Attachment 583381 Details for Bug 819082 – selinux alert browser output

selinux alert browser output

sealert.txt (text/plain), 3.40 KB, created by Patrick Talbert on 2012-05-09 20:48:29 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Patrick Talbert

Created: 2012-05-09 20:48:29 UTC

Size: 3.40 KB

patch

obsolete

>SELinux is preventing /usr/bin/dbus-daemon (deleted) from 'read, write' accesses on the file /mnt/Shares/empireEFIv1085.iso.
>
>*****  Plugin file (36.8 confidence) suggests  *******************************
>
>If you think this is caused by a badly mislabeled machine.
>Then you need to fully relabel.
>Do
>touch /.autorelabel; reboot
>
>*****  Plugin file (36.8 confidence) suggests  *******************************
>
>If you think this is caused by a badly mislabeled machine.
>Then you need to fully relabel.
>Do
>touch /.autorelabel; reboot
>
>*****  Plugin catchall_labels (23.2 confidence) suggests  ********************
>
>If you want to allow dbus-daemon (deleted) to have read write access on the empireEFIv1085.iso file
>Then you need to change the label on /mnt/Shares/empireEFIv1085.iso
>Do
># semanage fcontext -a -t FILE_TYPE '/mnt/Shares/empireEFIv1085.iso'
>where FILE_TYPE is one of the following: system_dbusd_tmp_t, system_dbusd_t, security_t, puppet_tmp_t, afs_cache_t, system_dbusd_var_run_t, user_cron_spool_t. 
>Then execute: 
>restorecon -v '/mnt/Shares/empireEFIv1085.iso'
>
>
>*****  Plugin catchall (5.04 confidence) suggests  ***************************
>
>If you believe that dbus-daemon (deleted) should be allowed read write access on the empireEFIv1085.iso file by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep dbus-daemon /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>Additional Information:
>Source Context                system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
>Target Context                system_u:object_r:file_t:s0
>Target Objects                /mnt/Shares/empireEFIv1085.iso [ file ]
>Source                        dbus-daemon
>Source Path                   /usr/bin/dbus-daemon (deleted)
>Port                          <Unknown>
>Host                          crudora.schiznet
>Source RPM Packages           dbus-1.4.10-4.fc17.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.10.0-121.fc17.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Permissive
>Host Name                     crudora.schiznet
>Platform                      Linux crudora.schiznet 3.3.4-4.fc17.x86_64 #1 SMP
>                              Fri May 4 17:25:07 UTC 2012 x86_64 x86_64
>Alert Count                   10
>First Seen                    Fri 04 May 2012 03:11:12 PM EDT
>Last Seen                     Wed 09 May 2012 04:45:16 PM EDT
>Local ID                      077793fa-505f-40ad-9dda-0c26a11b5600
>
>Raw Audit Messages
>type=AVC msg=audit(1336596316.38:1029): avc:  denied  { read write } for  pid=818 comm="dbus-daemon" path="/mnt/Shares/empireEFIv1085.iso" dev="sdc" ino=14331 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file
>
>
>type=SYSCALL msg=audit(1336596316.38:1029): arch=x86_64 syscall=recvmsg success=yes exit=200 a0=3b a1=7fffe4664bd0 a2=40000000 a3=0 items=0 ppid=1 pid=818 auid=4294967295 uid=81 gid=81 euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) ses=4294967295 comm=dbus-daemon exe=/usr/bin/dbus-daemon subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)
>
>Hash: dbus-daemon,system_dbusd_t,file_t,file,read,write
>
>audit2allowunable to open /sys/fs/selinux/policy:  Permission denied
>
>
>audit2allow -Runable to open /sys/fs/selinux/policy:  Permission denied

Actions: View

Attachments on bug 819082: 582202 | 583381