Attachment 597572 Details for Bug 839287 – Output from sealert

Output from sealert

sealert_output.txt (text/plain), 8.50 KB, created by Major Hayden 🤠 on 2012-07-11 13:13:01 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Major Hayden 🤠

Created: 2012-07-11 13:13:01 UTC

Size: 8.50 KB

patch

obsolete

>[root@helium ~]# sealert -l b1392df4-dda4-4b82-914c-1e20c62fc898
>WARNING: Policy would be downgraded from version 27 to 26.
>SELinux is preventing /usr/bin/python2.7 from read access on the file group.
>
>*****  Plugin xen_image (91.4 confidence) suggests  **************************
>
>If you want to allow python2.7 to have read access on the group file
>Then you need to change the label on 'group'
>Do
># semanage fcontext -a -t xen_image_t 'group'
># restorecon -v 'group'
>
>*****  Plugin catchall (9.59 confidence) suggests  ***************************
>
>If you believe that python2.7 should be allowed read access on the group file by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep xend /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>
>WARNING: Policy would be downgraded from version 27 to 26.
>WARNING: Policy would be downgraded from version 27 to 26.
>Additional Information:
>Source Context                system_u:system_r:xend_t:s0
>Target Context                system_u:object_r:passwd_file_t:s0
>Target Objects                group [ file ]
>Source                        xend
>Source Path                   /usr/bin/python2.7
>Port                          <Unknown>
>Host                          helium.mhtx.net
>Source RPM Packages           python-2.7.3-6.fc17.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.10.0-134.fc17.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     helium.mhtx.net
>Platform                      Linux helium.mhtx.net 3.4.4-5.fc17.x86_64 #1 SMP
>                              Thu Jul 5 20:20:59 UTC 2012 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue 10 Jul 2012 04:31:26 AM UTC
>Last Seen                     Tue 10 Jul 2012 04:38:27 AM UTC
>Local ID                      b1392df4-dda4-4b82-914c-1e20c62fc898
>
>Raw Audit Messages
>type=AVC msg=audit(1341895107.913:435): avc:  denied  { read } for  pid=2975 comm="xend" name="group" dev="dm-0" ino=917980 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file
>
>
>type=SYSCALL msg=audit(1341895107.913:435): arch=x86_64 syscall=open success=no exit=EACCES a0=7fa9b42966bf a1=80000 a2=1b6 a3=238 items=0 ppid=1 pid=2975 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xend exe=/usr/bin/python2.7 subj=system_u:system_r:xend_t:s0 key=(null)
>
>Hash: xend,xend_t,passwd_file_t,file,read
>
>audit2allow
>
>#============= xend_t ==============
>#!!!! This avc is allowed in the current policy
>
>allow xend_t passwd_file_t:file read;
>
>audit2allow -R
>
>#============= xend_t ==============
>#!!!! This avc is allowed in the current policy
>
>allow xend_t passwd_file_t:file read;
>
>
>[root@helium ~]# sealert -l 3e09edc3-aeb7-49f5-96e1-d8148afda48f
>WARNING: Policy would be downgraded from version 27 to 26.
>SELinux is preventing /usr/bin/python2.7 from setattr access on the chr_file 1.
>
>*****  Plugin catchall (100. confidence) suggests  ***************************
>
>If you believe that python2.7 should be allowed setattr access on the 1 chr_file by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep xend /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>
>WARNING: Policy would be downgraded from version 27 to 26.
>WARNING: Policy would be downgraded from version 27 to 26.
>Additional Information:
>Source Context                system_u:system_r:xend_t:s0
>Target Context                system_u:object_r:devpts_t:s0
>Target Objects                1 [ chr_file ]
>Source                        xend
>Source Path                   /usr/bin/python2.7
>Port                          <Unknown>
>Host                          helium.mhtx.net
>Source RPM Packages           python-2.7.3-6.fc17.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.10.0-134.fc17.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     helium.mhtx.net
>Platform                      Linux helium.mhtx.net 3.4.4-5.fc17.x86_64 #1 SMP
>                              Thu Jul 5 20:20:59 UTC 2012 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue 10 Jul 2012 04:31:26 AM UTC
>Last Seen                     Tue 10 Jul 2012 04:38:27 AM UTC
>Local ID                      3e09edc3-aeb7-49f5-96e1-d8148afda48f
>
>Raw Audit Messages
>type=AVC msg=audit(1341895107.913:436): avc:  denied  { setattr } for  pid=2975 comm="xend" name="1" dev="devpts" ino=4 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
>
>
>type=SYSCALL msg=audit(1341895107.913:436): arch=x86_64 syscall=chown success=no exit=EACCES a0=7fa9acff2ce0 a1=0 a2=0 a3=238 items=0 ppid=1 pid=2975 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xend exe=/usr/bin/python2.7 subj=system_u:system_r:xend_t:s0 key=(null)
>
>Hash: xend,xend_t,devpts_t,chr_file,setattr
>
>audit2allow
>
>#============= xend_t ==============
>#!!!! This avc is allowed in the current policy
>
>allow xend_t devpts_t:chr_file setattr;
>
>audit2allow -R
>
>#============= xend_t ==============
>#!!!! This avc is allowed in the current policy
>
>allow xend_t devpts_t:chr_file setattr;
>
>
>[root@helium ~]# sealert -l 86395f09-5f33-4f66-8d02-519b61e54139
>WARNING: Policy would be downgraded from version 27 to 26.
>SELinux is preventing /usr/bin/python2.7 from execute access on the file pt_chown.
>
>*****  Plugin leaks (86.2 confidence) suggests  ******************************
>
>If you want to ignore python2.7 trying to execute access the pt_chown file, because you believe it should not need this access.
>Then you should report this as a bug.  
>You can generate a local policy module to dontaudit this access.
>Do
># grep /usr/bin/python2.7 /var/log/audit/audit.log | audit2allow -D -M mypol
># semodule -i mypol.pp
>
>*****  Plugin catchall (14.7 confidence) suggests  ***************************
>
>If you believe that python2.7 should be allowed execute access on the pt_chown file by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep xend /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>
>WARNING: Policy would be downgraded from version 27 to 26.
>WARNING: Policy would be downgraded from version 27 to 26.
>Additional Information:
>Source Context                system_u:system_r:xend_t:s0
>Target Context                system_u:object_r:ptchown_exec_t:s0
>Target Objects                pt_chown [ file ]
>Source                        xend
>Source Path                   /usr/bin/python2.7
>Port                          <Unknown>
>Host                          helium.mhtx.net
>Source RPM Packages           python-2.7.3-6.fc17.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.10.0-134.fc17.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     helium.mhtx.net
>Platform                      Linux helium.mhtx.net 3.4.4-5.fc17.x86_64 #1 SMP
>                              Thu Jul 5 20:20:59 UTC 2012 x86_64 x86_64
>Alert Count                   2
>First Seen                    Tue 10 Jul 2012 04:31:26 AM UTC
>Last Seen                     Tue 10 Jul 2012 04:38:27 AM UTC
>Local ID                      86395f09-5f33-4f66-8d02-519b61e54139
>
>Raw Audit Messages
>type=AVC msg=audit(1341895107.920:437): avc:  denied  { execute } for  pid=2976 comm="xend" name="pt_chown" dev="dm-0" ino=1966878 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:ptchown_exec_t:s0 tclass=file
>
>
>type=SYSCALL msg=audit(1341895107.920:437): arch=x86_64 syscall=execve success=no exit=EACCES a0=7fa9c276af2e a1=7fa9acff0770 a2=0 a3=19 items=0 ppid=953 pid=2976 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xend exe=/usr/bin/python2.7 subj=system_u:system_r:xend_t:s0 key=(null)
>
>Hash: xend,xend_t,ptchown_exec_t,file,execute
>
>audit2allow
>
>#============= xend_t ==============
>#!!!! This avc is allowed in the current policy
>
>allow xend_t ptchown_exec_t:file execute;
>
>audit2allow -R
>
>#============= xend_t ==============
>#!!!! This avc is allowed in the current policy
>
>allow xend_t ptchown_exec_t:file execute;

Actions: View

Attachments on bug 839287: 597572