Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 298634 Details for
Bug 438285
Lots of AVC denials during basic use of system (as root)
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
setroubleshoot browser messages dump - appx 25 total
setroubleshoot-dump (text/plain), 66.79 KB, created by
Frank Thingholm
on 2008-03-20 05:28:59 UTC
(
hide
)
Description:
setroubleshoot browser messages dump - appx 25 total
Filename:
MIME Type:
Creator:
Frank Thingholm
Created:
2008-03-20 05:28:59 UTC
Size:
66.79 KB
patch
obsolete
> >Oversigt: > >SELinux is preventing npviewer.bin (nsplugin_t) "setuid" to <Ukendt> >(nsplugin_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by npviewer.bin. It is not expected that this >access is required by npviewer.bin and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Tillader adgang: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målkontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målobjekt None [ capability ] >Source npviewer.bin >Source Path /usr/lib/nspluginwrapper/npviewer.bin >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages nspluginwrapper-0.9.91.5-25.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 1488 >First Seen ons 19 mar 2008 14:13:34 CET >Last Seen tor 20 mar 2008 06:05:26 CET >Local ID a3cf3778-1808-415c-a94c-b238e6853083 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205989526.174:3842): avc: denied { setuid } for pid=3218 comm="npviewer.bin" capability=7 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability > >host=localhost.localdomain type=SYSCALL msg=audit(1205989526.174:3842): arch=40000003 syscall=208 success=yes exit=0 a0=ffffffff a1=0 a2=ffffffff a3=bffab75c items=0 ppid=21012 pid=3218 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing npviewer.bin (nsplugin_t) "setgid" to <Ukendt> >(nsplugin_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by npviewer.bin. It is not expected that this >access is required by npviewer.bin and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Tillader adgang: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målkontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målobjekt None [ capability ] >Source npviewer.bin >Source Path /usr/lib/nspluginwrapper/npviewer.bin >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages nspluginwrapper-0.9.91.5-25.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 1488 >First Seen ons 19 mar 2008 14:13:34 CET >Last Seen tor 20 mar 2008 06:05:26 CET >Local ID 566ec856-5d07-4f13-973d-038699a3e6dd >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205989526.176:3843): avc: denied { setgid } for pid=3218 comm="npviewer.bin" capability=6 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=capability > >host=localhost.localdomain type=SYSCALL msg=audit(1205989526.176:3843): arch=40000003 syscall=210 success=yes exit=0 a0=ffffffff a1=0 a2=ffffffff a3=bffab75c items=0 ppid=21012 pid=3218 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing the npviewer.bin from using potentially mislabeled files >(./orbit-root). > >Detaljeret beskrivelse: > >SELinux has denied npviewer.bin access to potentially mislabeled file(s) >(./orbit-root). This means that SELinux will not allow npviewer.bin to use these >files. It is common for users to edit files in their home directory or tmp >directories and then move (mv) them to system directories. The problem is that >the files end up with the wrong file context which confined applications are not >allowed to access. > >Tillader adgang: > >If you want npviewer.bin to access this files, you need to relabel them using >restorecon -v './orbit-root'. You might want to relabel the entire directory >using restorecon -R -v './orbit-root'. > >Yderligere information: > >Kildekontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målkontekst system_u:object_r:tmp_t:s0 >Målobjekt ./orbit-root [ dir ] >Source npviewer.bin >Source Path /usr/lib/nspluginwrapper/npviewer.bin >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages nspluginwrapper-0.9.91.5-25.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn home_tmp_bad_labels >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 124 >First Seen ons 19 mar 2008 14:13:34 CET >Last Seen tor 20 mar 2008 06:05:25 CET >Local ID dae0c261-33dc-4410-a278-e5f31676f649 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205989525.950:3821): avc: denied { setattr } for pid=3218 comm="npviewer.bin" name="orbit-root" dev=dm-1 ino=360451 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmp_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205989525.950:3821): arch=40000003 syscall=30 success=no exit=-13 a0=9abb7b0 a1=bffaaaa4 a2=443ae8c a3=0 items=0 ppid=21012 pid=3218 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing the npviewer.bin from using potentially mislabeled files >(./.gstreamer-0.10). > >Detaljeret beskrivelse: > >SELinux has denied npviewer.bin access to potentially mislabeled file(s) >(./.gstreamer-0.10). This means that SELinux will not allow npviewer.bin to use >these files. It is common for users to edit files in their home directory or tmp >directories and then move (mv) them to system directories. The problem is that >the files end up with the wrong file context which confined applications are not >allowed to access. > >Tillader adgang: > >If you want npviewer.bin to access this files, you need to relabel them using >restorecon -v './.gstreamer-0.10'. You might want to relabel the entire >directory using restorecon -R -v './.gstreamer-0.10'. > >Yderligere information: > >Kildekontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målkontekst unconfined_u:object_r:admin_home_t:s0 >Målobjekt ./.gstreamer-0.10 [ dir ] >Source npviewer.bin >Source Path /usr/lib/nspluginwrapper/npviewer.bin >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages nspluginwrapper-0.9.91.5-25.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn home_tmp_bad_labels >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 124 >First Seen ons 19 mar 2008 14:13:35 CET >Last Seen tor 20 mar 2008 06:05:24 CET >Local ID 19e8c508-9ac1-4211-a8f0-acc2626192a8 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205989524.763:3817): avc: denied { write } for pid=3221 comm="npviewer.bin" name=".gstreamer-0.10" dev=dm-1 ino=614442 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205989524.763:3817): arch=40000003 syscall=5 success=no exit=-13 a0=99ed620 a1=80c2 a2=180 a3=80c2 items=0 ppid=3218 pid=3221 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing npviewer.bin (nsplugin_t) "connectto" to >002F746D702F646275732D4E59436C704C374A6873 (unconfined_dbusd_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by npviewer.bin. It is not expected that this >access is required by npviewer.bin and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Tillader adgang: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målkontekst unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0 > :c0.c1023 >Målobjekt 002F746D702F646275732D4E59436C704C374A6873 [ > unix_stream_socket ] >Source npviewer.bin >Source Path /usr/lib/nspluginwrapper/npviewer.bin >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages nspluginwrapper-0.9.91.5-25.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 124 >First Seen ons 19 mar 2008 14:13:33 CET >Last Seen tor 20 mar 2008 06:05:24 CET >Local ID 136f587a-9f3d-4aa5-8312-e691f5f68492 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205989524.963:3818): avc: denied { connectto } for pid=3218 comm="npviewer.bin" path=002F746D702F646275732D4E59436C704C374A6873 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket > >host=localhost.localdomain type=SYSCALL msg=audit(1205989524.963:3818): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bffab1b0 a2=f7eff4 a3=15 items=0 ppid=21012 pid=3218 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing the npviewer.bin from using potentially mislabeled files >(./registry.i386.xml). > >Detaljeret beskrivelse: > >SELinux has denied npviewer.bin access to potentially mislabeled file(s) >(./registry.i386.xml). This means that SELinux will not allow npviewer.bin to >use these files. It is common for users to edit files in their home directory or >tmp directories and then move (mv) them to system directories. The problem is >that the files end up with the wrong file context which confined applications >are not allowed to access. > >Tillader adgang: > >If you want npviewer.bin to access this files, you need to relabel them using >restorecon -v './registry.i386.xml'. You might want to relabel the entire >directory using restorecon -R -v '.'. > >Yderligere information: > >Kildekontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målkontekst unconfined_u:object_r:admin_home_t:s0 >Målobjekt ./registry.i386.xml [ file ] >Source npviewer.bin >Source Path /usr/lib/nspluginwrapper/npviewer.bin >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages nspluginwrapper-0.9.91.5-25.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn home_tmp_bad_labels >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 123 >First Seen ons 19 mar 2008 14:13:33 CET >Last Seen tor 20 mar 2008 06:05:23 CET >Local ID bf5a6809-eaf5-470e-8d4e-41bda8b17f2b >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205989523.41:3789): avc: denied { read } for pid=3218 comm="npviewer.bin" name="registry.i386.xml" dev=dm-1 ino=614443 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205989523.41:3789): arch=40000003 syscall=5 success=no exit=-13 a0=99e29e0 a1=8000 a2=1b6 a3=0 items=0 ppid=21012 pid=3218 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing the npviewer.bin from using potentially mislabeled files >(/root/.mozilla/firefox/67lwsjsm.default/.parentlock). > >Detaljeret beskrivelse: > >SELinux has denied npviewer.bin access to potentially mislabeled file(s) >(/root/.mozilla/firefox/67lwsjsm.default/.parentlock). This means that SELinux >will not allow npviewer.bin to use these files. It is common for users to edit >files in their home directory or tmp directories and then move (mv) them to >system directories. The problem is that the files end up with the wrong file >context which confined applications are not allowed to access. > >Tillader adgang: > >If you want npviewer.bin to access this files, you need to relabel them using >restorecon -v '/root/.mozilla/firefox/67lwsjsm.default/.parentlock'. You might >want to relabel the entire directory using restorecon -R -v >'/root/.mozilla/firefox/67lwsjsm.default'. > >Yderligere information: > >Kildekontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målkontekst unconfined_u:object_r:admin_home_t:s0 >Målobjekt /root/.mozilla/firefox/67lwsjsm.default/.parentloc > k [ file ] >Source npviewer.bin >Source Path /usr/lib/nspluginwrapper/npviewer.bin >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages nspluginwrapper-0.9.91.5-25.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn home_tmp_bad_labels >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 119 >First Seen ons 19 mar 2008 14:05:15 CET >Last Seen tor 20 mar 2008 06:05:22 CET >Local ID 658e929b-c5d6-48ff-8fb1-2d4464ce1baf >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205989522.533:3787): avc: denied { write } for pid=3218 comm="npviewer.bin" path="/root/.mozilla/firefox/67lwsjsm.default/.parentlock" dev=dm-1 ino=614536 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file > >host=localhost.localdomain type=AVC msg=audit(1205989522.533:3787): avc: denied { read write } for pid=3218 comm="npviewer.bin" path="/root/.mozilla/firefox/67lwsjsm.default/Cache/_CACHE_MAP_" dev=dm-1 ino=614560 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file > >host=localhost.localdomain type=AVC msg=audit(1205989522.533:3787): avc: denied { read write } for pid=3218 comm="npviewer.bin" path="/root/.mozilla/firefox/67lwsjsm.default/Cache/_CACHE_001_" dev=dm-1 ino=614561 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file > >host=localhost.localdomain type=AVC msg=audit(1205989522.533:3787): avc: denied { read write } for pid=3218 comm="npviewer.bin" path="/root/.mozilla/firefox/67lwsjsm.default/Cache/_CACHE_002_" dev=dm-1 ino=614562 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file > >host=localhost.localdomain type=AVC msg=audit(1205989522.533:3787): avc: denied { read write } for pid=3218 comm="npviewer.bin" path="/root/.mozilla/firefox/67lwsjsm.default/Cache/_CACHE_003_" dev=dm-1 ino=614563 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file > >host=localhost.localdomain type=AVC msg=audit(1205989522.533:3787): avc: denied { read } for pid=3218 comm="npviewer.bin" path="/root/.mozilla/firefox/67lwsjsm.default/XUL.mfasl" dev=dm-1 ino=614555 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205989522.533:3787): arch=40000003 syscall=11 success=yes exit=0 a0=852a810 a1=852a720 a2=852a970 a3=0 items=0 ppid=21012 pid=3218 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing the loadkeys from using potentially mislabeled files >(./root). > >Detaljeret beskrivelse: > >SELinux has denied loadkeys access to potentially mislabeled file(s) (./root). >This means that SELinux will not allow loadkeys to use these files. It is common >for users to edit files in their home directory or tmp directories and then move >(mv) them to system directories. The problem is that the files end up with the >wrong file context which confined applications are not allowed to access. > >Tillader adgang: > >If you want loadkeys to access this files, you need to relabel them using >restorecon -v './root'. You might want to relabel the entire directory using >restorecon -R -v './root'. > >Yderligere information: > >Kildekontekst unconfined_u:unconfined_r:loadkeys_t:s0-s0:c0.c102 > 3 >Målkontekst system_u:object_r:admin_home_t:s0 >Målobjekt ./root [ dir ] >Source loadkeys >Source Path /bin/loadkeys >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages kbd-1.12-31.fc9 >Target RPM Packages filesystem-2.4.11-2.fc9 >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn home_tmp_bad_labels >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 30 >First Seen ons 19 mar 2008 18:38:47 CET >Last Seen tor 20 mar 2008 05:03:24 CET >Local ID ace90f88-d6a8-4607-a4a9-6022d9a62032 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205985804.38:3371): avc: denied { read } for pid=2183 comm="loadkeys" name="root" dev=dm-1 ino=614401 scontext=unconfined_u:unconfined_r:loadkeys_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205985804.38:3371): arch=40000003 syscall=5 success=no exit=-13 a0=8055aa7 a1=98800 a2=805ea80 a3=0 items=0 ppid=2171 pid=2183 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="loadkeys" exe="/bin/loadkeys" subj=unconfined_u:unconfined_r:loadkeys_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing tmpwatch (tmpreaper_t) "setattr" to ./tex (var_lib_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by tmpwatch. It is not expected that this access >is required by tmpwatch and this access may signal an intrusion attempt. It is >also possible that the specific version or configuration of the application is >causing it to require additional access. > >Tillader adgang: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./tex, > >restorecon -v './tex' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 >Målkontekst system_u:object_r:var_lib_t:s0 >Målobjekt ./tex [ dir ] >Source tmpwatch >Source Path /usr/sbin/tmpwatch >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages tmpwatch-2.9.13-2 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall_file >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 1 >First Seen tor 20 mar 2008 04:19:37 CET >Last Seen tor 20 mar 2008 04:19:37 CET >Local ID 8fa1dbc7-e9dd-422a-859e-5636e714f8d4 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205983177.378:3336): avc: denied { setattr } for pid=1416 comm="tmpwatch" name="tex" dev=dm-1 ino=57999 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205983177.378:3336): arch=40000003 syscall=30 success=no exit=-13 a0=804ac62 a1=bfd65644 a2=0 a3=8f924c8 items=0 ppid=1414 pid=1416 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=17 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing tmpwatch (tmpreaper_t) "setattr" to ./dvips (var_lib_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by tmpwatch. It is not expected that this access >is required by tmpwatch and this access may signal an intrusion attempt. It is >also possible that the specific version or configuration of the application is >causing it to require additional access. > >Tillader adgang: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./dvips, > >restorecon -v './dvips' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 >Målkontekst system_u:object_r:var_lib_t:s0 >Målobjekt ./dvips [ dir ] >Source tmpwatch >Source Path /usr/sbin/tmpwatch >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages tmpwatch-2.9.13-2 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall_file >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 0 >First Seen tor 20 mar 2008 04:19:37 CET >Last Seen tor 20 mar 2008 04:19:37 CET >Local ID 240eb112-6a82-467b-b00a-f4c30333f523 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205983177.433:3337): avc: denied { setattr } for pid=1416 comm="tmpwatch" name="dvips" dev=dm-1 ino=57997 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205983177.433:3337): arch=40000003 syscall=30 success=no exit=-13 a0=804ac62 a1=bfd653e4 a2=0 a3=8f94508 items=0 ppid=1414 pid=1416 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=17 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing tmpwatch (tmpreaper_t) "setattr" to ./pdftex (var_lib_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by tmpwatch. It is not expected that this access >is required by tmpwatch and this access may signal an intrusion attempt. It is >also possible that the specific version or configuration of the application is >causing it to require additional access. > >Tillader adgang: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./pdftex, > >restorecon -v './pdftex' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 >Målkontekst system_u:object_r:var_lib_t:s0 >Målobjekt ./pdftex [ dir ] >Source tmpwatch >Source Path /usr/sbin/tmpwatch >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages tmpwatch-2.9.13-2 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall_file >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 0 >First Seen tor 20 mar 2008 04:19:37 CET >Last Seen tor 20 mar 2008 04:19:37 CET >Local ID 8d77104e-ca2e-4bbf-96ac-4979563e8ad3 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205983177.481:3338): avc: denied { setattr } for pid=1416 comm="tmpwatch" name="pdftex" dev=dm-1 ino=57998 scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205983177.481:3338): arch=40000003 syscall=30 success=no exit=-13 a0=804ac62 a1=bfd653e4 a2=0 a3=8f94508 items=0 ppid=1414 pid=1416 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=17 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing the npviewer.bin from using potentially mislabeled files >(./.pulse-cookie). > >Detaljeret beskrivelse: > >SELinux has denied npviewer.bin access to potentially mislabeled file(s) >(./.pulse-cookie). This means that SELinux will not allow npviewer.bin to use >these files. It is common for users to edit files in their home directory or tmp >directories and then move (mv) them to system directories. The problem is that >the files end up with the wrong file context which confined applications are not >allowed to access. > >Tillader adgang: > >If you want npviewer.bin to access this files, you need to relabel them using >restorecon -v './.pulse-cookie'. You might want to relabel the entire directory >using restorecon -R -v '.'. > >Yderligere information: > >Kildekontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målkontekst unconfined_u:object_r:admin_home_t:s0 >Målobjekt ./.pulse-cookie [ file ] >Source npviewer.bin >Source Path /usr/lib/nspluginwrapper/npviewer.bin >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages nspluginwrapper-0.9.91.5-25.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn home_tmp_bad_labels >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 12 >First Seen ons 19 mar 2008 17:32:44 CET >Last Seen ons 19 mar 2008 18:01:48 CET >Local ID 9bd53bbf-9fe0-4f6b-9a4c-554b22edba8a >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205946108.526:2555): avc: denied { read write } for pid=20866 comm="npviewer.bin" name=".pulse-cookie" dev=dm-1 ino=614435 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205946108.526:2555): arch=40000003 syscall=5 success=no exit=-13 a0=bf851ba8 a1=8142 a2=180 a3=8142 items=0 ppid=3341 pid=20866 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing the npviewer.bin from using potentially mislabeled files >(./.pulse-cookie). > >Detaljeret beskrivelse: > >SELinux has denied npviewer.bin access to potentially mislabeled file(s) >(./.pulse-cookie). This means that SELinux will not allow npviewer.bin to use >these files. It is common for users to edit files in their home directory or tmp >directories and then move (mv) them to system directories. The problem is that >the files end up with the wrong file context which confined applications are not >allowed to access. > >Tillader adgang: > >If you want npviewer.bin to access this files, you need to relabel them using >restorecon -v './.pulse-cookie'. You might want to relabel the entire directory >using restorecon -R -v '.'. > >Yderligere information: > >Kildekontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målkontekst unconfined_u:object_r:admin_home_t:s0 >Målobjekt ./.pulse-cookie [ file ] >Source npviewer.bin >Source Path /usr/lib/nspluginwrapper/npviewer.bin >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages nspluginwrapper-0.9.91.5-25.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn home_tmp_bad_labels >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 12 >First Seen ons 19 mar 2008 17:32:44 CET >Last Seen ons 19 mar 2008 18:01:48 CET >Local ID 8467396e-5632-47ad-b117-dfb2e1870c18 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205946108.527:2556): avc: denied { read } for pid=20866 comm="npviewer.bin" name=".pulse-cookie" dev=dm-1 ino=614435 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205946108.527:2556): arch=40000003 syscall=5 success=no exit=-13 a0=bf851ba8 a1=8100 a2=0 a3=8100 items=0 ppid=3341 pid=20866 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing npviewer.bin (nsplugin_t) "signull" to <Ukendt> >(unconfined_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by npviewer.bin. It is not expected that this >access is required by npviewer.bin and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Tillader adgang: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 >Målkontekst unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 >Målobjekt None [ process ] >Source npviewer.bin >Source Path /usr/lib/nspluginwrapper/npviewer.bin >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages nspluginwrapper-0.9.91.5-25.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 13 >First Seen ons 19 mar 2008 17:32:44 CET >Last Seen ons 19 mar 2008 18:01:48 CET >Local ID 4bda39a7-bd10-4399-9a49-21d9cd8a8873 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205946108.566:2557): avc: denied { signull } for pid=20866 comm="npviewer.bin" scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1205946108.566:2557): arch=40000003 syscall=37 success=no exit=-13 a0=91f a1=0 a2=ba95e0 a3=bf852b2c items=0 ppid=3341 pid=20866 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing tmpwatch (tmpreaper_t) "setattr" to ./tex (var_lib_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by tmpwatch. It is not expected that this access >is required by tmpwatch and this access may signal an intrusion attempt. It is >also possible that the specific version or configuration of the application is >causing it to require additional access. > >Tillader adgang: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./tex, > >restorecon -v './tex' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst system_u:system_r:tmpreaper_t:s0 >Målkontekst system_u:object_r:var_lib_t:s0 >Målobjekt ./tex [ dir ] >Source tmpwatch >Source Path /usr/sbin/tmpwatch >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages tmpwatch-2.9.13-2 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall_file >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 0 >First Seen ons 19 mar 2008 15:33:51 CET >Last Seen ons 19 mar 2008 15:33:51 CET >Local ID 10458d47-8ad5-4f86-afa3-16162e0274ec >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205937231.277:756): avc: denied { setattr } for pid=13966 comm="tmpwatch" name="tex" dev=dm-1 ino=57999 scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205937231.277:756): arch=40000003 syscall=30 success=no exit=-13 a0=804ac62 a1=bff4dc74 a2=0 a3=85e94c8 items=0 ppid=13964 pid=13966 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null) > > > > >Oversigt: > >SELinux is preventing tmpwatch (tmpreaper_t) "setattr" to ./dvips (var_lib_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by tmpwatch. It is not expected that this access >is required by tmpwatch and this access may signal an intrusion attempt. It is >also possible that the specific version or configuration of the application is >causing it to require additional access. > >Tillader adgang: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./dvips, > >restorecon -v './dvips' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst system_u:system_r:tmpreaper_t:s0 >Målkontekst system_u:object_r:var_lib_t:s0 >Målobjekt ./dvips [ dir ] >Source tmpwatch >Source Path /usr/sbin/tmpwatch >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages tmpwatch-2.9.13-2 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall_file >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 0 >First Seen ons 19 mar 2008 15:33:51 CET >Last Seen ons 19 mar 2008 15:33:51 CET >Local ID 13706b26-0d46-442f-b860-fc8f7d8731c1 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205937231.358:757): avc: denied { setattr } for pid=13966 comm="tmpwatch" name="dvips" dev=dm-1 ino=57997 scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205937231.358:757): arch=40000003 syscall=30 success=no exit=-13 a0=804ac62 a1=bff4da14 a2=0 a3=85eb508 items=0 ppid=13964 pid=13966 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null) > > > > >Oversigt: > >SELinux is preventing tmpwatch (tmpreaper_t) "setattr" to ./pdftex (var_lib_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by tmpwatch. It is not expected that this access >is required by tmpwatch and this access may signal an intrusion attempt. It is >also possible that the specific version or configuration of the application is >causing it to require additional access. > >Tillader adgang: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./pdftex, > >restorecon -v './pdftex' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst system_u:system_r:tmpreaper_t:s0 >Målkontekst system_u:object_r:var_lib_t:s0 >Målobjekt ./pdftex [ dir ] >Source tmpwatch >Source Path /usr/sbin/tmpwatch >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages tmpwatch-2.9.13-2 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall_file >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 1 >First Seen ons 19 mar 2008 15:33:51 CET >Last Seen ons 19 mar 2008 15:33:51 CET >Local ID 2d0aa46b-7269-473b-8c60-e1746b4806ce >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205937231.405:758): avc: denied { setattr } for pid=13966 comm="tmpwatch" name="pdftex" dev=dm-1 ino=57998 scontext=system_u:system_r:tmpreaper_t:s0 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205937231.405:758): arch=40000003 syscall=30 success=no exit=-13 a0=804ac62 a1=bff4da14 a2=0 a3=85eb508 items=0 ppid=13964 pid=13966 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tmpwatch" exe="/usr/sbin/tmpwatch" subj=system_u:system_r:tmpreaper_t:s0 key=(null) > > > > >Oversigt: > >SELinux is preventing the Xorg from using potentially mislabeled files >(./fonts.dir). > >Detaljeret beskrivelse: > >SELinux has denied Xorg access to potentially mislabeled file(s) (./fonts.dir). >This means that SELinux will not allow Xorg to use these files. It is common for >users to edit files in their home directory or tmp directories and then move >(mv) them to system directories. The problem is that the files end up with the >wrong file context which confined applications are not allowed to access. > >Tillader adgang: > >If you want Xorg to access this files, you need to relabel them using restorecon >-v './fonts.dir'. You might want to relabel the entire directory using >restorecon -R -v '.'. > >Yderligere information: > >Kildekontekst system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 >Målkontekst unconfined_u:object_r:admin_home_t:s0 >Målobjekt ./fonts.dir [ file ] >Source Xorg >Source Path /usr/bin/Xorg >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages xorg-x11-server-Xorg-1.4.99.901-10.20080314.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn home_tmp_bad_labels >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 1 >First Seen ons 19 mar 2008 14:02:13 CET >Last Seen ons 19 mar 2008 14:02:13 CET >Local ID 7f327364-bb6b-4647-9cab-32717b438a7c >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205931733.486:48): avc: denied { read } for pid=2086 comm="Xorg" name="fonts.dir" dev=dm-1 ino=614439 scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205931733.486:48): arch=40000003 syscall=5 success=no exit=-13 a0=bfa94e18 a1=0 a2=1b6 a3=0 items=0 ppid=2085 pid=2086 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty7 ses=4294967295 comm="Xorg" exe="/usr/bin/Xorg" subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing the gdm-session-wor from using potentially mislabeled >files (./root). > >Detaljeret beskrivelse: > >SELinux has denied gdm-session-wor access to potentially mislabeled file(s) >(./root). This means that SELinux will not allow gdm-session-wor to use these >files. It is common for users to edit files in their home directory or tmp >directories and then move (mv) them to system directories. The problem is that >the files end up with the wrong file context which confined applications are not >allowed to access. > >Tillader adgang: > >If you want gdm-session-wor to access this files, you need to relabel them using >restorecon -v './root'. You might want to relabel the entire directory using >restorecon -R -v './root'. > >Yderligere information: > >Kildekontekst system_u:system_r:xdm_t:s0-s0:c0.c1023 >Målkontekst system_u:object_r:admin_home_t:s0 >Målobjekt ./root [ dir ] >Source gdm-session-wor >Source Path /usr/libexec/gdm-session-worker >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages gdm-2.21.10-0.2008.03.18.1.fc9 >Target RPM Packages filesystem-2.4.11-2.fc9 >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn home_tmp_bad_labels >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 3 >First Seen ons 19 mar 2008 14:01:35 CET >Last Seen ons 19 mar 2008 14:01:35 CET >Local ID 4f8e2a88-3316-454c-a277-adbc7bccedc7 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205931695.597:47): avc: denied { write } for pid=2275 comm="gdm-session-wor" name="root" dev=dm-1 ino=614401 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir > >host=localhost.localdomain type=SYSCALL msg=audit(1205931695.597:47): arch=40000003 syscall=5 success=no exit=-13 a0=a0aedf8 a1=80c2 a2=1b6 a3=80c2 items=0 ppid=2173 pid=2275 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing pulseaudio (xdm_t) "read" to ./default.conf >(alsa_etc_rw_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by pulseaudio. It is not expected that this >access is required by pulseaudio and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Tillader adgang: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./default.conf, > >restorecon -v './default.conf' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst system_u:system_r:xdm_t:s0-s0:c0.c1023 >Målkontekst system_u:object_r:alsa_etc_rw_t:s0 >Målobjekt ./default.conf [ file ] >Source pulseaudio >Source Path /usr/bin/pulseaudio >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages pulseaudio-0.9.8-11.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall_file >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 1 >First Seen ons 19 mar 2008 14:01:05 CET >Last Seen ons 19 mar 2008 14:01:05 CET >Local ID 00d1f2f6-2800-4cce-b3a5-05a82dd86014 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205931665.361:35): avc: denied { read } for pid=2190 comm="pulseaudio" name="default.conf" dev=dm-1 ino=278742 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:alsa_etc_rw_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205931665.361:35): arch=40000003 syscall=5 success=no exit=-13 a0=8caa618 a1=0 a2=1b6 a3=0 items=0 ppid=1 pid=2190 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing pulseaudio (xdm_t) "write" to anon_inode (anon_inodefs_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by pulseaudio. It is not expected that this >access is required by pulseaudio and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Tillader adgang: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for anon_inode, > >restorecon -v 'anon_inode' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst system_u:system_r:xdm_t:s0-s0:c0.c1023 >Målkontekst system_u:object_r:anon_inodefs_t:s0 >Målobjekt anon_inode [ file ] >Source pulseaudio >Source Path /usr/bin/pulseaudio >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages pulseaudio-0.9.8-11.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall_file >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 1 >First Seen ons 19 mar 2008 14:01:05 CET >Last Seen ons 19 mar 2008 14:01:05 CET >Local ID 1c5e3a47-a1ca-4964-bd35-460e3a13c6bc >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205931665.433:36): avc: denied { write } for pid=2190 comm="pulseaudio" path="anon_inode:[eventfd]" dev=anon_inodefs ino=170 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:anon_inodefs_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1205931665.433:36): arch=40000003 syscall=4 success=no exit=-13 a0=c a1=bfa80628 a2=8 a3=8ca10f8 items=0 ppid=1 pid=2190 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing pulseaudio (xdm_t) "getcap" to <Ukendt> (xdm_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by pulseaudio. It is not expected that this >access is required by pulseaudio and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Tillader adgang: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst system_u:system_r:xdm_t:s0-s0:c0.c1023 >Målkontekst system_u:system_r:xdm_t:s0-s0:c0.c1023 >Målobjekt None [ process ] >Source pulseaudio >Source Path /usr/bin/pulseaudio >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages pulseaudio-0.9.8-11.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 3 >First Seen ons 19 mar 2008 14:01:04 CET >Last Seen ons 19 mar 2008 14:01:04 CET >Local ID 2cc19dc2-327e-4db6-a2e2-a2863904dd04 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205931664.691:33): avc: denied { getcap } for pid=2190 comm="pulseaudio" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1205931664.691:33): arch=40000003 syscall=184 success=no exit=-13 a0=8c8d334 a1=0 a2=3020f0 a3=8c8d330 items=0 ppid=1 pid=2190 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing pulseaudio (xdm_t) "setcap" to <Ukendt> (xdm_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by pulseaudio. It is not expected that this >access is required by pulseaudio and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Tillader adgang: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst system_u:system_r:xdm_t:s0-s0:c0.c1023 >Målkontekst system_u:system_r:xdm_t:s0-s0:c0.c1023 >Målobjekt None [ process ] >Source pulseaudio >Source Path /usr/bin/pulseaudio >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages pulseaudio-0.9.8-11.fc9 >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 2 >First Seen ons 19 mar 2008 14:01:04 CET >Last Seen ons 19 mar 2008 14:01:04 CET >Local ID 6617d10c-87f2-4192-90d6-aa84f36b4e53 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205931664.692:34): avc: denied { setcap } for pid=2190 comm="pulseaudio" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1205931664.692:34): arch=40000003 syscall=185 success=no exit=-13 a0=8c8d334 a1=8c8d33c a2=3020f0 a3=0 items=0 ppid=1 pid=2190 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) > > > > >Oversigt: > >SELinux is preventing rhgb (rhgb_t) "read" to ./keyboard (root_t). > >Detaljeret beskrivelse: > >SELinux denied access requested by rhgb. It is not expected that this access is >required by rhgb and this access may signal an intrusion attempt. It is also >possible that the specific version or configuration of the application is >causing it to require additional access. > >Tillader adgang: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./keyboard, > >restorecon -v './keyboard' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Yderligere information: > >Kildekontekst system_u:system_r:rhgb_t:s0 >Målkontekst system_u:object_r:root_t:s0 >Målobjekt ./keyboard [ file ] >Source rhgb >Source Path <Ukendt> >Port <Ukendt> >Host localhost.localdomain >Source RPM Packages >Target RPM Packages >Policy-RPM selinux-policy-3.3.1-19.fc9 >SELinux aktiveret True >Policytype targeted >MLS aktiveret True >Gennemtvingende tilstand Enforcing >Indstiksmodulnavn catchall_file >Værtsnavn localhost.localdomain >Platform Linux localhost.localdomain > 2.6.25-0.121.rc5.git4.fc9 #1 SMP Fri Mar 14 > 23:14:20 EDT 2008 i686 i686 >Alert Count 19 >First Seen ons 19 mar 2008 14:00:22 CET >Last Seen ons 19 mar 2008 14:00:22 CET >Local ID 7e5c048f-936c-406c-8da6-59626cfb72c8 >Line Numbers > >Rå auditeringsmeddelelser > >host=localhost.localdomain type=AVC msg=audit(1205931622.295:23): avc: denied { read } for pid=1192 comm="rhgb" name="keyboard" dev=dm-1 ino=278547 scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=file > > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=298634">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 438285
: 298634