Attachment 495227 Details for Bug 699240 – SE alert with new policy

SE alert with new policy

sealert_new.txt (text/plain), 3.09 KB, created by Bonzo1834 on 2011-04-27 13:10:12 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Bonzo1834

Created: 2011-04-27 13:10:12 UTC

Size: 3.09 KB

patch

obsolete

>SELinux is preventing /usr/sbin/pppd from read access on the lnk_file /var/lock.
>
>*****  Plugin restorecon (94.8 confidence) suggests  *************************
>
>If you want to fix the label. 
>/var/lock default label should be var_lock_t.
>Then you can run restorecon.
>Do
># /sbin/restorecon -v /var/lock
>
>*****  Plugin catchall_labels (5.21 confidence) suggests  ********************
>
>If you want to allow pppd to have read access on the lock lnk_file
>Then you need to change the label on /var/lock
>Do
># semanage fcontext -a -t FILE_TYPE '/var/lock'
>where FILE_TYPE is one of the following: locale_t, abrt_t, etc_t, lib_t, proc_t, sysfs_t, root_t, device_t, postfix_etc_t, ld_so_t, proc_t, textrel_shlib_t, rpm_script_tmp_t, pppd_etc_t, var_run_t, userdomain, proc_net_t, var_run_t, mta_exec_type, home_root_t, udev_var_run_t, var_lock_t, bin_t, cert_t, pppd_t, user_home_dir_t, device_t, devlog_t, var_run_t, var_run_t, var_run_t, cert_t. 
>Then execute: 
>restorecon -v '/var/lock'
>
>
>*****  Plugin catchall (1.44 confidence) suggests  ***************************
>
>If you believe that pppd should be allowed read access on the lock lnk_file by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep pppd /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>Additional Information:
>Source Context                system_u:system_r:pppd_t:s0
>Target Context                system_u:object_r:var_t:s0
>Target Objects                /var/lock [ lnk_file ]
>Source                        pppd
>Source Path                   /usr/sbin/pppd
>Port                          <Unknown>
>Host                          a1
>Source RPM Packages           ppp-2.4.5-16.fc15
>Target RPM Packages           filesystem-2.4.40-1.fc15
>Policy RPM                    selinux-policy-3.9.16-18.fc15
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     a1
>Platform                      Linux a1 2.6.38.2-9.fc15.i686.PAE #1 SMP Wed Mar
>                              30 16:47:28 UTC 2011 i686 i686
>Alert Count                   3
>First Seen                    Wed 27 Apr 2011 02:44:55 PM CEST
>Last Seen                     Wed 27 Apr 2011 02:56:38 PM CEST
>Local ID                      e1731787-f04d-4b19-ba1c-160c11e8b91b
>
>Raw Audit Messages
>type=AVC msg=audit(1303908998.985:59): avc:  denied  { read } for  pid=2182 comm="pppd" name="lock" dev=sda1 ino=741147 scontext=system_u:system_r:pppd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
>
>
>type=SYSCALL msg=audit(1303908998.985:59): arch=i386 syscall=open success=no exit=EACCES a0=7987a0 a1=800c2 a2=1a4 a3=7987a0 items=0 ppid=823 pid=2182 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=pppd exe=/usr/sbin/pppd subj=system_u:system_r:pppd_t:s0 key=(null)
>
>Hash: pppd,pppd_t,var_t,lnk_file,read
>
>audit2allow
>
>#============= pppd_t ==============
>allow pppd_t var_t:lnk_file read;
>
>audit2allow -R
>
>#============= pppd_t ==============
>allow pppd_t var_t:lnk_file read;

Actions: View

Attachments on bug 699240: 494530 | 495227