Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 647201 Details for
Bug 877751
SELinux denials with blueman when enabling NAP
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Denials 2 to 25/25
denials_02_to_25.txt (text/plain), 64.63 KB, created by
Seb L.
on 2012-11-18 14:46:06 UTC
(
hide
)
Description:
Denials 2 to 25/25
Filename:
MIME Type:
Creator:
Seb L.
Created:
2012-11-18 14:46:06 UTC
Size:
64.63 KB
patch
obsolete
>********** denial_2_on_25.txt ********** > >SELinux is preventing /usr/bin/python2.7 from search access on the directory net. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed search access on the net directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:sysctl_net_t:s0 >Target Objects net [ dir ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Inconnu> >Host seb-mini9 >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:18 CET >Last Seen 2012-11-18 15:14:18 CET >Local ID 635a3fe3-bba0-4f20-89a2-edc632c9c1c4 > >Raw Audit Messages >type=AVC msg=audit(1353248058.926:66): avc: denied { search } for pid=1403 comm="blueman-mechani" name="net" dev="proc" ino=8639 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir > > >type=AVC msg=audit(1353248058.926:66): avc: denied { write } for pid=1403 comm="blueman-mechani" name="ip_forward" dev="proc" ino=8641 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file > > >type=AVC msg=audit(1353248058.926:66): avc: denied { open } for pid=1403 comm="blueman-mechani" path="/proc/sys/net/ipv4/ip_forward" dev="proc" ino=8641 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248058.926:66): arch=i386 syscall=open success=yes exit=ENOEXEC a0=8a0f198 a1=8241 a2=1b6 a3=8a0fa20 items=0 ppid=1 pid=1403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,sysctl_net_t,dir,search > >audit2allow > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:dir search; >#!!!! The source type 'blueman_t' can write to a 'file' of the following types: ># blueman_var_lib_t, root_t > >allow blueman_t sysctl_net_t:file { write open }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:dir search; >#!!!! The source type 'blueman_t' can write to a 'file' of the following types: ># blueman_var_lib_t, root_t > >allow blueman_t sysctl_net_t:file { write open }; > > >********** denial_3_on_25.txt ********** > >SELinux is preventing /usr/bin/python2.7 from getattr access on the file /proc/sys/net/ipv4/ip_forward. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed getattr access on the ip_forward file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:sysctl_net_t:s0 >Target Objects /proc/sys/net/ipv4/ip_forward [ file ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Inconnu> >Host seb-mini9 >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:18 CET >Last Seen 2012-11-18 15:14:18 CET >Local ID f1f6c174-e117-4df7-9b1d-afff7d49d538 > >Raw Audit Messages >type=AVC msg=audit(1353248058.928:67): avc: denied { getattr } for pid=1403 comm="blueman-mechani" path="/proc/sys/net/ipv4/ip_forward" dev="proc" ino=8641 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248058.928:67): arch=i386 syscall=fstat64 success=yes exit=0 a0=8 a1=bf9a6990 a2=445b2ff4 a3=b7066498 items=0 ppid=1 pid=1403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,sysctl_net_t,file,getattr > >audit2allow > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:file getattr; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:file getattr; > > >********** denial_4_on_25.txt ********** > >SELinux is preventing /usr/bin/python2.7 from read access on the directory conf. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed read access on the conf directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:sysctl_net_t:s0 >Target Objects conf [ dir ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Inconnu> >Host seb-mini9 >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:18 CET >Last Seen 2012-11-18 15:14:18 CET >Local ID d98e50e2-4ebf-4d3f-8df3-9e39f09a3d5d > >Raw Audit Messages >type=AVC msg=audit(1353248058.930:68): avc: denied { read } for pid=1403 comm="blueman-mechani" name="conf" dev="proc" ino=8642 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir > > >type=AVC msg=audit(1353248058.930:68): avc: denied { open } for pid=1403 comm="blueman-mechani" path="/proc/sys/net/ipv4/conf" dev="proc" ino=8642 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir > > >type=SYSCALL msg=audit(1353248058.930:68): arch=i386 syscall=openat success=yes exit=ENOEXEC a0=ffffff9c a1=89b93d8 a2=98800 a3=0 items=0 ppid=1 pid=1403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,sysctl_net_t,dir,read > >audit2allow > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:dir { read open }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:dir { read open }; > > >********** denial_5_on_25.txt ********** > >SELinux is preventing /usr/sbin/ifconfig from execute access on the file /usr/sbin/ifconfig. > >***** Plugin leaks (86.2 confidence) suggests ****************************** > >If you want to ignore ifconfig trying to execute access the ifconfig file, because you believe it should not need this access. >Then you should report this as a bug. >You can generate a local policy module to dontaudit this access. >Do ># grep /usr/sbin/ifconfig /var/log/audit/audit.log | audit2allow -D -M mypol ># semodule -i mypol.pp > >***** Plugin catchall (14.7 confidence) suggests *************************** > >If you believe that ifconfig should be allowed execute access on the ifconfig file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep ifconfig /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:ifconfig_exec_t:s0 >Target Objects /usr/sbin/ifconfig [ file ] >Source ifconfig >Source Path /usr/sbin/ifconfig >Port <Inconnu> >Host seb-mini9 >Source RPM Packages net-tools-1.60-138.20120702git.fc17.i686 >Target RPM Packages net-tools-1.60-138.20120702git.fc17.i686 >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:18 CET >Last Seen 2012-11-18 15:14:18 CET >Local ID 144adea3-81ee-4039-9e85-ff575d51ea12 > >Raw Audit Messages >type=AVC msg=audit(1353248058.978:69): avc: denied { execute } for pid=1410 comm="blueman-mechani" name="ifconfig" dev="sda1" ino=468654 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353248058.978:69): avc: denied { read open } for pid=1410 comm="blueman-mechani" path="/usr/sbin/ifconfig" dev="sda1" ino=468654 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353248058.978:69): avc: denied { execute_no_trans } for pid=1410 comm="blueman-mechani" path="/usr/sbin/ifconfig" dev="sda1" ino=468654 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248058.978:69): arch=i386 syscall=execve success=yes exit=0 a0=89b6e10 a1=8a0db48 a2=89bce90 a3=8a0db60 items=0 ppid=1403 pid=1410 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=ifconfig exe=/usr/sbin/ifconfig subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: ifconfig,blueman_t,ifconfig_exec_t,file,execute > >audit2allow > >#============= blueman_t ============== >allow blueman_t ifconfig_exec_t:file { read execute open execute_no_trans }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t ifconfig_exec_t:file { read execute open execute_no_trans }; > > >********** denial_6_on_25.txt ********** > >SELinux is preventing /usr/sbin/ifconfig from read access on the file unix. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that ifconfig should be allowed read access on the unix file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep ifconfig /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:proc_net_t:s0 >Target Objects unix [ file ] >Source ifconfig >Source Path /usr/sbin/ifconfig >Port <Inconnu> >Host seb-mini9 >Source RPM Packages net-tools-1.60-138.20120702git.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:18 CET >Last Seen 2012-11-18 15:14:18 CET >Local ID ceb04b55-2e1e-40e8-a6dd-19efa6bd9382 > >Raw Audit Messages >type=AVC msg=audit(1353248058.986:70): avc: denied { read } for pid=1410 comm="ifconfig" name="unix" dev="proc" ino=4026531999 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248058.986:70): arch=i386 syscall=access success=yes exit=0 a0=8056105 a1=4 a2=8059a00 a3=8059300 items=0 ppid=1403 pid=1410 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=ifconfig exe=/usr/sbin/ifconfig subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: ifconfig,blueman_t,proc_net_t,file,read > >audit2allow > >#============= blueman_t ============== >allow blueman_t proc_net_t:file read; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t proc_net_t:file read; > > >********** denial_7_on_25.txt ********** > >SELinux is preventing /usr/bin/python2.7 from write access on the directory /run. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed write access on the run directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:var_run_t:s0 >Target Objects /run [ dir ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Inconnu> >Host seb-mini9 >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages filesystem-3-2.fc17.i686 >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID 41b36ef9-2b67-4086-b9c5-adc9c45f0fd0 > >Raw Audit Messages >type=AVC msg=audit(1353248059.2:71): avc: denied { write } for pid=1403 comm="blueman-mechani" name="/" dev="tmpfs" ino=7237 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir > > >type=AVC msg=audit(1353248059.2:71): avc: denied { add_name } for pid=1403 comm="blueman-mechani" name="blueman-ifconfig" scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir > > >type=AVC msg=audit(1353248059.2:71): avc: denied { create } for pid=1403 comm="blueman-mechani" name="blueman-ifconfig" scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file > > >type=AVC msg=audit(1353248059.2:71): avc: denied { write open } for pid=1403 comm="blueman-mechani" path="/run/blueman-ifconfig" dev="tmpfs" ino=21642 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248059.2:71): arch=i386 syscall=open success=yes exit=ENOEXEC a0=89b93d8 a1=8241 a2=1b6 a3=8a11ad0 items=0 ppid=1 pid=1403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,var_run_t,dir,write > >audit2allow > >#============= blueman_t ============== >#!!!! The source type 'blueman_t' can write to a 'dir' of the following types: ># var_lib_t, blueman_var_lib_t, root_t > >allow blueman_t var_run_t:dir { write add_name }; >#!!!! The source type 'blueman_t' can write to a 'file' of the following types: ># blueman_var_lib_t, root_t > >allow blueman_t var_run_t:file { write create open }; > >audit2allow -R > >#============= blueman_t ============== >#!!!! The source type 'blueman_t' can write to a 'dir' of the following types: ># var_lib_t, blueman_var_lib_t, root_t > >allow blueman_t var_run_t:dir { write add_name }; >#!!!! The source type 'blueman_t' can write to a 'file' of the following types: ># blueman_var_lib_t, root_t > >allow blueman_t var_run_t:file { write create open }; > > >********** denial_8_on_25.txt ********** > >SELinux is preventing /usr/bin/python2.7 from getattr access on the file /run/blueman-ifconfig. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed getattr access on the blueman-ifconfig file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:var_run_t:s0 >Target Objects /run/blueman-ifconfig [ file ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Inconnu> >Host seb-mini9 >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID c150ddee-548a-4345-8919-fba07188fd4a > >Raw Audit Messages >type=AVC msg=audit(1353248059.3:72): avc: denied { getattr } for pid=1403 comm="blueman-mechani" path="/run/blueman-ifconfig" dev="tmpfs" ino=21642 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248059.3:72): arch=i386 syscall=fstat64 success=yes exit=0 a0=8 a1=bf9a6990 a2=445b2ff4 a3=b7066498 items=0 ppid=1 pid=1403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,var_run_t,file,getattr > >audit2allow > >#============= blueman_t ============== >allow blueman_t var_run_t:file getattr; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t var_run_t:file getattr; > > >********** denial_9_on_25.txt ********** > >SELinux is preventing /usr/sbin/xtables-multi from execute access on the file /usr/sbin/xtables-multi. > >***** Plugin leaks (86.2 confidence) suggests ****************************** > >If you want to ignore xtables-multi trying to execute access the xtables-multi file, because you believe it should not need this access. >Then you should report this as a bug. >You can generate a local policy module to dontaudit this access. >Do ># grep /usr/sbin/xtables-multi /var/log/audit/audit.log | audit2allow -D -M mypol ># semodule -i mypol.pp > >***** Plugin catchall (14.7 confidence) suggests *************************** > >If you believe that xtables-multi should be allowed execute access on the xtables-multi file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep iptables /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:iptables_exec_t:s0 >Target Objects /usr/sbin/xtables-multi [ file ] >Source iptables >Source Path /usr/sbin/xtables-multi >Port <Inconnu> >Host seb-mini9 >Source RPM Packages iptables-1.4.14-2.fc17.i686 >Target RPM Packages iptables-1.4.14-2.fc17.i686 >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID 1475c8d2-c805-4c76-ad6b-283d277d4565 > >Raw Audit Messages >type=AVC msg=audit(1353248059.24:73): avc: denied { execute } for pid=1415 comm="blueman-mechani" name="xtables-multi" dev="sda1" ino=446669 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353248059.24:73): avc: denied { read open } for pid=1415 comm="blueman-mechani" path="/usr/sbin/xtables-multi" dev="sda1" ino=446669 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353248059.24:73): avc: denied { execute_no_trans } for pid=1415 comm="blueman-mechani" path="/usr/sbin/xtables-multi" dev="sda1" ino=446669 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248059.24:73): arch=i386 syscall=execve success=yes exit=0 a0=8a06c48 a1=89b93d8 a2=89bce90 a3=89b93fc items=0 ppid=1403 pid=1415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: iptables,blueman_t,iptables_exec_t,file,execute > >audit2allow > >#============= blueman_t ============== >allow blueman_t iptables_exec_t:file { read execute open execute_no_trans }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t iptables_exec_t:file { read execute open execute_no_trans }; > > >********** denial_10_on_25.txt ********** > >SELinux is preventing /usr/sbin/xtables-multi from create access on the rawip_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that xtables-multi should be allowed create access on the rawip_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep iptables /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ rawip_socket ] >Source iptables >Source Path /usr/sbin/xtables-multi >Port <Inconnu> >Host seb-mini9 >Source RPM Packages iptables-1.4.14-2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID dac718b1-aff1-4b7e-b6d2-619959450a23 > >Raw Audit Messages >type=AVC msg=audit(1353248059.29:74): avc: denied { create } for pid=1415 comm="iptables" scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=rawip_socket > > >type=AVC msg=audit(1353248059.29:74): avc: denied { net_raw } for pid=1415 comm="iptables" capability=13 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=capability > > >type=SYSCALL msg=audit(1353248059.29:74): arch=i386 syscall=socketcall success=yes exit=ESRCH a0=1 a1=bfd8fd60 a2=445eca2c a3=0 items=0 ppid=1403 pid=1415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: iptables,blueman_t,blueman_t,rawip_socket,create > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:capability net_raw; >allow blueman_t self:rawip_socket create; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:capability net_raw; >allow blueman_t self:rawip_socket create; > > >********** denial_11_on_25.txt ********** > >SELinux is preventing /usr/sbin/xtables-multi from getopt access on the rawip_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that xtables-multi should be allowed getopt access on the rawip_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep iptables /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ rawip_socket ] >Source iptables >Source Path /usr/sbin/xtables-multi >Port <Inconnu> >Host seb-mini9 >Source RPM Packages iptables-1.4.14-2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID fc090830-74e7-41e4-9d0f-585fdbc31dfc > >Raw Audit Messages >type=AVC msg=audit(1353248059.33:75): avc: denied { getopt } for pid=1415 comm="iptables" lport=255 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=rawip_socket > > >type=SYSCALL msg=audit(1353248059.33:75): arch=i386 syscall=socketcall success=yes exit=0 a0=f a1=bfd8fd60 a2=445eca2c a3=0 items=0 ppid=1403 pid=1415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: iptables,blueman_t,blueman_t,rawip_socket,getopt > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:rawip_socket getopt; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:rawip_socket getopt; > > >********** denial_12_on_25.txt ********** > >SELinux is preventing /usr/sbin/xtables-multi from setopt access on the rawip_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that xtables-multi should be allowed setopt access on the rawip_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep iptables /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ rawip_socket ] >Source iptables >Source Path /usr/sbin/xtables-multi >Port <Inconnu> >Host seb-mini9 >Source RPM Packages iptables-1.4.14-2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID 031981ed-5451-49ef-a011-015f51961f1b > >Raw Audit Messages >type=AVC msg=audit(1353248059.43:76): avc: denied { setopt } for pid=1416 comm="iptables" lport=255 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=rawip_socket > > >type=SYSCALL msg=audit(1353248059.43:76): arch=i386 syscall=socketcall success=yes exit=0 a0=e a1=bfb01520 a2=445eca2c a3=840 items=0 ppid=1403 pid=1416 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: iptables,blueman_t,blueman_t,rawip_socket,setopt > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:rawip_socket setopt; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:rawip_socket setopt; > > >********** denial_13_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from execute access on the file /usr/sbin/dnsmasq. > >***** Plugin leaks (86.2 confidence) suggests ****************************** > >If you want to ignore dnsmasq trying to execute access the dnsmasq file, because you believe it should not need this access. >Then you should report this as a bug. >You can generate a local policy module to dontaudit this access. >Do ># grep /usr/sbin/dnsmasq /var/log/audit/audit.log | audit2allow -D -M mypol ># semodule -i mypol.pp > >***** Plugin catchall (14.7 confidence) suggests *************************** > >If you believe that dnsmasq should be allowed execute access on the dnsmasq file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dnsmasq_exec_t:s0 >Target Objects /usr/sbin/dnsmasq [ file ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Inconnu> >Host seb-mini9 >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages dnsmasq-2.63-1.fc17.i686 >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID 2783e7d9-aedc-481d-9ee0-cc24b1595aa8 > >Raw Audit Messages >type=AVC msg=audit(1353248059.148:82): avc: denied { execute } for pid=1423 comm="blueman-mechani" name="dnsmasq" dev="sda1" ino=417792 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353248059.148:82): avc: denied { read open } for pid=1423 comm="blueman-mechani" path="/usr/sbin/dnsmasq" dev="sda1" ino=417792 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353248059.148:82): avc: denied { execute_no_trans } for pid=1423 comm="blueman-mechani" path="/usr/sbin/dnsmasq" dev="sda1" ino=417792 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_exec_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248059.148:82): arch=i386 syscall=execve success=yes exit=0 a0=89b6e10 a1=8a03b88 a2=89bce90 a3=8a03ba4 items=0 ppid=1403 pid=1423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dnsmasq_exec_t,file,execute > >audit2allow > >#============= blueman_t ============== >allow blueman_t dnsmasq_exec_t:file { read execute open execute_no_trans }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dnsmasq_exec_t:file { read execute open execute_no_trans }; > > >********** denial_14_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from getattr access on the file /etc/dnsmasq.conf. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed getattr access on the dnsmasq.conf file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dnsmasq_etc_t:s0 >Target Objects /etc/dnsmasq.conf [ file ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Inconnu> >Host seb-mini9 >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages dnsmasq-2.63-1.fc17.i686 >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID a9c9630d-8db9-4801-9cf1-61ed280e706d > >Raw Audit Messages >type=AVC msg=audit(1353248059.154:83): avc: denied { getattr } for pid=1423 comm="dnsmasq" path="/etc/dnsmasq.conf" dev="sda1" ino=410438 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_etc_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248059.154:83): arch=i386 syscall=stat64 success=yes exit=0 a0=8074daa a1=bfc851a0 a2=445b2ff4 a3=8074daa items=0 ppid=1403 pid=1423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dnsmasq_etc_t,file,getattr > >audit2allow > >#============= blueman_t ============== >allow blueman_t dnsmasq_etc_t:file getattr; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dnsmasq_etc_t:file getattr; > > >********** denial_15_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from read access on the file /etc/dnsmasq.conf. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed read access on the dnsmasq.conf file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dnsmasq_etc_t:s0 >Target Objects /etc/dnsmasq.conf [ file ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Inconnu> >Host seb-mini9 >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages dnsmasq-2.63-1.fc17.i686 >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID c1d20d45-bfcd-480f-8521-322bfe39db8c > >Raw Audit Messages >type=AVC msg=audit(1353248059.154:84): avc: denied { read } for pid=1423 comm="dnsmasq" name="dnsmasq.conf" dev="sda1" ino=410438 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_etc_t:s0 tclass=file > > >type=AVC msg=audit(1353248059.154:84): avc: denied { open } for pid=1423 comm="dnsmasq" path="/etc/dnsmasq.conf" dev="sda1" ino=410438 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_etc_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248059.154:84): arch=i386 syscall=open success=yes exit=ESRCH a0=8074daa a1=8000 a2=1b6 a3=8e62aa8 items=0 ppid=1403 pid=1423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dnsmasq_etc_t,file,read > >audit2allow > >#============= blueman_t ============== >allow blueman_t dnsmasq_etc_t:file { read open }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dnsmasq_etc_t:file { read open }; > > >********** denial_16_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from search access on the directory /var/lib/dnsmasq. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed search access on the dnsmasq directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dnsmasq_lease_t:s0 >Target Objects /var/lib/dnsmasq [ dir ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Inconnu> >Host seb-mini9 >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages dnsmasq-2.63-1.fc17.i686 >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID b289e9b5-8896-4731-b06f-f50fc3845d59 > >Raw Audit Messages >type=AVC msg=audit(1353248059.169:85): avc: denied { search } for pid=1423 comm="dnsmasq" name="dnsmasq" dev="sda1" ino=172232 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_lease_t:s0 tclass=dir > > >type=AVC msg=audit(1353248059.169:85): avc: denied { read append } for pid=1423 comm="dnsmasq" name="dnsmasq.leases" dev="sda1" ino=132764 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_lease_t:s0 tclass=file > > >type=AVC msg=audit(1353248059.169:85): avc: denied { open } for pid=1423 comm="dnsmasq" path="/var/lib/dnsmasq/dnsmasq.leases" dev="sda1" ino=132764 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_lease_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248059.169:85): arch=i386 syscall=open success=yes exit=ESRCH a0=8076150 a1=8442 a2=1b6 a3=8e640c8 items=0 ppid=1403 pid=1423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dnsmasq_lease_t,dir,search > >audit2allow > >#============= blueman_t ============== >allow blueman_t dnsmasq_lease_t:dir search; >allow blueman_t dnsmasq_lease_t:file { read open append }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dnsmasq_lease_t:dir search; >allow blueman_t dnsmasq_lease_t:file { read open append }; > > >********** denial_17_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from getattr access on the file /var/lib/dnsmasq/dnsmasq.leases. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed getattr access on the dnsmasq.leases file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dnsmasq_lease_t:s0 >Target Objects /var/lib/dnsmasq/dnsmasq.leases [ file ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Inconnu> >Host seb-mini9 >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID 4f0d8d66-6222-42fe-bed4-7a4ea651e20e > >Raw Audit Messages >type=AVC msg=audit(1353248059.171:86): avc: denied { getattr } for pid=1423 comm="dnsmasq" path="/var/lib/dnsmasq/dnsmasq.leases" dev="sda1" ino=132764 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_lease_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248059.171:86): arch=i386 syscall=fstat64 success=yes exit=0 a0=3 a1=bfc85100 a2=445b2ff4 a3=8e640c8 items=0 ppid=1403 pid=1423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dnsmasq_lease_t,file,getattr > >audit2allow > >#============= blueman_t ============== >allow blueman_t dnsmasq_lease_t:file getattr; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dnsmasq_lease_t:file getattr; > > >********** denial_18_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from name_bind access on the udp_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed name_bind access on the udp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dhcpd_port_t:s0 >Target Objects [ udp_socket ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port 67 >Host seb-mini9 >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID 4a752073-bc98-443c-b64d-d6f517331e09 > >Raw Audit Messages >type=AVC msg=audit(1353248059.172:87): avc: denied { name_bind } for pid=1423 comm="dnsmasq" src=67 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dhcpd_port_t:s0 tclass=udp_socket > > >type=AVC msg=audit(1353248059.172:87): avc: denied { net_bind_service } for pid=1423 comm="dnsmasq" capability=10 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=capability > > >type=SYSCALL msg=audit(1353248059.172:87): arch=i386 syscall=socketcall success=yes exit=0 a0=2 a1=bfc852c0 a2=4 a3=43 items=0 ppid=1403 pid=1423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dhcpd_port_t,udp_socket,name_bind > >audit2allow > >#============= blueman_t ============== >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t dhcpd_port_t:udp_socket name_bind; >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t self:capability net_bind_service; > >audit2allow -R > >#============= blueman_t ============== >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t dhcpd_port_t:udp_socket name_bind; >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t self:capability net_bind_service; > > >********** denial_19_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from name_bind access on the tcp_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed name_bind access on the tcp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dns_port_t:s0 >Target Objects [ tcp_socket ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port 53 >Host seb-mini9 >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID de8026f6-5968-4917-a4b9-fb0534b01715 > >Raw Audit Messages >type=AVC msg=audit(1353248059.176:89): avc: denied { name_bind } for pid=1423 comm="dnsmasq" src=53 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dns_port_t:s0 tclass=tcp_socket > > >type=SYSCALL msg=audit(1353248059.176:89): arch=i386 syscall=socketcall success=yes exit=0 a0=2 a1=bfc85270 a2=8e642c0 a3=2 items=0 ppid=1403 pid=1423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dns_port_t,tcp_socket,name_bind > >audit2allow > >#============= blueman_t ============== >allow blueman_t dns_port_t:tcp_socket name_bind; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dns_port_t:tcp_socket name_bind; > > >********** denial_20_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from listen access on the tcp_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed listen access on the tcp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ tcp_socket ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Inconnu> >Host seb-mini9 >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID ba0b0889-2a16-46aa-98d5-54d5bb4c4404 > >Raw Audit Messages >type=AVC msg=audit(1353248059.177:90): avc: denied { listen } for pid=1423 comm="dnsmasq" laddr=10.44.27.1 lport=53 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=tcp_socket > > >type=SYSCALL msg=audit(1353248059.177:90): arch=i386 syscall=socketcall success=yes exit=0 a0=4 a1=bfc85270 a2=8e642c0 a3=2 items=0 ppid=1403 pid=1423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,blueman_t,tcp_socket,listen > >audit2allow > >#============= blueman_t ============== >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t self:tcp_socket listen; > >audit2allow -R > >#============= blueman_t ============== >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t self:tcp_socket listen; > > >********** denial_21_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from using the setgid capability. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should have the setgid capability by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ capability ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Inconnu> >Host seb-mini9 >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID 71fbc082-a95e-441e-a1f3-ff2001199e08 > >Raw Audit Messages >type=AVC msg=audit(1353248059.183:91): avc: denied { setgid } for pid=1425 comm="dnsmasq" capability=6 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=capability > > >type=SYSCALL msg=audit(1353248059.183:91): arch=i386 syscall=setgroups32 success=yes exit=0 a0=0 a1=bfc85378 a2=bfc85328 a3=ce items=0 ppid=1 pid=1425 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,blueman_t,capability,setgid > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:capability setgid; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:capability setgid; > > >********** denial_22_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from using the setcap access on a process. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed setcap access on processes labeled blueman_t by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ process ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Inconnu> >Host seb-mini9 >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID c5d9c81e-066e-4193-97c0-95e0906bdf88 > >Raw Audit Messages >type=AVC msg=audit(1353248059.183:92): avc: denied { setcap } for pid=1425 comm="dnsmasq" scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=process > > >type=SYSCALL msg=audit(1353248059.183:92): arch=i386 syscall=capset success=yes exit=0 a0=8e679a0 a1=8e679b0 a2=445b4ca8 a3=445b4c20 items=0 ppid=1 pid=1425 auid=4294967295 uid=0 gid=40 euid=0 suid=0 fsuid=0 egid=40 sgid=40 fsgid=40 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,blueman_t,process,setcap > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:process setcap; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:process setcap; > > >********** denial_23_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from using the setuid capability. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should have the setuid capability by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ capability ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Inconnu> >Host seb-mini9 >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID 285f4fc4-5cf1-4856-9da7-63d3554e2cf1 > >Raw Audit Messages >type=AVC msg=audit(1353248059.183:93): avc: denied { setuid } for pid=1425 comm="dnsmasq" capability=7 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=capability > > >type=SYSCALL msg=audit(1353248059.183:93): arch=i386 syscall=setuid32 success=yes exit=0 a0=63 a1=0 a2=1 a3=d5 items=0 ppid=1 pid=1425 auid=4294967295 uid=99 gid=40 euid=99 suid=99 fsuid=99 egid=40 sgid=40 fsgid=40 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,blueman_t,capability,setuid > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:capability setuid; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:capability setuid; > > >********** denial_24_on_25.txt ********** > >SELinux is preventing /usr/bin/python2.7 from read access on the file dnsmasq.pan1.pid. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed read access on the dnsmasq.pan1.pid file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:var_run_t:s0 >Target Objects dnsmasq.pan1.pid [ file ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Inconnu> >Host seb-mini9 >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:19 CET >Local ID 219e137d-cba5-4124-bb77-6e21b4e084a6 > >Raw Audit Messages >type=AVC msg=audit(1353248059.222:94): avc: denied { read } for pid=1403 comm="blueman-mechani" name="dnsmasq.pan1.pid" dev="tmpfs" ino=21028 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353248059.222:94): arch=i386 syscall=open success=yes exit=ENOEXEC a0=8a0db48 a1=8000 a2=1b6 a3=8a12260 items=0 ppid=1 pid=1403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,var_run_t,file,read > >audit2allow > >#============= blueman_t ============== >allow blueman_t var_run_t:file read; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t var_run_t:file read; > > >********** denial_25_on_25.txt ********** > >SELinux is preventing /usr/sbin/dnsmasq from name_bind access on the udp_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed name_bind access on the udp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dns_port_t:s0 >Target Objects [ udp_socket ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port 53 >Host (removed) >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-159.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name (removed) >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 2 >First Seen 2012-11-18 15:14:19 CET >Last Seen 2012-11-18 15:14:20 CET >Local ID 687621fa-39a6-4423-9937-e8a5ae329797 > >Raw Audit Messages >type=AVC msg=audit(1353248060.587:95): avc: denied { name_bind } for pid=1425 comm="dnsmasq" src=53 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dns_port_t:s0 tclass=udp_socket > > >type=SYSCALL msg=audit(1353248060.587:95): arch=i386 syscall=socketcall success=yes exit=0 a0=2 a1=bfc85270 a2=8e64270 a3=a items=0 ppid=1 pid=1425 auid=4294967295 uid=99 gid=40 euid=99 suid=99 fsuid=99 egid=40 sgid=40 fsgid=40 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dns_port_t,udp_socket,name_bind > >audit2allow > >#============= blueman_t ============== >allow blueman_t dns_port_t:udp_socket name_bind; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dns_port_t:udp_socket name_bind; > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=647201">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 877751
:
647186
|
647187
| 647201 |
649235