Attachment 298321 Details for Bug 437902 – setroubleshoot browser log

setroubleshoot browser log

selinux_alert-03-17a.txt (text/plain), 40.16 KB, created by Robert Gray on 2008-03-18 00:53:32 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Robert Gray

Created: 2008-03-18 00:53:32 UTC

Size: 40.16 KB

patch

obsolete

>
>Summary:
>
>SELinux is preventing rsyslogd (syslogd_t) "read" to ./System.map-2.6.24-2.fc9
>(system_map_t).
>
>Detailed Description:
>
>SELinux denied access requested by rsyslogd. It is not expected that this access
>is required by rsyslogd and this access may signal an intrusion attempt. It is
>also possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for ./System.map-2.6.24-2.fc9,
>
>restorecon -v './System.map-2.6.24-2.fc9'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:syslogd_t:s0
>Target Context                system_u:object_r:system_map_t:s0
>Target Objects                ./System.map-2.6.24-2.fc9 [ file ]
>Source                        rsyslogd
>Source Path                   /sbin/rsyslogd
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           rsyslog-3.12.1-1.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall_file
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain 2.6.24-2.fc9 #1 SMP
>                              Fri Jan 25 13:14:54 EST 2008 i686 athlon
>Alert Count                   1
>First Seen                    Fri 14 Mar 2008 01:06:38 AM PDT
>Last Seen                     Fri 14 Mar 2008 01:06:38 AM PDT
>Local ID                      eab9da9e-5d5c-4840-a9fc-c0ab7178e5d6
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205481998.388:127): avc:  denied  { read } for  pid=12315 comm="rsyslogd" name="System.map-2.6.24-2.fc9" dev=sdb1 ino=12 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205481998.388:127): arch=40000003 syscall=5 success=no exit=-13 a0=2f67c0 a1=0 a2=1b6 a3=0 items=0 ppid=12314 pid=12315 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rsyslogd" exe="/sbin/rsyslogd" subj=system_u:system_r:syslogd_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing rsyslogd (syslogd_t) "read" to
>./System.map-2.6.25-0.113.rc5.git2.fc9 (system_map_t).
>
>Detailed Description:
>
>SELinux denied access requested by rsyslogd. It is not expected that this access
>is required by rsyslogd and this access may signal an intrusion attempt. It is
>also possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for ./System.map-2.6.25-0.113.rc5.git2.fc9,
>
>restorecon -v './System.map-2.6.25-0.113.rc5.git2.fc9'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                unconfined_u:system_r:syslogd_t:s0
>Target Context                system_u:object_r:system_map_t:s0
>Target Objects                ./System.map-2.6.25-0.113.rc5.git2.fc9 [ file ]
>Source                        rsyslogd
>Source Path                   /sbin/rsyslogd
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           rsyslog-3.12.1-1.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall_file
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue Mar 11
>                              23:11:11 EDT 2008 i686 athlon
>Alert Count                   1
>First Seen                    Sat 15 Mar 2008 06:42:20 PM PDT
>Last Seen                     Sat 15 Mar 2008 06:42:20 PM PDT
>Local ID                      22ba40b3-1154-44b7-9730-435361884b69
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205631740.202:20): avc:  denied  { read } for  pid=7458 comm="rsyslogd" name="System.map-2.6.25-0.113.rc5.git2.fc9" dev=sdb1 ino=16 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205631740.202:20): arch=40000003 syscall=5 success=no exit=-13 a0=2f67c0 a1=0 a2=1b6 a3=0 items=0 ppid=7457 pid=7458 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="rsyslogd" exe="/sbin/rsyslogd" subj=unconfined_u:system_r:syslogd_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing rsyslogd (syslogd_t) "read" to
>./System.map-2.6.25-0.121.rc5.git4.fc9 (system_map_t).
>
>Detailed Description:
>
>SELinux denied access requested by rsyslogd. It is not expected that this access
>is required by rsyslogd and this access may signal an intrusion attempt. It is
>also possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for ./System.map-2.6.25-0.121.rc5.git4.fc9,
>
>restorecon -v './System.map-2.6.25-0.121.rc5.git4.fc9'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:syslogd_t:s0
>Target Context                system_u:object_r:system_map_t:s0
>Target Objects                ./System.map-2.6.25-0.121.rc5.git4.fc9 [ file ]
>Source                        rsyslogd
>Source Path                   <Unknown>
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall_file
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   1
>First Seen                    Sun 16 Mar 2008 12:39:36 PM PDT
>Last Seen                     Sun 16 Mar 2008 12:39:36 PM PDT
>Local ID                      28a544f0-6c60-4f8c-9553-92c0c1f889be
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205696376.660:42): avc:  denied  { read } for  pid=2036 comm="rsyslogd" name="System.map-2.6.25-0.121.rc5.git4.fc9" dev=sdb1 ino=6028 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:system_map_t:s0 tclass=file
>
>
>
>
>Summary:
>
>SELinux is preventing access to files with the label, file_t.
>
>Detailed Description:
>
>SELinux permission checks on files labeled file_t are being denied. file_t is
>the context the SELinux kernel gives to files that do not have a label. This
>indicates a serious labeling problem. No files on an SELinux box should ever be
>labeled file_t. If you have just added a new disk drive to the system you can
>relabel it using the restorecon command. Otherwise you should relabel the entire
>files system.
>
>Allowing Access:
>
>You can execute the following command as root to relabel your computer system:
>"touch /.autorelabel; reboot"
>
>Additional Information:
>
>Source Context                system_u:system_r:tmpreaper_t:s0
>Target Context                system_u:object_r:file_t:s0
>Target Objects                ./virtual-robertgray86.ely7qy [ dir ]
>Source                        tmpwatch
>Source Path                   /usr/sbin/tmpwatch
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           tmpwatch-2.9.13-2
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   file
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   3
>First Seen                    Sat 15 Mar 2008 08:08:25 PM PDT
>Last Seen                     Mon 17 Mar 2008 03:22:52 AM PDT
>Local ID                      98ff2e35-3b49-4d3d-922a-6f666f4876ff
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205749372.793:52): avc:  denied  { read } for  pid=4507 comm="tmpwatch" name="virtual-robertgray86.ely7qy" dev=dm-1 ino=526675 scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205749372.793:52): arch=40000003 syscall=5 success=no exit=-13 a0=804ac62 a1=98800 a2=0 a3=0 items=0 ppid=4505 pid=4507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux prevented mount.ntfs-3g from mounting on the file or directory "/" (type
>"device_t").
>
>Detailed Description:
>
>SELinux prevented mount.ntfs-3g from mounting a filesystem on the file or
>directory "/" of type "device_t". By default SELinux limits the mounting of
>filesystems to only some files or directories (those with types that have the
>mountpoint attribute). The type "device_t" does not have this attribute. You can
>either relabel the file or directory or set the boolean "allow_mount_anyfile" to
>true to allow mounting on any file or directory.
>
>Allowing Access:
>
>Changing the "allow_mount_anyfile" boolean to true will allow this access:
>"setsebool -P allow_mount_anyfile=1."
>
>Fix Command:
>
>setsebool -P allow_mount_anyfile=1
>
>Additional Information:
>
>Source Context                system_u:system_r:mount_t:s0
>Target Context                system_u:object_r:device_t:s0
>Target Objects                / [ dir ]
>Source                        mount.ntfs-3g
>Source Path                   /sbin/mount.ntfs-3g
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           ntfs-3g-1.2310-2.fc9
>Target RPM Packages           filesystem-2.4.11-2.fc9
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   allow_mount_anyfile
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   4
>First Seen                    Sat 15 Mar 2008 12:22:28 AM PDT
>Last Seen                     Sun 16 Mar 2008 09:23:45 PM PDT
>Local ID                      cce1f36b-a9d4-42dd-aa61-26cde059053f
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205727825.375:14): avc:  denied  { write } for  pid=2943 comm="mount.ntfs-3g" name="/" dev=tmpfs ino=274 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=dir
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205727825.375:14): arch=40000003 syscall=14 success=no exit=-13 a0=804e97f a1=21b6 a2=ae5 a3=12 items=0 ppid=2942 pid=2943 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mount.ntfs-3g" exe="/sbin/mount.ntfs-3g" subj=system_u:system_r:mount_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing the grpconv from using potentially mislabeled files
>(/home/robertgray86/.xsession-errors).
>
>Detailed Description:
>
>SELinux has denied grpconv access to potentially mislabeled file(s)
>(/home/robertgray86/.xsession-errors). This means that SELinux will not allow
>grpconv to use these files. It is common for users to edit files in their home
>directory or tmp directories and then move (mv) them to system directories. The
>problem is that the files end up with the wrong file context which confined
>applications are not allowed to access.
>
>Allowing Access:
>
>If you want grpconv to access this files, you need to relabel them using
>restorecon -v '/home/robertgray86/.xsession-errors'. You might want to relabel
>the entire directory using restorecon -R -v '/home/robertgray86'.
>
>Additional Information:
>
>Source Context                unconfined_u:unconfined_r:sysadm_passwd_t:s0-s0:c0
>                              .c1023
>Target Context                system_u:object_r:user_home_t:s0
>Target Objects                /home/robertgray86/.xsession-errors [ file ]
>Source                        pwconv
>Source Path                   /usr/sbin/pwconv
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           shadow-utils-4.1.0-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   home_tmp_bad_labels
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   2
>First Seen                    Mon 17 Mar 2008 02:56:53 AM PDT
>Last Seen                     Mon 17 Mar 2008 02:56:53 AM PDT
>Local ID                      6f9bcd5c-c751-4cee-b2ea-780be016ae7c
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205747813.258:34): avc:  denied  { read append } for  pid=3270 comm="grpconv" path="/home/robertgray86/.xsession-errors" dev=dm-1 ino=933901 scontext=unconfined_u:unconfined_r:sysadm_passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=file
>
>host=localhost.localdomain type=AVC msg=audit(1205747813.258:34): avc:  denied  { read append } for  pid=3270 comm="grpconv" path="/home/robertgray86/.xsession-errors" dev=dm-1 ino=933901 scontext=unconfined_u:unconfined_r:sysadm_passwd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_t:s0 tclass=file
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205747813.258:34): arch=40000003 syscall=11 success=yes exit=0 a0=9bf1ff0 a1=9bf2020 a2=9bf15e8 a3=0 items=0 ppid=3254 pid=3270 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="grpconv" exe="/usr/sbin/grpconv" subj=unconfined_u:unconfined_r:sysadm_passwd_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing privoxy (privoxy_t) "write" to ./default.action (etc_t).
>
>Detailed Description:
>
>SELinux is preventing privoxy (privoxy_t) "write" to ./default.action (etc_t).
>The SELinux type etc_t, is a generic type for all files in the directory and
>very few processes (SELinux Domains) are allowed to write to this SELinux type.
>This type of denial usual indicates a mislabeled file. By default a file created
>in a directory has the gets the context of the parent directory, but SELinux
>policy has rules about the creation of directories, that say if a process
>running in one SELinux Domain (D1) creates a file in a directory with a
>particular SELinux File Context (F1) the file gets a different File Context
>(F2). The policy usually allows the SELinux Domain (D1) the ability to write,
>unlink, and append on (F2). But if for some reason a file (./default.action) was
>created with the wrong context, this domain will be denied. The usual solution
>to this problem is to reset the file context on the target file, restorecon -v
>'./default.action'. If the file context does not change from etc_t, then this is
>probably a bug in policy. Please file a bug report
>(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against the selinux-policy
>package. If it does change, you can try your application again to see if it
>works. The file context could have been mislabeled by editing the file or moving
>the file from a different directory, if the file keeps getting mislabeled, check
>the init scripts to see if they are doing something to mislabel the file.
>
>Allowing Access:
>
>You can attempt to fix file context by executing restorecon -v
>'./default.action'
>
>Fix Command:
>
>restorecon './default.action'
>
>Additional Information:
>
>Source Context                unconfined_u:system_r:privoxy_t:s0
>Target Context                system_u:object_r:etc_t:s0
>Target Objects                ./default.action [ file ]
>Source                        privoxy
>Source Path                   /usr/sbin/privoxy
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           privoxy-3.0.8-2.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   mislabeled_file
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   2
>First Seen                    Mon 17 Mar 2008 03:28:58 AM PDT
>Last Seen                     Mon 17 Mar 2008 03:43:10 AM PDT
>Local ID                      d44e2b26-2f4e-4f07-89de-a26c3bd950d7
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205750590.84:61): avc:  denied  { write } for  pid=5052 comm="privoxy" name="default.action" dev=dm-1 ino=65603 scontext=unconfined_u:system_r:privoxy_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=file
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205750590.84:61): arch=40000003 syscall=33 success=no exit=-13 a0=91456c8 a1=2 a2=1 a3=0 items=0 ppid=1 pid=5052 auid=500 uid=73 gid=73 euid=73 suid=73 fsuid=73 egid=73 sgid=73 fsgid=73 tty=(none) ses=1 comm="privoxy" exe="/usr/sbin/privoxy" subj=unconfined_u:system_r:privoxy_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing access to files with the label, file_t.
>
>Detailed Description:
>
>SELinux permission checks on files labeled file_t are being denied. file_t is
>the context the SELinux kernel gives to files that do not have a label. This
>indicates a serious labeling problem. No files on an SELinux box should ever be
>labeled file_t. If you have just added a new disk drive to the system you can
>relabel it using the restorecon command. Otherwise you should relabel the entire
>files system.
>
>Allowing Access:
>
>You can execute the following command as root to relabel your computer system:
>"touch /.autorelabel; reboot"
>
>Additional Information:
>
>Source Context                system_u:system_r:tmpreaper_t:s0-s0:c0.c1023
>Target Context                system_u:object_r:file_t:s0
>Target Objects                ./virtual-robertgray86.ely7qy [ dir ]
>Source                        tmpwatch
>Source Path                   /usr/sbin/tmpwatch
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           tmpwatch-2.9.13-2
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   file
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   1
>First Seen                    Mon 17 Mar 2008 04:10:43 AM PDT
>Last Seen                     Mon 17 Mar 2008 04:10:43 AM PDT
>Local ID                      dfad904e-eddd-4345-8fc8-15acc0633e25
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205752243.448:83): avc:  denied  { read } for  pid=6274 comm="tmpwatch" name="virtual-robertgray86.ely7qy" dev=dm-1 ino=526675 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=dir
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205752243.448:83): arch=40000003 syscall=5 success=no exit=-13 a0=804ac62 a1=98800 a2=0 a3=0 items=0 ppid=6273 pid=6274 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "sys_ptrace" to <Unknown> (gamin_t).
>
>Detailed Description:
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:gamin_t:s0
>Target Objects                None [ capability ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   576
>First Seen                    Mon 17 Mar 2008 09:04:22 AM PDT
>Last Seen                     Mon 17 Mar 2008 09:07:24 AM PDT
>Local ID                      f4b22ac2-8c7c-4030-8b5e-cc99af2e027d
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205770044.698:1667): avc:  denied  { sys_ptrace } for  pid=2463 comm="gam_server" capability=19 scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:gamin_t:s0 tclass=capability
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205770044.698:1667): arch=40000003 syscall=195 success=no exit=-13 a0=9d38600 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (sshd_t).
>
>Detailed Description:
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:sshd_t:s0-s0:c0.c1023
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   192
>First Seen                    Mon 17 Mar 2008 09:04:22 AM PDT
>Last Seen                     Mon 17 Mar 2008 09:07:24 AM PDT
>Local ID                      9576529b-643d-43d0-ab84-6bbb11c868f5
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205770044.125:1664): avc:  denied  { ptrace } for  pid=2463 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205770044.125:1664): arch=40000003 syscall=195 success=no exit=-13 a0=9d35550 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (crond_t).
>
>Detailed Description:
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:crond_t:s0-s0:c0.c1023
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   192
>First Seen                    Mon 17 Mar 2008 09:04:23 AM PDT
>Last Seen                     Mon 17 Mar 2008 09:07:23 AM PDT
>Local ID                      2cd420db-ac5b-4c46-9edb-9fa0008093e8
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205770043.516:1660): avc:  denied  { ptrace } for  pid=2463 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205770043.516:1660): arch=40000003 syscall=195 success=no exit=-13 a0=9d380a0 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown>
>(restorecond_t).
>
>Detailed Description:
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:restorecond_t:s0
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   192
>First Seen                    Mon 17 Mar 2008 09:04:23 AM PDT
>Last Seen                     Mon 17 Mar 2008 09:07:23 AM PDT
>Local ID                      b702876d-5376-45f9-b02c-8e4ca178404e
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205770043.11:1657): avc:  denied  { ptrace } for  pid=2463 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:restorecond_t:s0 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205770043.11:1657): arch=40000003 syscall=195 success=no exit=-13 a0=9d32850 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (auditd_t).
>
>Detailed Description:
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:auditd_t:s0
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   192
>First Seen                    Mon 17 Mar 2008 09:04:24 AM PDT
>Last Seen                     Mon 17 Mar 2008 09:07:22 AM PDT
>Local ID                      a52a0093-38fc-471a-b2b7-2390a08baf5c
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205770042.45:1651): avc:  denied  { ptrace } for  pid=2463 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205770042.45:1651): arch=40000003 syscall=195 success=no exit=-13 a0=9d3f8b8 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing gam_server (gamin_t) "ptrace" to <Unknown> (inetd_t).
>
>Detailed Description:
>
>SELinux denied access requested by gam_server. It is not expected that this
>access is required by gam_server and this access may signal an intrusion
>attempt. It is also possible that the specific version or configuration of the
>application is causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:gamin_t:s0
>Target Context                system_u:system_r:inetd_t:s0-s0:c0.c1023
>Target Objects                None [ process ]
>Source                        gam_server
>Source Path                   /usr/libexec/gam_server
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           gamin-0.1.9-5.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   192
>First Seen                    Mon 17 Mar 2008 09:04:25 AM PDT
>Last Seen                     Mon 17 Mar 2008 09:07:20 AM PDT
>Local ID                      3041c69d-46e0-4034-9951-74082cdfdbec
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205770040.837:1645): avc:  denied  { ptrace } for  pid=2463 comm="gam_server" scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:inetd_t:s0-s0:c0.c1023 tclass=process
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205770040.837:1645): arch=40000003 syscall=195 success=no exit=-13 a0=9d44198 a1=bf8af170 a2=5dc0ff4 a3=bf8af30c items=0 ppid=1 pid=2463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing the npviewer.bin from using potentially mislabeled files
>(/tmp/tmp.xpi).
>
>Detailed Description:
>
>SELinux has denied npviewer.bin access to potentially mislabeled file(s)
>(/tmp/tmp.xpi). This means that SELinux will not allow npviewer.bin to use these
>files. It is common for users to edit files in their home directory or tmp
>directories and then move (mv) them to system directories. The problem is that
>the files end up with the wrong file context which confined applications are not
>allowed to access.
>
>Allowing Access:
>
>If you want npviewer.bin to access this files, you need to relabel them using
>restorecon -v '/tmp/tmp.xpi'. You might want to relabel the entire directory
>using restorecon -R -v '/tmp'.
>
>Additional Information:
>
>Source Context                unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102
>                              3
>Target Context                unconfined_u:object_r:user_tmp_t:s0
>Target Objects                /tmp/tmp.xpi [ file ]
>Source                        npviewer.bin
>Source Path                   /usr/lib/nspluginwrapper/npviewer.bin
>Port                          <Unknown>
>Host                          localhost.localdomain
>Source RPM Packages           nspluginwrapper-0.9.91.5-25.fc9
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.3.1-16.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   home_tmp_bad_labels
>Host Name                     localhost.localdomain
>Platform                      Linux localhost.localdomain
>                              2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14
>                              23:14:20 EDT 2008 i686 athlon
>Alert Count                   4
>First Seen                    Mon 17 Mar 2008 10:10:09 AM PDT
>Last Seen                     Mon 17 Mar 2008 10:18:58 AM PDT
>Local ID                      0d6280e0-18ac-4187-b778-e1e94793402d
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=localhost.localdomain type=AVC msg=audit(1205774338.818:1681): avc:  denied  { write } for  pid=15690 comm="npviewer.bin" path="/tmp/tmp.xpi" dev=dm-1 ino=524306 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
>
>host=localhost.localdomain type=SYSCALL msg=audit(1205774338.818:1681): arch=40000003 syscall=11 success=yes exit=0 a0=98d49c8 a1=98d4ac8 a2=98d4d18 a3=0 items=0 ppid=12415 pid=15690 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null)
>
>

Actions: View

Attachments on bug 437902: 298321