Attachment 304628 Details for Bug 444670 – SELinux AVCs - Permissive Mode

SELinux AVCs - Permissive Mode

se-podsleuth-permissive (text/plain), 46.12 KB, created by Nigel Jones on 2008-05-06 11:58:34 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Nigel Jones

Created: 2008-05-06 11:58:34 UTC

Size: 46.12 KB

patch

obsolete

>After reattaching iPod when getenforce returns "Permissive"
>
>May  6 23:33:28 rawhide kernel: usb 1-1: USB disconnect, address 5
>May  6 23:33:32 rawhide kernel: usb 1-1: new high speed USB device using ehci_hcd and address 6
>May  6 23:33:32 rawhide kernel: usb 1-1: configuration #1 chosen from 2 choices
>May  6 23:33:32 rawhide kernel: scsi7 : SCSI emulation for USB Mass Storage devices
>May  6 23:33:32 rawhide kernel: usb 1-1: New USB device found, idVendor=05ac, idProduct=1260
>May  6 23:33:32 rawhide kernel: usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
>May  6 23:33:32 rawhide kernel: usb 1-1: Product: iPod
>May  6 23:33:32 rawhide kernel: usb 1-1: Manufacturer: Apple
>May  6 23:33:32 rawhide kernel: usb 1-1: SerialNumber: [Valid Serial Number]
>May  6 23:33:37 rawhide kernel: scsi 7:0:0:0: Direct-Access     Apple    iPod             1.62 PQ: 0 ANSI: 0
>May  6 23:33:37 rawhide kernel: sd 7:0:0:0: [sdb] 1982464 2048-byte hardware sectors (4060 MB)
>May  6 23:33:37 rawhide kernel: sd 7:0:0:0: [sdb] Write Protect is off
>May  6 23:33:37 rawhide kernel: sd 7:0:0:0: [sdb] Assuming drive cache: write through
>May  6 23:33:38 rawhide kernel: sd 7:0:0:0: [sdb] 1982464 2048-byte hardware sectors (4060 MB)
>May  6 23:33:38 rawhide kernel: sd 7:0:0:0: [sdb] Write Protect is off
>May  6 23:33:38 rawhide kernel: sd 7:0:0:0: [sdb] Assuming drive cache: write through
>May  6 23:33:38 rawhide kernel:  sdb: sdb1 sdb2
>May  6 23:33:38 rawhide kernel: sd 7:0:0:0: [sdb] Attached SCSI removable disk
>May  6 23:33:38 rawhide kernel: sd 7:0:0:0: Attached scsi generic sg2 type 0
>May  6 23:33:38 rawhide setroubleshoot: SELinux is preventing mono (hald_t) "getsched" to <Unknown> (hald_t). For complete SELinux messages. run sealert -l c71d367c-61db-45cd-a1dc-cf135835660d
>May  6 23:33:38 rawhide setroubleshoot: SELinux is preventing mono (hald_t) "execmem" to <Unknown> (hald_t). For complete SELinux messages. run sealert -l 94d05508-8b88-4c7e-8498-5e999f52f231
>May  6 23:33:38 rawhide setroubleshoot: SELinux is preventing the mono from using potentially mislabeled files (./.wapi). For complete SELinux messages. run sealert -l c5a1228b-ba73-4ef8-837d-38d6d3a9411c
>May  6 23:33:38 rawhide setroubleshoot: SELinux is preventing the mono from using potentially mislabeled files (/root/.wapi/shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0). For complete SELinux messages. run sealert -l b4d81d78-1be7-426c-ac10-d82cfa2ba8b5
>May  6 23:33:38 rawhide setroubleshoot: SELinux is preventing mono (hald_t) "create" to <Unknown> (hald_t). For complete SELinux messages. run sealert -l 8dbd8559-9cf1-474c-aa3a-b91705c7ef29
>May  6 23:33:38 rawhide setroubleshoot: SELinux is preventing mono (hald_t) "unix_write" to <Unknown> (hald_t). For complete SELinux messages. run sealert -l ebddb412-1b9b-4c78-b29c-712b6a5f3d09
>May  6 23:33:38 rawhide setroubleshoot: SELinux is preventing mono (hald_t) "read" to <Unknown> (hald_t). For complete SELinux messages. run sealert -l 2fc30536-5a50-4eb1-be61-841193f020ce
>May  6 23:33:39 rawhide setroubleshoot: SELinux is preventing mono from changing the access protection of memory on the heap. For complete SELinux messages. run sealert -l b410dc45-efe6-400b-80ef-083c10c7d021
>May  6 23:33:39 rawhide setroubleshoot: SELinux is preventing the mono from using potentially mislabeled files (/tmp/podsleuth-mount-1). For complete SELinux messages. run sealert -l 289f4cf1-874b-44e9-acee-c769ddf8e025
>May  6 23:33:39 rawhide setroubleshoot: SELinux is preventing mono (hald_t) "getattr" to /tmp/podsleuth-mount-1/iPod_Control/Device/SysInfo (dosfs_t). For complete SELinux messages. run sealert -l 5659f53a-51d0-438c-80df-7bcaa521027b
>May  6 23:33:40 rawhide setroubleshoot: SELinux is preventing mono (hald_t) "name_connect" to <Unknown> (http_port_t). For complete SELinux messages. run sealert -l a769a0eb-537a-4c63-81da-3e8732b3185a
>May  6 23:33:41 rawhide setroubleshoot: SELinux is preventing mono (hald_t) "unmount" to <Unknown> (dosfs_t). For complete SELinux messages. run sealert -l 8ce050ec-51c9-4d99-bb7e-a4e53868c4c9
>May  6 23:33:41 rawhide setroubleshoot: SELinux is preventing mono (hald_t) "unix_read" to <Unknown> (hald_t). For complete SELinux messages. run sealert -l 3f01654c-bf38-4c6a-a950-709cf928eaf8
>May  6 23:33:41 rawhide setroubleshoot: SELinux is preventing mono (hald_t) "destroy" to <Unknown> (hald_t). For complete SELinux messages. run sealert -l 17ec4b61-98f6-4f6f-8cab-8e672f378439
>May  6 23:33:41 rawhide setroubleshoot: SELinux is preventing the mono from using potentially mislabeled files (./shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0). For complete SELinux messages. run sealert -l 93ade67d-8554-46af-be38-dfe43c5ef0eb
>
>
>[root@rawhide ~]# sealert -l c71d367c-61db-45cd-a1dc-cf135835660d
>
>Summary:
>
>SELinux is preventing mono (hald_t) "getsched" to <Unknown> (hald_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by mono. It is not expected that this access is
>required by mono and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:system_r:hald_t:s0
>Target Objects                None [ process ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   12
>First Seen                    Tue Apr 29 23:12:31 2008
>Last Seen                     Tue May  6 23:33:38 2008
>Local ID                      c71d367c-61db-45cd-a1dc-cf135835660d
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073618.779:52): avc:  denied  { getsched } for  pid=3000 comm="mono" scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=process
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073618.779:52): arch=c000003e syscall=143 success=yes exit=0 a0=bb8 a1=7fa38211cba8 a2=7fff8a12bf90 a3=3c86b66fac items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l 94d05508-8b88-4c7e-8498-5e999f52f231
>
>Summary:
>
>SELinux is preventing mono (hald_t) "execmem" to <Unknown> (hald_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by mono. It is not expected that this access is
>required by mono and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:system_r:hald_t:s0
>Target Objects                None [ process ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue May  6 23:30:18 2008
>Last Seen                     Tue May  6 23:33:38 2008
>Local ID                      94d05508-8b88-4c7e-8498-5e999f52f231
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073618.794:53): avc:  denied  { execmem } for  pid=3000 comm="mono" scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=process
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073618.794:53): arch=c000003e syscall=9 success=yes exit=1114112 a0=0 a1=10000 a2=7 a3=62 items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l c5a1228b-ba73-4ef8-837d-38d6d3a9411c
>
>Summary:
>
>SELinux is preventing the mono from using potentially mislabeled files
>(./.wapi).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux has denied mono access to potentially mislabeled file(s) (./.wapi). This
>means that SELinux will not allow mono to use these files. It is common for
>users to edit files in their home directory or tmp directories and then move
>(mv) them to system directories. The problem is that the files end up with the
>wrong file context which confined applications are not allowed to access.
>
>Allowing Access:
>
>If you want mono to access this files, you need to relabel them using restorecon
>-v './.wapi'. You might want to relabel the entire directory using restorecon -R
>-v './.wapi'.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                unconfined_u:object_r:admin_home_t:s0
>Target Objects                ./.wapi [ dir ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   home_tmp_bad_labels
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue May  6 23:30:18 2008
>Last Seen                     Tue May  6 23:33:38 2008
>Local ID                      c5a1228b-ba73-4ef8-837d-38d6d3a9411c
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073618.812:54): avc:  denied  { write } for  pid=3000 comm="mono" name=".wapi" dev=dm-0 ino=589888 scontext=system_u:system_r:hald_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=dir
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073618.812:54): avc:  denied  { add_name } for  pid=3000 comm="mono" name="shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0" scontext=system_u:system_r:hald_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=dir
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073618.812:54): avc:  denied  { create } for  pid=3000 comm="mono" name="shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0" scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073618.812:54): avc:  denied  { read write } for  pid=3000 comm="mono" name="shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0" dev=dm-0 ino=590087 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073618.812:54): arch=c000003e syscall=2 success=yes exit=3 a0=7f5d60 a1=c2 a2=180 a3=3c86b67a70 items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l b4d81d78-1be7-426c-ac10-d82cfa2ba8b5
>
>Summary:
>
>SELinux is preventing the mono from using potentially mislabeled files
>(/root/.wapi/shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux has denied mono access to potentially mislabeled file(s)
>(/root/.wapi/shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0). This
>means that SELinux will not allow mono to use these files. It is common for
>users to edit files in their home directory or tmp directories and then move
>(mv) them to system directories. The problem is that the files end up with the
>wrong file context which confined applications are not allowed to access.
>
>Allowing Access:
>
>If you want mono to access this files, you need to relabel them using restorecon
>-v '/root/.wapi/shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0'. You
>might want to relabel the entire directory using restorecon -R -v '/root/.wapi'.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:object_r:admin_home_t:s0
>Target Objects                /root/.wapi/shared_data-rawhide.dev.jnet.net.nz-
>                              Linux-x86_64-328-11-0 [ file ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   home_tmp_bad_labels
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue May  6 23:30:18 2008
>Last Seen                     Tue May  6 23:33:38 2008
>Local ID                      b4d81d78-1be7-426c-ac10-d82cfa2ba8b5
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073618.815:55): avc:  denied  { getattr } for  pid=3000 comm="mono" path="/root/.wapi/shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0" dev=dm-0 ino=590087 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073618.815:55): arch=c000003e syscall=5 success=yes exit=0 a0=3 a1=7fff8a12bc90 a2=7fff8a12bc90 a3=3c86b67a70 items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l 8dbd8559-9cf1-474c-aa3a-b91705c7ef29
>
>Summary:
>
>SELinux is preventing mono (hald_t) "create" to <Unknown> (hald_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by mono. It is not expected that this access is
>required by mono and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:system_r:hald_t:s0
>Target Objects                None [ sem ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue May  6 23:30:18 2008
>Last Seen                     Tue May  6 23:33:38 2008
>Local ID                      8dbd8559-9cf1-474c-aa3a-b91705c7ef29
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073618.815:56): avc:  denied  { create } for  pid=3000 comm="mono" key=1291845895 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=sem
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073618.815:56): arch=c000003e syscall=64 success=yes exit=360448 a0=4d000107 a1=8 a2=780 a3=3832332d34365f36 items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l ebddb412-1b9b-4c78-b29c-712b6a5f3d09
>
>Summary:
>
>SELinux is preventing mono (hald_t) "unix_write" to <Unknown> (hald_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by mono. It is not expected that this access is
>required by mono and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:system_r:hald_t:s0
>Target Objects                None [ sem ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue May  6 23:30:18 2008
>Last Seen                     Tue May  6 23:33:38 2008
>Local ID                      ebddb412-1b9b-4c78-b29c-712b6a5f3d09
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073618.815:57): avc:  denied  { unix_write } for  pid=3000 comm="mono" key=1291845895 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=sem
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073618.815:57): avc:  denied  { write } for  pid=3000 comm="mono" key=1291845895 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=sem
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073618.815:57): arch=c000003e syscall=66 success=yes exit=0 a0=58000 a1=0 a2=11 a3=7fff8a12be10 items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l 2fc30536-5a50-4eb1-be61-841193f020ce
>
>Summary:
>
>SELinux is preventing mono (hald_t) "read" to <Unknown> (hald_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by mono. It is not expected that this access is
>required by mono and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:system_r:hald_t:s0
>Target Objects                None [ sem ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue May  6 23:30:18 2008
>Last Seen                     Tue May  6 23:33:38 2008
>Local ID                      2fc30536-5a50-4eb1-be61-841193f020ce
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073618.815:58): avc:  denied  { read } for  pid=3000 comm="mono" key=1291845895 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=sem
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073618.815:58): arch=c000003e syscall=65 success=yes exit=0 a0=58000 a1=7fff8a12bdd0 a2=1 a3=7fff8a12be10 items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l b410dc45-efe6-400b-80ef-083c10c7d021
>
>Summary:
>
>SELinux is preventing mono from changing the access protection of memory on the
>heap.
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>The mono application attempted to change the access protection of memory on the
>heap (e.g., allocated using malloc). This is a potential security problem.
>Applications should not be doing this. Applications are sometimes coded
>incorrectly and request this permission. The SELinux Memory Protection Tests
>(http://people.redhat.com/drepper/selinux-mem.html) web page explains how to
>remove this requirement. If mono does not work and you need it to work, you can
>configure SELinux temporarily to allow this access until the application is
>fixed. Please file a bug report
>(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
>
>Allowing Access:
>
>If you want mono to continue, you must turn on the allow_execheap boolean. Note:
>This boolean will affect all applications on the system.
>
>Fix Command:
>
>setsebool -P allow_execheap=1
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:system_r:hald_t:s0
>Target Objects                None [ process ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   allow_execheap
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue May  6 23:30:19 2008
>Last Seen                     Tue May  6 23:33:39 2008
>Local ID                      b410dc45-efe6-400b-80ef-083c10c7d021
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073619.41:59): avc:  denied  { execheap } for  pid=3000 comm="mono" scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=process
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073619.41:59): arch=c000003e syscall=10 success=yes exit=0 a0=2c56000 a1=1000 a2=7 a3=3c86b67a70 items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l 289f4cf1-874b-44e9-acee-c769ddf8e025
>
>Summary:
>
>SELinux is preventing the mono from using potentially mislabeled files
>(/tmp/podsleuth-mount-1).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux has denied mono access to potentially mislabeled file(s)
>(/tmp/podsleuth-mount-1). This means that SELinux will not allow mono to use
>these files. It is common for users to edit files in their home directory or tmp
>directories and then move (mv) them to system directories. The problem is that
>the files end up with the wrong file context which confined applications are not
>allowed to access.
>
>Allowing Access:
>
>If you want mono to access this files, you need to relabel them using restorecon
>-v '/tmp/podsleuth-mount-1'. You might want to relabel the entire directory
>using restorecon -R -v '/tmp/podsleuth-mount-1'.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:object_r:hald_tmp_t:s0
>Target Objects                /tmp/podsleuth-mount-1 [ dir ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   home_tmp_bad_labels
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   1
>First Seen                    Tue May  6 23:33:39 2008
>Last Seen                     Tue May  6 23:33:39 2008
>Local ID                      289f4cf1-874b-44e9-acee-c769ddf8e025
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073619.96:60): avc:  denied  { mounton } for  pid=3000 comm="mono" path="/tmp/podsleuth-mount-1" dev=dm-0 ino=1513533 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:hald_tmp_t:s0 tclass=dir
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073619.96:60): avc:  denied  { mount } for  pid=3000 comm="mono" name="/" dev=sdb2 ino=1 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:dosfs_t:s0 tclass=filesystem
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073619.96:60): arch=c000003e syscall=165 success=yes exit=0 a0=2caba10 a1=2cb2200 a2=2cb21e0 a3=1 items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l 5659f53a-51d0-438c-80df-7bcaa521027b
>
>Summary:
>
>SELinux is preventing mono (hald_t) "getattr" to
>/tmp/podsleuth-mount-1/iPod_Control/Device/SysInfo (dosfs_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by mono. It is not expected that this access is
>required by mono and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for
>/tmp/podsleuth-mount-1/iPod_Control/Device/SysInfo,
>
>restorecon -v '/tmp/podsleuth-mount-1/iPod_Control/Device/SysInfo'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:object_r:dosfs_t:s0
>Target Objects                /tmp/podsleuth-mount-1/iPod_Control/Device/SysInfo
>                              [ file ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall_file
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   1
>First Seen                    Tue May  6 23:33:39 2008
>Last Seen                     Tue May  6 23:33:39 2008
>Local ID                      5659f53a-51d0-438c-80df-7bcaa521027b
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073619.189:61): avc:  denied  { getattr } for  pid=3000 comm="mono" path="/tmp/podsleuth-mount-1/iPod_Control/Device/SysInfo" dev=sdb2 ino=12 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:dosfs_t:s0 tclass=file
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073619.189:61): arch=c000003e syscall=4 success=yes exit=0 a0=2cd49b0 a1=7fff8a12b250 a2=7fff8a12b250 a3=0 items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]#  sealert -l a769a0eb-537a-4c63-81da-3e8732b3185a
>
>Summary:
>
>SELinux is preventing mono (hald_t) "name_connect" to <Unknown> (http_port_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by mono. It is not expected that this access is
>required by mono and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:object_r:http_port_t:s0
>Target Objects                None [ tcp_socket ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          80
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   1
>First Seen                    Tue May  6 23:33:40 2008
>Last Seen                     Tue May  6 23:33:40 2008
>Local ID                      a769a0eb-537a-4c63-81da-3e8732b3185a
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073620.540:62): avc:  denied  { name_connect } for  pid=3003 comm="mono" dest=80 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073620.540:62): arch=c000003e syscall=42 success=yes exit=0 a0=5 a1=2edba20 a2=10 a3=1 items=0 ppid=2998 pid=3003 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l 8ce050ec-51c9-4d99-bb7e-a4e53868c4c9
>
>Summary:
>
>SELinux is preventing mono (hald_t) "unmount" to <Unknown> (dosfs_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by mono. It is not expected that this access is
>required by mono and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:object_r:dosfs_t:s0
>Target Objects                None [ filesystem ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   1
>First Seen                    Tue May  6 23:33:41 2008
>Last Seen                     Tue May  6 23:33:41 2008
>Local ID                      8ce050ec-51c9-4d99-bb7e-a4e53868c4c9
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073621.232:63): avc:  denied  { unmount } for  pid=3000 comm="mono" scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:dosfs_t:s0 tclass=filesystem
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073621.232:63): arch=c000003e syscall=166 success=yes exit=0 a0=2feb400 a1=0 a2=31 a3=140 items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l 3f01654c-bf38-4c6a-a950-709cf928eaf8
>
>Summary:
>
>SELinux is preventing mono (hald_t) "unix_read" to <Unknown> (hald_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by mono. It is not expected that this access is
>required by mono and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:system_r:hald_t:s0
>Target Objects                None [ sem ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue May  6 23:30:19 2008
>Last Seen                     Tue May  6 23:33:41 2008
>Local ID                      3f01654c-bf38-4c6a-a950-709cf928eaf8
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073621.419:64): avc:  denied  { unix_read } for  pid=3000 comm="mono" key=1291845895 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=sem
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073621.419:64): arch=c000003e syscall=66 success=yes exit=1 a0=58000 a1=7 a2=c a3=ffffffffffffffff items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l 17ec4b61-98f6-4f6f-8cab-8e672f378439
>
>Summary:
>
>SELinux is preventing mono (hald_t) "destroy" to <Unknown> (hald_t).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux denied access requested by mono. It is not expected that this access is
>required by mono and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                system_u:system_r:hald_t:s0
>Target Objects                None [ sem ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   catchall
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue May  6 23:30:19 2008
>Last Seen                     Tue May  6 23:33:41 2008
>Local ID                      17ec4b61-98f6-4f6f-8cab-8e672f378439
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073621.429:65): avc:  denied  { destroy } for  pid=3000 comm="mono" key=1291845895 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:system_r:hald_t:s0 tclass=sem
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073621.429:65): arch=c000003e syscall=66 success=yes exit=0 a0=58000 a1=0 a2=0 a3=ffffffffffffffff items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]# sealert -l 93ade67d-8554-46af-be38-dfe43c5ef0eb
>
>Summary:
>
>SELinux is preventing the mono from using potentially mislabeled files
>(./shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0).
>
>Detailed Description:
>
>[SELinux is in permissive mode, the operation would have been denied but was
>permitted due to permissive mode.]
>
>SELinux has denied mono access to potentially mislabeled file(s)
>(./shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0). This means that
>SELinux will not allow mono to use these files. It is common for users to edit
>files in their home directory or tmp directories and then move (mv) them to
>system directories. The problem is that the files end up with the wrong file
>context which confined applications are not allowed to access.
>
>Allowing Access:
>
>If you want mono to access this files, you need to relabel them using restorecon
>-v './shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0'. You might want
>to relabel the entire directory using restorecon -R -v
>'./shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0'.
>
>Additional Information:
>
>Source Context                system_u:system_r:hald_t:s0
>Target Context                unconfined_u:object_r:admin_home_t:s0
>Target Objects                ./shared_data-rawhide.dev.jnet.net.nz-
>                              Linux-x86_64-328-11-0 [ dir ]
>Source                        mono
>Source Path                   /usr/bin/mono
>Port                          <Unknown>
>Host                          rawhide.dev.jnet.net.nz
>Source RPM Packages           mono-core-1.9-7.fc9
>Target RPM Packages
>Policy RPM                    selinux-policy-3.3.1-35.fc9
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Permissive
>Plugin Name                   home_tmp_bad_labels
>Host Name                     rawhide.dev.jnet.net.nz
>Platform                      Linux rawhide.dev.jnet.net.nz 2.6.25-1.fc9.x86_64
>                              #1 SMP Thu Apr 17 01:11:31 EDT 2008 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue May  6 23:30:19 2008
>Last Seen                     Tue May  6 23:33:41 2008
>Local ID                      93ade67d-8554-46af-be38-dfe43c5ef0eb
>Line Numbers
>
>Raw Audit Messages
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073621.439:66): avc:  denied  { remove_name } for  pid=3000 comm="mono" name="shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0" dev=dm-0 ino=590087 scontext=system_u:system_r:hald_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=dir
>
>host=rawhide.dev.jnet.net.nz type=AVC msg=audit(1210073621.439:66): avc:  denied  { unlink } for  pid=3000 comm="mono" name="shared_data-rawhide.dev.jnet.net.nz-Linux-x86_64-328-11-0" dev=dm-0 ino=590087 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:admin_home_t:s0 tclass=file
>
>host=rawhide.dev.jnet.net.nz type=SYSCALL msg=audit(1210073621.439:66): arch=c000003e syscall=87 success=yes exit=0 a0=7f5d60 a1=3c86938888 a2=0 a3=3832332d34365f36 items=0 ppid=2998 pid=3000 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mono" exe="/usr/bin/mono" subj=system_u:system_r:hald_t:s0 key=(null)
>
>
>
>[root@rawhide ~]#

Actions: View

Attachments on bug 444670: 304202 | 304627 | 304628 | 304639 | 304759 | 304774 | 304776 | 304847 | 305021 | 305238