Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 307342 Details for
Bug 449340
Updates trigger selinux alert ( rsylogd, dbus-daemon, mono )
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Selinux-alerts recived....
Selinux-Alerts.txt (text/plain), 13.72 KB, created by
Jóhann B. Guðmundsson
on 2008-06-02 09:55:18 UTC
(
hide
)
Description:
Selinux-alerts recived....
Filename:
MIME Type:
Creator:
Jóhann B. Guðmundsson
Created:
2008-06-02 09:55:18 UTC
Size:
13.72 KB
patch
obsolete
>********* Selinux Alert Rsyslog Mono recieved 02/06/2008********* > >Summary: > >SELinux is preventing rsyslogd (syslogd_t) "read" to ./meminfo (proc_t). > >Detailed Description: > >SELinux denied access requested by rsyslogd. It is not expected that this access >is required by rsyslogd and this access may signal an intrusion attempt. It is >also possible that the specific version or configuration of the application is >causing it to require additional access. > >Allowing Access: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./meminfo, > >restorecon -v './meminfo' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context unconfined_u:system_r:syslogd_t:s0 >Target Context system_u:object_r:proc_t:s0 >Target Objects ./meminfo [ file ] >Source rsyslogd >Source Path /sbin/rsyslogd >Port <Unknown> >Host localhost.localdomain >Source RPM Packages rsyslog-3.16.1-1.fc10 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-51.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall_file >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.26-0.17.rc3.fc10.i686 #1 SMP Sun May 18 > 19:05:03 EDT 2008 i686 i686 >Alert Count 2 >First Seen Thu 22 May 2008 04:26:40 PM GMT >Last Seen Mon 02 Jun 2008 09:20:10 AM GMT >Local ID b6a6af69-1d0a-4ed2-bead-aedf05a8254d >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1212398410.167:159): avc: denied { read } for pid=11500 comm="rsyslogd" name="meminfo" dev=proc ino=4026531842 scontext=unconfined_u:system_r:syslogd_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1212398410.167:159): arch=40000003 syscall=5 success=no exit=-13 a0=29c3b1 a1=0 a2=1b6 a3=29c3b1 items=0 ppid=11499 pid=11500 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="rsyslogd" exe="/sbin/rsyslogd" subj=unconfined_u:system_r:syslogd_t:s0 key=(null) > ># Running restorecon -v './meminfo' produces the following error msg. ># ># [root@localhost ~]# restorecon -v './meminfo' ># restorecon: stat error on ./meminfo: No such file or directory > >********* Selinux Alert Dbus-Daemon recieved 02/06/2008*********** > >Summary: > >SELinux is preventing dbus-daemon (xdm_dbusd_t) "execute" to ./gconfd-2 >(gconfd_exec_t). > >Detailed Description: > >SELinux denied access requested by dbus-daemon. It is not expected that this >access is required by dbus-daemon and this access may signal an intrusion >attempt. It is also possible that the specific version or configuration of the >application is causing it to require additional access. > >Allowing Access: > >Sometimes labeling problems can cause SELinux denials. You could try to restore >the default system file context for ./gconfd-2, > >restorecon -v './gconfd-2' > >If this does not work, there is currently no automatic way to allow this access. >Instead, you can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 >Target Context system_u:object_r:gconfd_exec_t:s0 >Target Objects ./gconfd-2 [ file ] >Source dbus-daemon >Source Path /bin/dbus-daemon >Port <Unknown> >Host localhost.localdomain >Source RPM Packages dbus-1.2.1-3.fc10 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-51.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall_file >Host Name localhost.localdomain >Platform Linux localhost.localdomain > 2.6.26-0.17.rc3.fc10.i686 #1 SMP Sun May 18 > 19:05:03 EDT 2008 i686 i686 >Alert Count 242 >First Seen Thu 29 May 2008 01:03:07 PM GMT >Last Seen Mon 02 Jun 2008 08:42:43 AM GMT >Local ID 84805b64-49ae-477f-aff5-f3c7158593a8 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1212396163.816:129): avc: denied { execute } for pid=2868 comm="dbus-daemon" name="gconfd-2" dev=dm-1 ino=465035 scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:gconfd_exec_t:s0 tclass=file > >host=localhost.localdomain type=SYSCALL msg=audit(1212396163.816:129): arch=40000003 syscall=11 success=no exit=-13 a0=b933a778 a1=b9340bf0 a2=b933a798 a3=b9340818 items=0 ppid=2867 pid=2868 auid=4294967295 uid=42 gid=42 euid=42 suid=42 fsuid=42 egid=42 sgid=42 fsgid=42 tty=(none) ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon" subj=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 key=(null) > ># Running restorecon -v './gconfd-2' produces the following error msg. ># ># [root@localhost ~]# restorecon -v './gconfd-2' ># restorecon: stat error on ./gconfd-2: No such file or directory > > >******** Selinux Alert Mono recieved 22/05/2008 ******** > > >Summary: > >SELinux is preventing mono (unlabeled_t) "signal" to <Unknown> (unlabeled_t). > >Detailed Description: > >SELinux denied access requested by mono. It is not expected that this access is >required by mono and this access may signal an intrusion attempt. It is also >possible that the specific version or configuration of the application is >causing it to require additional access. > >Allowing Access: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:object_r:unlabeled_t:s0 >Target Context system_u:object_r:unlabeled_t:s0 >Target Objects None [ process ] >Source mono >Source Path /usr/bin/mono >Port <Unknown> >Host localhost.localdomain >Source RPM Packages mono-core-1.9.1-2.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-42.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall >Host Name localhost.localdomain >Platform Linux localhost.localdomain 2.6.25-14.fc9.i686 #1 > SMP Thu May 1 06:28:41 EDT 2008 i686 i686 >Alert Count 2 >First Seen Thu 22 May 2008 04:09:45 PM GMT >Last Seen Thu 22 May 2008 04:09:45 PM GMT >Local ID d673a437-6457-41be-a2cd-1cf78e624383 >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1211472585.465:60): avc: denied { signal } for pid=3107 comm="mono" scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=process > >host=localhost.localdomain type=SYSCALL msg=audit(1211472585.465:60): arch=40000003 syscall=270 per=400000 success=no exit=-13 a0=c18 a1=c23 a2=6 a3=9bc7828 items=0 ppid=1 pid=3107 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="mono" exe="/usr/bin/mono" subj=system_u:object_r:unlabeled_t:s0 key=(null) > > >******** Selinux Alert Mono recieved 22/05/2008 ********* > > >Summary: > >SELinux is preventing mono (unlabeled_t) "unix_write" to <Unknown> >(unlabeled_t). > >Detailed Description: > >SELinux denied access requested by mono. It is not expected that this access is >required by mono and this access may signal an intrusion attempt. It is also >possible that the specific version or configuration of the application is >causing it to require additional access. > >Allowing Access: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:object_r:unlabeled_t:s0 >Target Context system_u:object_r:unlabeled_t:s0 >Target Objects None [ sem ] >Source mono >Source Path /usr/bin/mono >Port <Unknown> >Host localhost.localdomain >Source RPM Packages mono-core-1.9.1-2.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-42.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall >Host Name localhost.localdomain >Platform Linux localhost.localdomain 2.6.25-14.fc9.i686 #1 > SMP Thu May 1 06:28:41 EDT 2008 i686 i686 >Alert Count 1 >First Seen Thu 22 May 2008 04:09:45 PM GMT >Last Seen Thu 22 May 2008 04:09:45 PM GMT >Local ID 770c10c3-7e20-42d9-8265-059c087c125e >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1211472585.364:57): avc: denied { unix_write } for pid=3107 comm="mono" key=1291958957 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=sem > >host=localhost.localdomain type=SYSCALL msg=audit(1211472585.364:57): arch=40000003 syscall=117 per=400000 success=no exit=-13 a0=1 a1=0 a2=1 a3=0 items=0 ppid=1 pid=3107 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="mono" exe="/usr/bin/mono" subj=system_u:object_r:unlabeled_t:s0 key=(null) > > >********* Selinux Alert Mono recieved 22/05/2008 ********* > > >Summary: > >SELinux is preventing mono (unlabeled_t) "use" to /dev/null (unconfined_t). > >Detailed Description: > >SELinux denied access requested by mono. It is not expected that this access is >required by mono and this access may signal an intrusion attempt. It is also >possible that the specific version or configuration of the application is >causing it to require additional access. > >Allowing Access: > >You can generate a local policy module to allow this access - see FAQ >(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable >SELinux protection altogether. Disabling SELinux protection is not recommended. >Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) >against this package. > >Additional Information: > >Source Context system_u:object_r:unlabeled_t:s0 >Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 >Target Objects /dev/null [ fd ] >Source mono >Source Path /usr/bin/mono >Port <Unknown> >Host localhost.localdomain >Source RPM Packages mono-core-1.9.1-2.fc9 >Target RPM Packages >Policy RPM selinux-policy-3.3.1-42.fc9 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name catchall >Host Name localhost.localdomain >Platform Linux localhost.localdomain 2.6.25-14.fc9.i686 #1 > SMP Thu May 1 06:28:41 EDT 2008 i686 i686 >Alert Count 2 >First Seen Thu 22 May 2008 04:09:45 PM GMT >Last Seen Thu 22 May 2008 04:09:45 PM GMT >Local ID 07bd7f1c-f1c7-4824-a207-2db2b7259f5a >Line Numbers > >Raw Audit Messages > >host=localhost.localdomain type=AVC msg=audit(1211472585.465:61): avc: denied { use } for pid=3107 comm="mono" path="/dev/null" dev=tmpfs ino=1964 scontext=system_u:object_r:unlabeled_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=fd > >host=localhost.localdomain type=SYSCALL msg=audit(1211472585.465:61): arch=40000003 syscall=4 per=400000 success=no exit=-13 a0=2 a1=9bc6518 a2=50 a3=9bc6518 items=0 ppid=1 pid=3107 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="mono" exe="/usr/bin/mono" subj=system_u:object_r:unlabeled_t:s0 key=(null)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=307342">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 449340
: 307342 |
308184