1.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall_file >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11 > 23:11:11 EDT 2008 i686 athlon >Alert Count 1 >First Seen Sat 15 Mar 2008 06:42:20 PM PDT >Last Seen Sat 15 Mar 2008 06:42:20 PM PDT >Local ID 22ba40b3-1154-44b7-9730-435361884b69 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205631740.202:20): avc: denied { read } for pid=7458 comm="rsyslogd" name="System.map-2.6.25-0.113.rc5.git2.fc9" dev=sdb1 ino=16 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205631740.202:20): arch=40000003 syscall=5 success=no exit=-13 a0=2f67c0 a1=0 a2=1b6 a3=0 items=0 ppid=7457 pid=7458 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="rsyslogd" exe="/sbin/rsyslogd" subj=unconfined_u:system_r:syslogd_t:s0 key=(null) > > > > >Summary: > >SELinux is preventing rsyslogd (syslogd_t) "read" to >./System.map-2.6.25-0.121.rc5.git4.fc9 (system_map_t). > >Detailed Description: > >SELinux denied access requested by rsyslogd. It is not expected that this access >is required by rsyslogd and this access may signal an intrusion attempt. It is >also possible that the specific version or configuration of the application is >causing it to require additional access. > >Allowing Access: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./System.map-2.6.25-0.121.rc5.git4.fc9, > >restorecon -v './System.map-2.6.25-0.121.rc5.git4.fc9' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:system_r:syslogd_t:s0 >Target Context system_u:object_r:system_map_t:s0 >Target Objects ./System.map-2.6.25-0.121.rc5.git4.fc9 [ file ] >Source rsyslogd >Source Path <Unknown> >Port <Unknown> >Host localhost.localdomain >Source RPM Packages >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall_file >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 1 >First Seen Sun 16 Mar 2008 12:39:36 PM PDT >Last Seen Sun 16 Mar 2008 12:39:36 PM PDT >Local ID 28a544f0-6c60-4f8c-9553-92c0c1f889be >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205696376.660:42): avc: denied { read } for pid=2036 comm="rsyslogd" name="System.map-2.6.25-0.121.rc5.git4.fc9" dev=sdb1 ino=6028 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file > > > > >Summary: > >SELinux is preventing access to files with the label, file_t. > >Detailed Description: > >SELinux permission checks on files labeled file_t are being denied. file_t is >the context the SELinux kernel gives to files that do not have a label. This >indicates a serious labeling problem. No files on an SELinux box should ever be >labeled file_t. If you have just added a new disk drive to the system you can >relabel it using the restorecon command. Otherwise you should relabel the entire >files system. > >Allowing Access: > >You can execute the following command as root to relabel your computer system: >"touch /.autorelabel; reboot" > >Additional Information: > >Source Context system_u:system_r:tmpreaper_t:s0 >Target Context system_u:object_r:file_t:s0 >Target Objects ./virtual-robertgray86.ely7qy [ dir ] >Source tmpwatch >Source Path /usr/sbin/tmpwatch >Port <Unknown> >Host localhost.localdomain >Source RPM Packages tmpwatch-2.9.13-2 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name file >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 3 >First Seen Sat 15 Mar 2008 08:08:25 PM PDT >Last Seen Mon 17 Mar 2008 03:22:52 AM PDT >Local ID 98ff2e35-3b49-4d3d-922a-6f666f4876ff >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205749372.793:52): avc: denied { read } for pid=4507 comm="tmpwatch" name="virtual-robertgray86.ely7qy" dev=dm-1 ino=526675 scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205749372.793:52): arch=40000003 syscall=5 success=no exit=-13 a0=804ac62 a1=98800 a2=0 a3=0 items=0 ppid=4505 pid=4507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null) > > > > >Summary: > >SELinux prevented mount.ntfs-3g from mounting on the file or directory "/" (type >"device_t"). > >Detailed Description: > >SELinux prevented mount.ntfs-3g from mounting a filesystem on the file or >directory "/" of type "device_t". By default SELinux limits the mounting of >filesystems to only some files or directories (those with types that have the >mountpoint attribute). The type "device_t" does not have this attribute. You can >either relabel the file or directory or set the boolean "allow_mount_anyfile" to >true to allow mounting on any file or directory. > >Allowing Access: > >Changing the "allow_mount_anyfile" boolean to true will allow this access: >"setsebool -P allow_mount_anyfile=1." > >Fix Command: > >setsebool -P allow_mount_anyfile=1 > >Additional Information: > >Source Context system_u:system_r:mount_t:s0 >Target Context system_u:object_r:device_t:s0 >Target Objects / [ dir ] >Source mount.ntfs-3g >Source Path /sbin/mount.ntfs-3g >Port <Unknown> >Host localhost.localdomain >Source RPM Packages ntfs-3g-1.2310-2.fc9 >Target RPM Packages filesystem-2.4.11-2.fc9 >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name allow_mount_anyfile >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 4 >First Seen Sat 15 Mar 2008 12:22:28 AM PDT >Last Seen Sun 16 Mar 2008 09:23:45 PM PDT >Local ID cce1f36b-a9d4-42dd-aa61-26cde059053f >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205727825.375:14): avc: denied { write } for pid=2943 comm="mount.ntfs-3g" name="/" dev=tmpfs ino=274 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205727825.375:14): arch=40000003 syscall=14 success=no exit=-13 a0=804e97f a1=21b6 a2=ae5 a3=12 items=0 ppid=2942 pid=2943 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mount.ntfs-3g" exe="/sbin/mount.ntfs-3g" subj=system_u:system_r:mount_t:s0 key=(null) > > > > >Summary: > >SELinux is preventing the grpconv from using potentially mislabeled files >(/home/robertgray86/.xsession-errors). > >Detailed Description: > >SELinux has denied grpconv access to potentially mislabeled file(s) >(/home/robertgray86/.xsession-errors). This means that SELinux will not allow >grpconv to use these files. It is common for users to edit files in their home >directory or tmp directories and then move (mv) them to system directories. The >problem is that the files end up with the wrong file context which confined >applications are not allowed to access. > >Allowing Access: > >If you want grpconv to access this files, you need to relabel them using >restorecon -v '/home/robertgray86/.xsession-errors'. You might want to relabel >the entire directory using restorecon -R -v '/home/robertgray86'. > >Additional Information: > >Source Context unconfined_u:unconfined_r:sysadm_passwd_t:s0-s0:c0 > .c1023 >Target Context system_u:object_r:user_home_t:s0 >Target Objects /home/robertgray86/.xsession-errors [ file ] >Source pwconv >Source Path /usr/sbin/pwconv >Port <Unknown> >Host localhost.localdomain >Source RPM Packages shadow-utils-4.1.0-5.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name home_tmp_bad_labels >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 2 >First Seen Mon 17 Mar 2008 02:56:53 AM PDT >Last Seen Mon 17 Mar 2008 02:56:53 AM PDT >Local ID 6f9bcd5c-c751-4cee-b2ea-780be016ae7c >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205747813.258:34): avc: denied { read append } for pid=3270 comm="grpconv" path="/home/robertgray86/.xsession-errors" dev=dm-1 ino=933901 scontext=unconfined_u:unconfined_r:sysadm_passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=file > >host=localhost.localdomain type=AVC msg=audit(1205747813.258:34): avc: denied { read append } for pid=3270 comm="grpconv" path="/home/robertgray86/.xsession-errors" dev=dm-1 ino=933901 scontext=unconfined_u:unconfined_r:sysadm_passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205747813.258:34): arch=40000003 syscall=11 success=yes exit=0 a0=9bf1ff0 a1=9bf2020 a2=9bf15e8 a3=0 items=0 ppid=3254 pid=3270 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="grpconv" exe="/usr/sbin/grpconv" subj=unconfined_u:unconfined_r:sysadm_passwd_t:s0-s0:c0.c1023 key=(null) > > > > >Summary: > >SELinux is preventing privoxy (privoxy_t) "write" to ./default.action (etc_t). > >Detailed Description: > >SELinux is preventing privoxy (privoxy_t) "write" to ./default.action (etc_t). >The SELinux type etc_t, is a generic type for all files in the directory and >very few processes (SELinux Domains) are allowed to write to this SELinux type. >This type of denial usual indicates a mislabeled file. By default a file created >in a directory has the gets the context of the parent directory, but SELinux >policy has rules about the creation of directories, that say if a process >running in one SELinux Domain (D1) creates a file in a directory with a >particular SELinux File Context (F1) the file gets a different File Context >(F2). The policy usually allows the SELinux Domain (D1) the ability to write, >unlink, and append on (F2). But if for some reason a file (./default.action) was >created with the wrong context, this domain will be denied. The usual solution >to this problem is to reset the file context on the target file, restorecon -v >'./default.action'. If the file context does not change from etc_t, then this is >probably a bug in policy. Please file a bug report >(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against the selinux-policy >package. If it does change, you can try your application again to see if it >works. The file context could have been mislabeled by editing the file or moving >the file from a different directory, if the file keeps getting mislabeled, check >the init scripts to see if they are doing something to mislabel the file. > >Allowing Access: > >You can attempt to fix file context by executing restorecon -v >'./default.action' > >Fix Command: > >restorecon './default.action' > >Additional Information: > >Source Context unconfined_u:system_r:privoxy_t:s0 >Target Context system_u:object_r:etc_t:s0 >Target Objects ./default.action [ file ] >Source privoxy >Source Path /usr/sbin/privoxy >Port <Unknown> >Host localhost.localdomain >Source RPM Packages privoxy-3.0.8-2.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name mislabeled_file >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 2 >First Seen Mon 17 Mar 2008 03:28:58 AM PDT >Last Seen Mon 17 Mar 2008 03:43:10 AM PDT >Local ID d44e2b26-2f4e-4f07-89de-a26c3bd950d7 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205750590.84:61): avc: denied { write } for pid=5052 comm="privoxy" name="default.action" dev=dm-1 ino=65603 scontext=unconfined_u:system_r:privoxy_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205750590.84:61): arch=40000003 syscall=33 success=no exit=-13 a0=91456c8 a1=2 a2=1 a3=0 items=0 ppid=1 pid=5052 auid=500 uid=73 gid=73 euid=73 suid=73 fsuid=73 egid=73 sgid=73 fsgid=73 tty=(none) ses=1 comm="privoxy" exe="/usr/sbin/privoxy" subj=unconfined_u:system_r:privoxy_t:s0 key=(null) > > > > >Summary: > >SELinux is preventing access to files with the label, file_t. > >Detailed Description: > >SELinux permission checks on files labeled file_t are being denied. file_t is >the context the SELinux kernel gives to files that do not have a label. This >indicates a serious labeling problem. No files on an SELinux box should ever be >labeled file_t. If you have just added a new disk drive to the system you can >relabel it using the restorecon command. Otherwise you should relabel the entire >files system. > >Allowing Access: > >You can execute the following command as root to relabel your computer system: >"touch /.autorelabel; reboot" > >Additional Information: > >Source Context system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 >Target Context system_u:object_r:file_t:s0 >Target Objects ./virtual-robertgray86.ely7qy [ dir ] >Source tmpwatch >Source Path /usr/sbin/tmpwatch >Port <Unknown> >Host localhost.localdomain >Source RPM Packages tmpwatch-2.9.13-2 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name file >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 1 >First Seen Mon 17 Mar 2008 04:10:43 AM PDT >Last Seen Mon 17 Mar 2008 04:10:43 AM PDT >Local ID dfad904e-eddd-4345-8fc8-15acc0633e25 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205752243.448:83): avc: denied { read } for pid=6274 comm="tmpwatch" name="virtual-robertgray86.ely7qy" dev=dm-1 ino=526675 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205752243.448:83): arch=40000003 syscall=5 success=no exit=-13 a0=804ac62 a1=98800 a2=0 a3=0 items=0 ppid=6273 pid=6274 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null) > > > > >Summary: > >SELinux is preventing gam_server (gamin_t) "sys_ptrace" to <Unknown> (gamin_t). > >Detailed Description: > >SELinux denied access requested by gam_server. It is not expected that this >access is required by gam_server and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Allowing Access: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:system_r:gamin_t:s0 >Target Context system_u:system_r:gamin_t:s0 >Target Objects None [ capability ] >Source gam_server >Source Path /usr/libexec/gam_server >Port <Unknown> >Host localhost.localdomain >Source RPM Packages gamin-0.1.9-5.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 576 >First Seen Mon 17 Mar 2008 09:04:22 AM PDT >Last Seen Mon 17 Mar 2008 09:07:24 AM PDT >Local ID f4b22ac2-8c7c-4030-8b5e-cc99af2e027d >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205770044.698:1667): avc: denied { sys_ptrace } for pid=2463 comm="gam_server" capability=19 scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:gamin_t:s0 tclass=capability > >host=localhost.localdomain type=SYSCALL msg=audit(1205770044.698:1667): arch=40000003 syscall=195 success=no exit=-13 a0=9d38600 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null) > > > > >Summary: > >SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (sshd_t). > >Detailed Description: > >SELinux denied access requested by gam_server. It is not expected that this >access is required by gam_server and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Allowing Access: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:system_r:gamin_t:s0 >Target Context system_u:system_r:sshd_t:s0-s0:c0.c1023 >Target Objects None [ process ] >Source gam_server >Source Path /usr/libexec/gam_server >Port <Unknown> >Host localhost.localdomain >Source RPM Packages gamin-0.1.9-5.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 192 >First Seen Mon 17 Mar 2008 09:04:22 AM PDT >Last Seen Mon 17 Mar 2008 09:07:24 AM PDT >Local ID 9576529b-643d-43d0-ab84-6bbb11c868f5 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205770044.125:1664): avc: denied { ptrace } for pid=2463 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1205770044.125:1664): arch=40000003 syscall=195 success=no exit=-13 a0=9d35550 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null) > > > > >Summary: > >SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (crond_t). > >Detailed Description: > >SELinux denied access requested by gam_server. It is not expected that this >access is required by gam_server and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Allowing Access: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:system_r:gamin_t:s0 >Target Context system_u:system_r:crond_t:s0-s0:c0.c1023 >Target Objects None [ process ] >Source gam_server >Source Path /usr/libexec/gam_server >Port <Unknown> >Host localhost.localdomain >Source RPM Packages gamin-0.1.9-5.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 192 >First Seen Mon 17 Mar 2008 09:04:23 AM PDT >Last Seen Mon 17 Mar 2008 09:07:23 AM PDT >Local ID 2cd420db-ac5b-4c46-9edb-9fa0008093e8 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205770043.516:1660): avc: denied { ptrace } for pid=2463 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1205770043.516:1660): arch=40000003 syscall=195 success=no exit=-13 a0=9d380a0 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null) > > > > >Summary: > >SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> >(restorecond_t). > >Detailed Description: > >SELinux denied access requested by gam_server. It is not expected that this >access is required by gam_server and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Allowing Access: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:system_r:gamin_t:s0 >Target Context system_u:system_r:restorecond_t:s0 >Target Objects None [ process ] >Source gam_server >Source Path /usr/libexec/gam_server >Port <Unknown> >Host localhost.localdomain >Source RPM Packages gamin-0.1.9-5.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 192 >First Seen Mon 17 Mar 2008 09:04:23 AM PDT >Last Seen Mon 17 Mar 2008 09:07:23 AM PDT >Local ID b702876d-5376-45f9-b02c-8e4ca178404e >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205770043.11:1657): avc: denied { ptrace } for pid=2463 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1205770043.11:1657): arch=40000003 syscall=195 success=no exit=-13 a0=9d32850 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null) > > > > >Summary: > >SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (auditd_t). > >Detailed Description: > >SELinux denied access requested by gam_server. It is not expected that this >access is required by gam_server and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Allowing Access: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:system_r:gamin_t:s0 >Target Context system_u:system_r:auditd_t:s0 >Target Objects None [ process ] >Source gam_server >Source Path /usr/libexec/gam_server >Port <Unknown> >Host localhost.localdomain >Source RPM Packages gamin-0.1.9-5.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 192 >First Seen Mon 17 Mar 2008 09:04:24 AM PDT >Last Seen Mon 17 Mar 2008 09:07:22 AM PDT >Local ID a52a0093-38fc-471a-b2b7-2390a08baf5c >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205770042.45:1651): avc: denied { ptrace } for pid=2463 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1205770042.45:1651): arch=40000003 syscall=195 success=no exit=-13 a0=9d3f8b8 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null) > > > > >Summary: > >SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (inetd_t). > >Detailed Description: > >SELinux denied access requested by gam_server. It is not expected that this >access is required by gam_server and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Allowing Access: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:system_r:gamin_t:s0 >Target Context system_u:system_r:inetd_t:s0-s0:c0.c1023 >Target Objects None [ process ] >Source gam_server >Source Path /usr/libexec/gam_server >Port <Unknown> >Host localhost.localdomain >Source RPM Packages gamin-0.1.9-5.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 192 >First Seen Mon 17 Mar 2008 09:04:25 AM PDT >Last Seen Mon 17 Mar 2008 09:07:20 AM PDT >Local ID 3041c69d-46e0-4034-9951-74082cdfdbec >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205770040.837:1645): avc: denied { ptrace } for pid=2463 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:inetd_t:s0-s0:c0.c1023 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1205770040.837:1645): arch=40000003 syscall=195 success=no exit=-13 a0=9d44198 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null) > > > > >Summary: > >SELinux is preventing the npviewer.bin from using potentially mislabeled files >(/tmp/tmp.xpi). > >Detailed Description: > >SELinux has denied npviewer.bin access to potentially mislabeled file(s) >(/tmp/tmp.xpi). This means that SELinux will not allow npviewer.bin to use these >files. It is common for users to edit files in their home directory or tmp >directories and then move (mv) them to system directories. The problem is that >the files end up with the wrong file context which confined applications are not >allowed to access. > >Allowing Access: > >If you want npviewer.bin to access this files, you need to relabel them using >restorecon -v '/tmp/tmp.xpi'. You might want to relabel the entire directory >using restorecon -R -v '/tmp'. > >Additional Information: > >Source Context unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Target Context unconfined_u:object_r:user_tmp_t:s0 >Target Objects /tmp/tmp.xpi [ file ] >Source npviewer.bin >Source Path /usr/lib/nspluginwrapper/npviewer.bin >Port <Unknown> >Host localhost.localdomain >Source RPM Packages nspluginwrapper-0.9.91.5-25.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-16.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name home_tmp_bad_labels >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 athlon >Alert Count 4 >First Seen Mon 17 Mar 2008 10:10:09 AM PDT >Last Seen Mon 17 Mar 2008 10:18:58 AM PDT >Local ID 0d6280e0-18ac-4187-b778-e1e94793402d >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1205774338.818:1681): avc: denied { write } for pid=15690 comm="npviewer.bin" path="/tmp/tmp.xpi" dev=dm-1 ino=524306 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205774338.818:1681): arch=40000003 syscall=11 success=yes exit=0 a0=98d49c8 a1=98d4ac8 a2=98d4d18 a3=0 items=0 ppid=12415 pid=15690 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 437902
: 298321