Attachment 308605 Details for Bug 450382 – Extra Sealerts

Extra Sealerts

selinux_alert2.txt (text/plain), 10.43 KB, created by Frank Murphy on 2008-06-07 11:38:51 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Frank Murphy

Created: 2008-06-07 11:38:51 UTC

Size: 10.43 KB

patch

obsolete

>
>Summary:
>
>SELinux is preventing sendmail (exim_t) "getattr" to pipe (system_crond_t).
>
>Detailed Description:
>
>SELinux denied access requested by sendmail. It is not expected that this access
>is required by sendmail and this access may signal an intrusion attempt. It is
>also possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>You can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:exim_t:s0
>Target Context                system_u:system_r:system_crond_t:s0
>Target Objects                pipe [ fifo_file ]
>Source                        sendmail
>Source Path                   /usr/sbin/exim
>Port                          <Unknown>
>Host                          frank-01
>Source RPM Packages           exim-4.68-1.fc8
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.0.8-109.fc8
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall
>Host Name                     frank-01
>Platform                      Linux frank-01 2.6.25.4-10.fc8 #1 SMP Thu May 22
>                              23:34:09 EDT 2008 i686 i686
>Alert Count                   3
>First Seen                    Sat 07 Jun 2008 11:59:38 IST
>Last Seen                     Sat 07 Jun 2008 11:59:39 IST
>Local ID                      17d20c49-377a-4276-8f3a-fbd930cee099
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=frank-01 type=AVC msg=audit(1212836379.84:29): avc:  denied  { getattr } for  pid=8135 comm="sendmail" path="pipe:[25801]" dev=pipefs ino=25801 scontext=system_u:system_r:exim_t:s0 tcontext=system_u:system_r:system_crond_t:s0 tclass=fifo_file
>
>host=frank-01 type=SYSCALL msg=audit(1212836379.84:29): arch=40000003 syscall=197 success=no exit=-13 a0=1 a1=bff576b0 a2=811ff4 a3=3 items=0 ppid=1 pid=8135 auid=4294967295 uid=93 gid=93 euid=93 suid=93 fsuid=93 egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/sbin/exim" subj=system_u:system_r:exim_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing mail (system_mail_t) "append" to
>/var/rkhunter/tmp/rkhcronlog.rIvBud6076 (var_t).
>
>Detailed Description:
>
>SELinux denied access requested by mail. It is not expected that this access is
>required by mail and this access may signal an intrusion attempt. It is also
>possible that the specific version or configuration of the application is
>causing it to require additional access.
>
>Allowing Access:
>
>Sometimes labeling problems can cause SELinux denials. You could try to restore
>the default system file context for /var/rkhunter/tmp/rkhcronlog.rIvBud6076,
>
>restorecon -v '/var/rkhunter/tmp/rkhcronlog.rIvBud6076'
>
>If this does not work, there is currently no automatic way to allow this access.
>Instead, you can generate a local policy module to allow this access - see FAQ
>(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
>SELinux protection altogether. Disabling SELinux protection is not recommended.
>Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>against this package.
>
>Additional Information:
>
>Source Context                system_u:system_r:system_mail_t:s0
>Target Context                system_u:object_r:var_t:s0
>Target Objects                /var/rkhunter/tmp/rkhcronlog.rIvBud6076 [ file ]
>Source                        mail
>Source Path                   /bin/mail
>Port                          <Unknown>
>Host                          frank-01
>Source RPM Packages           mailx-8.1.1-46.fc7
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.0.8-109.fc8
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   catchall_file
>Host Name                     frank-01
>Platform                      Linux frank-01 2.6.25.4-10.fc8 #1 SMP Thu May 22
>                              23:34:09 EDT 2008 i686 i686
>Alert Count                   1
>First Seen                    Sat 07 Jun 2008 11:59:38 IST
>Last Seen                     Sat 07 Jun 2008 11:59:38 IST
>Local ID                      54e129ce-08b4-4086-9b7a-5ca72beefa74
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=frank-01 type=AVC msg=audit(1212836378.769:24): avc:  denied  { append } for  pid=8114 comm="mail" path="/var/rkhunter/tmp/rkhcronlog.rIvBud6076" dev=dm-0 ino=16519 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=file
>
>host=frank-01 type=SYSCALL msg=audit(1212836378.769:24): arch=40000003 syscall=11 success=yes exit=0 a0=9c127f0 a1=9c25970 a2=9abed98 a3=40 items=0 ppid=8413 pid=8114 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mail" exe="/bin/mail" subj=system_u:system_r:system_mail_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing the sendmail from using potentially mislabeled files
>(2F746D702F5273675658625765202864656C6574656429).
>
>Detailed Description:
>
>SELinux has denied sendmail access to potentially mislabeled file(s)
>(2F746D702F5273675658625765202864656C6574656429). This means that SELinux will
>not allow sendmail to use these files. It is common for users to edit files in
>their home directory or tmp directories and then move (mv) them to system
>directories. The problem is that the files end up with the wrong file context
>which confined applications are not allowed to access.
>
>Allowing Access:
>
>If you want sendmail to access this files, you need to relabel them using
>restorecon -v '2F746D702F5273675658625765202864656C6574656429'. You might want
>to relabel the entire directory using restorecon -R -v ''.
>
>Additional Information:
>
>Source Context                system_u:system_r:exim_t:s0
>Target Context                system_u:object_r:system_mail_tmp_t:s0
>Target Objects                2F746D702F5273675658625765202864656C6574656429 [
>                              file ]
>Source                        sendmail
>Source Path                   /usr/sbin/exim
>Port                          <Unknown>
>Host                          frank-01
>Source RPM Packages           exim-4.68-1.fc8
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.0.8-109.fc8
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   home_tmp_bad_labels
>Host Name                     frank-01
>Platform                      Linux frank-01 2.6.25.4-10.fc8 #1 SMP Thu May 22
>                              23:34:09 EDT 2008 i686 i686
>Alert Count                   0
>First Seen                    Sat 07 Jun 2008 11:59:38 IST
>Last Seen                     Sat 07 Jun 2008 11:59:38 IST
>Local ID                      c78a4c09-8832-4ce0-b5f2-8bee76eac679
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=frank-01 type=AVC msg=audit(1212836378.784:25): avc:  denied  { read } for  pid=8115 comm="sendmail" path=2F746D702F5273675658625765202864656C6574656429 dev=dm-0 ino=7487550 scontext=system_u:system_r:exim_t:s0 tcontext=system_u:object_r:system_mail_tmp_t:s0 tclass=file
>
>host=frank-01 type=SYSCALL msg=audit(1212836378.784:25): arch=40000003 syscall=11 success=yes exit=0 a0=805848b a1=8f4060c a2=bfce22a8 a3=8f4060c items=0 ppid=8114 pid=8115 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/sbin/exim" subj=system_u:system_r:exim_t:s0 key=(null)
>
>
>
>
>Summary:
>
>SELinux is preventing the sendmail from using potentially mislabeled files
>(2F746D702F52734170426C5071202864656C6574656429).
>
>Detailed Description:
>
>SELinux has denied sendmail access to potentially mislabeled file(s)
>(2F746D702F52734170426C5071202864656C6574656429). This means that SELinux will
>not allow sendmail to use these files. It is common for users to edit files in
>their home directory or tmp directories and then move (mv) them to system
>directories. The problem is that the files end up with the wrong file context
>which confined applications are not allowed to access.
>
>Allowing Access:
>
>If you want sendmail to access this files, you need to relabel them using
>restorecon -v '2F746D702F52734170426C5071202864656C6574656429'. You might want
>to relabel the entire directory using restorecon -R -v ''.
>
>Additional Information:
>
>Source Context                system_u:system_r:exim_t:s0
>Target Context                system_u:object_r:system_mail_tmp_t:s0
>Target Objects                2F746D702F52734170426C5071202864656C6574656429 [
>                              file ]
>Source                        sendmail
>Source Path                   /usr/sbin/exim
>Port                          <Unknown>
>Host                          frank-01
>Source RPM Packages           exim-4.68-1.fc8
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.0.8-109.fc8
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   home_tmp_bad_labels
>Host Name                     frank-01
>Platform                      Linux frank-01 2.6.25.4-10.fc8 #1 SMP Thu May 22
>                              23:34:09 EDT 2008 i686 i686
>Alert Count                   1
>First Seen                    Sat 07 Jun 2008 11:59:38 IST
>Last Seen                     Sat 07 Jun 2008 11:59:38 IST
>Local ID                      855f46ed-a897-4c6b-ac96-135fd870b57e
>Line Numbers                  
>
>Raw Audit Messages            
>
>host=frank-01 type=AVC msg=audit(1212836378.937:27): avc:  denied  { read } for  pid=8135 comm="sendmail" path=2F746D702F52734170426C5071202864656C6574656429 dev=dm-0 ino=7487550 scontext=system_u:system_r:exim_t:s0 tcontext=system_u:object_r:system_mail_tmp_t:s0 tclass=file
>
>host=frank-01 type=SYSCALL msg=audit(1212836378.937:27): arch=40000003 syscall=11 success=yes exit=0 a0=805848b a1=895060c a2=bf8f16c8 a3=895060c items=0 ppid=8134 pid=8135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/sbin/exim" subj=system_u:system_r:exim_t:s0 key=(null)
>
>

Actions: View

Attachments on bug 450382: 308602 | 308605