Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 649235 Details for
Bug 877751
SELinux denials with blueman when enabling NAP
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
A few more AVCs (with selinux-policy-3.10.0-161.fc17)
audit.txt (text/plain), 71.50 KB, created by
Seb L.
on 2012-11-21 13:53:01 UTC
(
hide
)
Description:
A few more AVCs (with selinux-policy-3.10.0-161.fc17)
Filename:
MIME Type:
Creator:
Seb L.
Created:
2012-11-21 13:53:01 UTC
Size:
71.50 KB
patch
obsolete
>found 26 alerts in /var/log/audit/audit.log >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/bin/python2.7 from search access on the directory net. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed search access on the net directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:sysctl_net_t:s0 >Target Objects net [ dir ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Unknown> >Host <Unknown> >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:28 CET >Last Seen 2012-11-21 14:43:28 CET >Local ID 0d558979-d56b-4239-b25c-87e1caf7f5a4 > >Raw Audit Messages >type=AVC msg=audit(1353505408.602:63): avc: denied { search } for pid=1410 comm="blueman-mechani" name="net" dev="proc" ino=9627 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir > > >type=AVC msg=audit(1353505408.602:63): avc: denied { write } for pid=1410 comm="blueman-mechani" name="ip_forward" dev="proc" ino=9629 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file > > >type=AVC msg=audit(1353505408.602:63): avc: denied { open } for pid=1410 comm="blueman-mechani" path="/proc/sys/net/ipv4/ip_forward" dev="proc" ino=9629 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505408.602:63): arch=i386 syscall=open success=yes exit=ENOEXEC a0=8dd6198 a1=8241 a2=1b6 a3=8dd6a20 items=0 ppid=1 pid=1410 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,sysctl_net_t,dir,search > >audit2allow > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:dir search; >#!!!! The source type 'blueman_t' can write to a 'file' of the following types: ># blueman_var_lib_t, root_t > >allow blueman_t sysctl_net_t:file { write open }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:dir search; >#!!!! The source type 'blueman_t' can write to a 'file' of the following types: ># blueman_var_lib_t, root_t > >allow blueman_t sysctl_net_t:file { write open }; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/bin/python2.7 from getattr access on the file /proc/sys/net/ipv4/ip_forward. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed getattr access on the ip_forward file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:sysctl_net_t:s0 >Target Objects /proc/sys/net/ipv4/ip_forward [ file ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Unknown> >Host <Unknown> >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:28 CET >Last Seen 2012-11-21 14:43:28 CET >Local ID 96a3449f-137a-4247-8dc9-28dfb4d6cbf5 > >Raw Audit Messages >type=AVC msg=audit(1353505408.629:64): avc: denied { getattr } for pid=1410 comm="blueman-mechani" path="/proc/sys/net/ipv4/ip_forward" dev="proc" ino=9629 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505408.629:64): arch=i386 syscall=fstat64 success=yes exit=0 a0=8 a1=bfb60520 a2=4cd55ff4 a3=b6fe5498 items=0 ppid=1 pid=1410 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,sysctl_net_t,file,getattr > >audit2allow > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:file getattr; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:file getattr; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/bin/python2.7 from read access on the directory conf. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed read access on the conf directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:sysctl_net_t:s0 >Target Objects conf [ dir ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Unknown> >Host <Unknown> >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:28 CET >Last Seen 2012-11-21 14:43:28 CET >Local ID fae9b44a-e1eb-45f9-b7a2-b60b229d2134 > >Raw Audit Messages >type=AVC msg=audit(1353505408.637:65): avc: denied { read } for pid=1410 comm="blueman-mechani" name="conf" dev="proc" ino=9630 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir > > >type=AVC msg=audit(1353505408.637:65): avc: denied { open } for pid=1410 comm="blueman-mechani" path="/proc/sys/net/ipv4/conf" dev="proc" ino=9630 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir > > >type=SYSCALL msg=audit(1353505408.637:65): arch=i386 syscall=openat success=yes exit=ENOEXEC a0=ffffff9c a1=8d803d8 a2=98800 a3=0 items=0 ppid=1 pid=1410 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,sysctl_net_t,dir,read > >audit2allow > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:dir { read open }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t sysctl_net_t:dir { read open }; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/ifconfig from execute access on the file /usr/sbin/ifconfig. > >***** Plugin leaks (86.2 confidence) suggests ****************************** > >If you want to ignore ifconfig trying to execute access the ifconfig file, because you believe it should not need this access. >Then you should report this as a bug. >You can generate a local policy module to dontaudit this access. >Do ># grep /usr/sbin/ifconfig /var/log/audit/audit.log | audit2allow -D -M mypol ># semodule -i mypol.pp > >***** Plugin catchall (14.7 confidence) suggests *************************** > >If you believe that ifconfig should be allowed execute access on the ifconfig file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep ifconfig /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:ifconfig_exec_t:s0 >Target Objects /usr/sbin/ifconfig [ file ] >Source ifconfig >Source Path /usr/sbin/ifconfig >Port <Unknown> >Host <Unknown> >Source RPM Packages net-tools-1.60-138.20120702git.fc17.i686 >Target RPM Packages net-tools-1.60-138.20120702git.fc17.i686 >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:28 CET >Last Seen 2012-11-21 14:43:28 CET >Local ID 6f19f2c6-0ea9-480d-a50d-231ebeb75d62 > >Raw Audit Messages >type=AVC msg=audit(1353505408.662:66): avc: denied { execute } for pid=1421 comm="blueman-mechani" name="ifconfig" dev="sda1" ino=403094 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353505408.662:66): avc: denied { read open } for pid=1421 comm="blueman-mechani" path="/usr/sbin/ifconfig" dev="sda1" ino=403094 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353505408.662:66): avc: denied { execute_no_trans } for pid=1421 comm="blueman-mechani" path="/usr/sbin/ifconfig" dev="sda1" ino=403094 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505408.662:66): arch=i386 syscall=execve success=yes exit=0 a0=8d7de10 a1=8dd4b48 a2=8d83e90 a3=8dd4b60 items=0 ppid=1410 pid=1421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=ifconfig exe=/usr/sbin/ifconfig subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: ifconfig,blueman_t,ifconfig_exec_t,file,execute > >audit2allow > >#============= blueman_t ============== >allow blueman_t ifconfig_exec_t:file { read execute open execute_no_trans }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t ifconfig_exec_t:file { read execute open execute_no_trans }; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/ifconfig from read access on the file unix. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that ifconfig should be allowed read access on the unix file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep ifconfig /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:proc_net_t:s0 >Target Objects unix [ file ] >Source ifconfig >Source Path /usr/sbin/ifconfig >Port <Unknown> >Host <Unknown> >Source RPM Packages net-tools-1.60-138.20120702git.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:28 CET >Last Seen 2012-11-21 14:43:28 CET >Local ID f1956472-48e5-42f0-9509-dcf17941d4ef > >Raw Audit Messages >type=AVC msg=audit(1353505408.708:67): avc: denied { read } for pid=1421 comm="ifconfig" name="unix" dev="proc" ino=4026531999 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_net_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505408.708:67): arch=i386 syscall=access success=yes exit=0 a0=8056105 a1=4 a2=8059a00 a3=8059300 items=0 ppid=1410 pid=1421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=ifconfig exe=/usr/sbin/ifconfig subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: ifconfig,blueman_t,proc_net_t,file,read > >audit2allow > >#============= blueman_t ============== >allow blueman_t proc_net_t:file read; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t proc_net_t:file read; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/bin/python2.7 from write access on the directory /run. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed write access on the run directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:var_run_t:s0 >Target Objects /run [ dir ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Unknown> >Host <Unknown> >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages filesystem-3-2.fc17.i686 >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 2 >First Seen 2012-11-21 14:43:28 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID d2a57ce1-fbad-47c9-9d25-6c6fd8662027 > >Raw Audit Messages >type=AVC msg=audit(1353505409.197:93): avc: denied { write } for pid=1410 comm="blueman-mechani" name="/" dev="tmpfs" ino=1223 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir > > >type=AVC msg=audit(1353505409.197:93): avc: denied { add_name } for pid=1410 comm="blueman-mechani" name="blueman-dhcp" scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir > > >type=AVC msg=audit(1353505409.197:93): avc: denied { create } for pid=1410 comm="blueman-mechani" name="blueman-dhcp" scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file > > >type=AVC msg=audit(1353505409.197:93): avc: denied { write } for pid=1410 comm="blueman-mechani" path="/run/blueman-dhcp" dev="tmpfs" ino=21497 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505409.197:93): arch=i386 syscall=open success=yes exit=ENOEXEC a0=8dd20d0 a1=8241 a2=1b6 a3=8dd9260 items=0 ppid=1 pid=1410 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,var_run_t,dir,write > >audit2allow > >#============= blueman_t ============== >#!!!! The source type 'blueman_t' can write to a 'dir' of the following types: ># var_lib_t, blueman_var_lib_t, root_t > >allow blueman_t var_run_t:dir { write add_name }; >allow blueman_t var_run_t:file { write create }; > >audit2allow -R > >#============= blueman_t ============== >#!!!! The source type 'blueman_t' can write to a 'dir' of the following types: ># var_lib_t, blueman_var_lib_t, root_t > >allow blueman_t var_run_t:dir { write add_name }; >allow blueman_t var_run_t:file { write create }; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/bin/python2.7 from getattr access on the file /run/dnsmasq.pan1.pid. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed getattr access on the dnsmasq.pan1.pid file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:var_run_t:s0 >Target Objects /run/dnsmasq.pan1.pid [ file ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Unknown> >Host <Unknown> >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 2 >First Seen 2012-11-21 14:43:28 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID 3bc4649d-52b9-4d65-8f2a-dd69dd25cfc2 > >Raw Audit Messages >type=AVC msg=audit(1353505409.192:92): avc: denied { getattr } for pid=1410 comm="blueman-mechani" path="/run/dnsmasq.pan1.pid" dev="tmpfs" ino=21649 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505409.192:92): arch=i386 syscall=fstat64 success=yes exit=0 a0=8 a1=bfb60520 a2=4cd55ff4 a3=b6fe5498 items=0 ppid=1 pid=1410 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,var_run_t,file,getattr > >audit2allow > >#============= blueman_t ============== >allow blueman_t var_run_t:file getattr; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t var_run_t:file getattr; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/xtables-multi from execute access on the file /usr/sbin/xtables-multi. > >***** Plugin leaks (86.2 confidence) suggests ****************************** > >If you want to ignore xtables-multi trying to execute access the xtables-multi file, because you believe it should not need this access. >Then you should report this as a bug. >You can generate a local policy module to dontaudit this access. >Do ># grep /usr/sbin/xtables-multi /var/log/audit/audit.log | audit2allow -D -M mypol ># semodule -i mypol.pp > >***** Plugin catchall (14.7 confidence) suggests *************************** > >If you believe that xtables-multi should be allowed execute access on the xtables-multi file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep iptables /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:iptables_exec_t:s0 >Target Objects /usr/sbin/xtables-multi [ file ] >Source iptables >Source Path /usr/sbin/xtables-multi >Port <Unknown> >Host <Unknown> >Source RPM Packages iptables-1.4.14-2.fc17.i686 >Target RPM Packages iptables-1.4.14-2.fc17.i686 >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:28 CET >Last Seen 2012-11-21 14:43:28 CET >Local ID d6c0e273-bfc9-469c-a8ba-22fc837ae154 > >Raw Audit Messages >type=AVC msg=audit(1353505408.748:70): avc: denied { execute } for pid=1425 comm="blueman-mechani" name="xtables-multi" dev="sda1" ino=446661 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353505408.748:70): avc: denied { read open } for pid=1425 comm="blueman-mechani" path="/usr/sbin/xtables-multi" dev="sda1" ino=446661 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353505408.748:70): avc: denied { execute_no_trans } for pid=1425 comm="blueman-mechani" path="/usr/sbin/xtables-multi" dev="sda1" ino=446661 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505408.748:70): arch=i386 syscall=execve success=yes exit=0 a0=8dcdc48 a1=8d803d8 a2=8d83e90 a3=8d803fc items=0 ppid=1410 pid=1425 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: iptables,blueman_t,iptables_exec_t,file,execute > >audit2allow > >#============= blueman_t ============== >allow blueman_t iptables_exec_t:file { read execute open execute_no_trans }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t iptables_exec_t:file { read execute open execute_no_trans }; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/xtables-multi from create access on the rawip_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that xtables-multi should be allowed create access on the rawip_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep iptables /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ rawip_socket ] >Source iptables >Source Path /usr/sbin/xtables-multi >Port <Unknown> >Host <Unknown> >Source RPM Packages iptables-1.4.14-2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:28 CET >Last Seen 2012-11-21 14:43:28 CET >Local ID 884b808a-d7c2-44c5-9901-2af26dac7036 > >Raw Audit Messages >type=AVC msg=audit(1353505408.758:71): avc: denied { create } for pid=1425 comm="iptables" scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=rawip_socket > > >type=AVC msg=audit(1353505408.758:71): avc: denied { net_raw } for pid=1425 comm="iptables" capability=13 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=capability > > >type=SYSCALL msg=audit(1353505408.758:71): arch=i386 syscall=socketcall success=yes exit=ESRCH a0=1 a1=bfdd5100 a2=4cd96a2c a3=0 items=0 ppid=1410 pid=1425 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: iptables,blueman_t,blueman_t,rawip_socket,create > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:capability net_raw; >allow blueman_t self:rawip_socket create; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:capability net_raw; >allow blueman_t self:rawip_socket create; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/xtables-multi from getopt access on the rawip_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that xtables-multi should be allowed getopt access on the rawip_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep iptables /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ rawip_socket ] >Source iptables >Source Path /usr/sbin/xtables-multi >Port <Unknown> >Host <Unknown> >Source RPM Packages iptables-1.4.14-2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:28 CET >Last Seen 2012-11-21 14:43:28 CET >Local ID b053d549-151d-4b82-951b-8252b93bcbae > >Raw Audit Messages >type=AVC msg=audit(1353505408.759:72): avc: denied { getopt } for pid=1425 comm="iptables" lport=255 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=rawip_socket > > >type=SYSCALL msg=audit(1353505408.759:72): arch=i386 syscall=socketcall success=yes exit=0 a0=f a1=bfdd5100 a2=4cd96a2c a3=0 items=0 ppid=1410 pid=1425 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: iptables,blueman_t,blueman_t,rawip_socket,getopt > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:rawip_socket getopt; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:rawip_socket getopt; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/xtables-multi from setopt access on the rawip_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that xtables-multi should be allowed setopt access on the rawip_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep iptables /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ rawip_socket ] >Source iptables >Source Path /usr/sbin/xtables-multi >Port <Unknown> >Host <Unknown> >Source RPM Packages iptables-1.4.14-2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:28 CET >Last Seen 2012-11-21 14:43:28 CET >Local ID 4f3eff6a-3890-46d1-9238-9ceed61c85e8 > >Raw Audit Messages >type=AVC msg=audit(1353505408.790:73): avc: denied { setopt } for pid=1426 comm="iptables" lport=255 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=rawip_socket > > >type=SYSCALL msg=audit(1353505408.790:73): arch=i386 syscall=socketcall success=yes exit=0 a0=e a1=bfc8df60 a2=4cd96a2c a3=924 items=0 ppid=1410 pid=1426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=iptables exe=/usr/sbin/xtables-multi subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: iptables,blueman_t,blueman_t,rawip_socket,setopt > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:rawip_socket setopt; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:rawip_socket setopt; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from execute access on the file /usr/sbin/dnsmasq. > >***** Plugin leaks (86.2 confidence) suggests ****************************** > >If you want to ignore dnsmasq trying to execute access the dnsmasq file, because you believe it should not need this access. >Then you should report this as a bug. >You can generate a local policy module to dontaudit this access. >Do ># grep /usr/sbin/dnsmasq /var/log/audit/audit.log | audit2allow -D -M mypol ># semodule -i mypol.pp > >***** Plugin catchall (14.7 confidence) suggests *************************** > >If you believe that dnsmasq should be allowed execute access on the dnsmasq file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dnsmasq_exec_t:s0 >Target Objects /usr/sbin/dnsmasq [ file ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Unknown> >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages dnsmasq-2.63-1.fc17.i686 >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID 42af98d3-79ee-40de-b6c7-594d02401d1d > >Raw Audit Messages >type=AVC msg=audit(1353505409.45:79): avc: denied { execute } for pid=1433 comm="blueman-mechani" name="dnsmasq" dev="sda1" ino=430244 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353505409.45:79): avc: denied { read open } for pid=1433 comm="blueman-mechani" path="/usr/sbin/dnsmasq" dev="sda1" ino=430244 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_exec_t:s0 tclass=file > > >type=AVC msg=audit(1353505409.45:79): avc: denied { execute_no_trans } for pid=1433 comm="blueman-mechani" path="/usr/sbin/dnsmasq" dev="sda1" ino=430244 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_exec_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505409.45:79): arch=i386 syscall=execve success=yes exit=0 a0=8d7de10 a1=8dcab88 a2=8d83e90 a3=8dcaba4 items=0 ppid=1410 pid=1433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dnsmasq_exec_t,file,execute > >audit2allow > >#============= blueman_t ============== >allow blueman_t dnsmasq_exec_t:file { read execute open execute_no_trans }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dnsmasq_exec_t:file { read execute open execute_no_trans }; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from getattr access on the file /etc/dnsmasq.conf. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed getattr access on the dnsmasq.conf file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dnsmasq_etc_t:s0 >Target Objects /etc/dnsmasq.conf [ file ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Unknown> >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages dnsmasq-2.63-1.fc17.i686 >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID 4c802f74-9790-4fac-8a6a-ea0639c7a239 > >Raw Audit Messages >type=AVC msg=audit(1353505409.60:80): avc: denied { getattr } for pid=1433 comm="dnsmasq" path="/etc/dnsmasq.conf" dev="sda1" ino=410438 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_etc_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505409.60:80): arch=i386 syscall=stat64 success=yes exit=0 a0=8074daa a1=bfc52680 a2=4cd55ff4 a3=8074daa items=0 ppid=1410 pid=1433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dnsmasq_etc_t,file,getattr > >audit2allow > >#============= blueman_t ============== >allow blueman_t dnsmasq_etc_t:file getattr; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dnsmasq_etc_t:file getattr; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from read access on the file /etc/dnsmasq.conf. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed read access on the dnsmasq.conf file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dnsmasq_etc_t:s0 >Target Objects /etc/dnsmasq.conf [ file ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Unknown> >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages dnsmasq-2.63-1.fc17.i686 >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID 2da7a4e0-0d3d-4d34-8058-bbc3420296ad > >Raw Audit Messages >type=AVC msg=audit(1353505409.70:81): avc: denied { read } for pid=1433 comm="dnsmasq" name="dnsmasq.conf" dev="sda1" ino=410438 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_etc_t:s0 tclass=file > > >type=AVC msg=audit(1353505409.70:81): avc: denied { open } for pid=1433 comm="dnsmasq" path="/etc/dnsmasq.conf" dev="sda1" ino=410438 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_etc_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505409.70:81): arch=i386 syscall=open success=yes exit=ESRCH a0=8074daa a1=8000 a2=1b6 a3=912faa8 items=0 ppid=1410 pid=1433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dnsmasq_etc_t,file,read > >audit2allow > >#============= blueman_t ============== >allow blueman_t dnsmasq_etc_t:file { read open }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dnsmasq_etc_t:file { read open }; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from search access on the directory /var/lib/dnsmasq. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed search access on the dnsmasq directory by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dnsmasq_lease_t:s0 >Target Objects /var/lib/dnsmasq [ dir ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Unknown> >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages dnsmasq-2.63-1.fc17.i686 >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID f46e2c04-0e20-4463-b0e1-7375b72b765f > >Raw Audit Messages >type=AVC msg=audit(1353505409.81:82): avc: denied { search } for pid=1433 comm="dnsmasq" name="dnsmasq" dev="sda1" ino=172232 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_lease_t:s0 tclass=dir > > >type=AVC msg=audit(1353505409.81:82): avc: denied { read append } for pid=1433 comm="dnsmasq" name="dnsmasq.leases" dev="sda1" ino=132764 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_lease_t:s0 tclass=file > > >type=AVC msg=audit(1353505409.81:82): avc: denied { open } for pid=1433 comm="dnsmasq" path="/var/lib/dnsmasq/dnsmasq.leases" dev="sda1" ino=132764 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_lease_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505409.81:82): arch=i386 syscall=open success=yes exit=ESRCH a0=8076150 a1=8442 a2=1b6 a3=91310c8 items=0 ppid=1410 pid=1433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dnsmasq_lease_t,dir,search > >audit2allow > >#============= blueman_t ============== >allow blueman_t dnsmasq_lease_t:dir search; >allow blueman_t dnsmasq_lease_t:file { read open append }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dnsmasq_lease_t:dir search; >allow blueman_t dnsmasq_lease_t:file { read open append }; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from getattr access on the file /var/lib/dnsmasq/dnsmasq.leases. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed getattr access on the dnsmasq.leases file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dnsmasq_lease_t:s0 >Target Objects /var/lib/dnsmasq/dnsmasq.leases [ file ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Unknown> >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID 99c529a7-c451-48d8-a2f0-c0ad8a50023d > >Raw Audit Messages >type=AVC msg=audit(1353505409.100:83): avc: denied { getattr } for pid=1433 comm="dnsmasq" path="/var/lib/dnsmasq/dnsmasq.leases" dev="sda1" ino=132764 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dnsmasq_lease_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505409.100:83): arch=i386 syscall=fstat64 success=yes exit=0 a0=3 a1=bfc525e0 a2=4cd55ff4 a3=91310c8 items=0 ppid=1410 pid=1433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dnsmasq_lease_t,file,getattr > >audit2allow > >#============= blueman_t ============== >allow blueman_t dnsmasq_lease_t:file getattr; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dnsmasq_lease_t:file getattr; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from name_bind access on the udp_socket . > >***** Plugin catchall_boolean (89.3 confidence) suggests ******************* > >If you want to allow_ypbind >Then you must tell SELinux about this by enabling the 'allow_ypbind' boolean.You can read 'dhcpd_selinux' man page for more details. >Do >setsebool -P allow_ypbind 1 > >***** Plugin catchall (11.6 confidence) suggests *************************** > >If you believe that dnsmasq should be allowed name_bind access on the udp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dhcpd_port_t:s0 >Target Objects [ udp_socket ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port 67 >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID 43681e1b-bc3e-4646-9841-197c2aa43e5c > >Raw Audit Messages >type=AVC msg=audit(1353505409.103:84): avc: denied { name_bind } for pid=1433 comm="dnsmasq" src=67 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dhcpd_port_t:s0 tclass=udp_socket > > >type=AVC msg=audit(1353505409.103:84): avc: denied { net_bind_service } for pid=1433 comm="dnsmasq" capability=10 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=capability > > >type=SYSCALL msg=audit(1353505409.103:84): arch=i386 syscall=socketcall success=yes exit=0 a0=2 a1=bfc527a0 a2=4 a3=43 items=0 ppid=1410 pid=1433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dhcpd_port_t,udp_socket,name_bind > >audit2allow > >#============= blueman_t ============== >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t dhcpd_port_t:udp_socket name_bind; >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t self:capability net_bind_service; > >audit2allow -R > >#============= blueman_t ============== >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t dhcpd_port_t:udp_socket name_bind; >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t self:capability net_bind_service; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from name_bind access on the udp_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed name_bind access on the udp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dns_port_t:s0 >Target Objects [ udp_socket ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port 53 >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID fb3b597d-ce15-4e01-91a8-aeb12c61f8b9 > >Raw Audit Messages >type=AVC msg=audit(1353505409.107:85): avc: denied { name_bind } for pid=1433 comm="dnsmasq" src=53 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dns_port_t:s0 tclass=udp_socket > > >type=SYSCALL msg=audit(1353505409.107:85): arch=i386 syscall=socketcall success=yes exit=0 a0=2 a1=bfc52750 a2=91312c0 a3=2 items=0 ppid=1410 pid=1433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dns_port_t,udp_socket,name_bind > >audit2allow > >#============= blueman_t ============== >allow blueman_t dns_port_t:udp_socket name_bind; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dns_port_t:udp_socket name_bind; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from listen access on the tcp_socket . > >***** Plugin catchall_boolean (89.3 confidence) suggests ******************* > >If you want to allow_ypbind >Then you must tell SELinux about this by enabling the 'allow_ypbind' boolean.You can read 'blueman_selinux' man page for more details. >Do >setsebool -P allow_ypbind 1 > >***** Plugin catchall (11.6 confidence) suggests *************************** > >If you believe that dnsmasq should be allowed listen access on the tcp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ tcp_socket ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Unknown> >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID f290ff2d-95ad-45e5-905a-48f15309d4dc > >Raw Audit Messages >type=AVC msg=audit(1353505409.110:87): avc: denied { listen } for pid=1433 comm="dnsmasq" laddr=10.44.27.1 lport=53 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=tcp_socket > > >type=SYSCALL msg=audit(1353505409.110:87): arch=i386 syscall=socketcall success=yes exit=0 a0=4 a1=bfc52750 a2=91312c0 a3=2 items=0 ppid=1410 pid=1433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,blueman_t,tcp_socket,listen > >audit2allow > >#============= blueman_t ============== >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t self:tcp_socket listen; > >audit2allow -R > >#============= blueman_t ============== >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t self:tcp_socket listen; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from name_bind access on the tcp_socket . > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed name_bind access on the tcp_socket by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:dns_port_t:s0 >Target Objects [ tcp_socket ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port 53 >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID 1711890d-b276-4095-ba95-81223b156f5f > >Raw Audit Messages >type=AVC msg=audit(1353505409.110:86): avc: denied { name_bind } for pid=1433 comm="dnsmasq" src=53 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dns_port_t:s0 tclass=tcp_socket > > >type=SYSCALL msg=audit(1353505409.110:86): arch=i386 syscall=socketcall success=yes exit=0 a0=2 a1=bfc52750 a2=91312c0 a3=2 items=0 ppid=1410 pid=1433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,dns_port_t,tcp_socket,name_bind > >audit2allow > >#============= blueman_t ============== >allow blueman_t dns_port_t:tcp_socket name_bind; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t dns_port_t:tcp_socket name_bind; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from using the setgid capability. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should have the setgid capability by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ capability ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Unknown> >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID e528b858-f43f-45b5-96cb-b74847d6aae4 > >Raw Audit Messages >type=AVC msg=audit(1353505409.124:88): avc: denied { setgid } for pid=1435 comm="dnsmasq" capability=6 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=capability > > >type=SYSCALL msg=audit(1353505409.124:88): arch=i386 syscall=setgroups32 success=yes exit=0 a0=0 a1=bfc52858 a2=bfc52808 a3=ce items=0 ppid=1 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,blueman_t,capability,setgid > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:capability setgid; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:capability setgid; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from using the setcap access on a process. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should be allowed setcap access on processes labeled blueman_t by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ process ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Unknown> >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID 86682ab9-3f96-4d35-a490-61b5896b9ee8 > >Raw Audit Messages >type=AVC msg=audit(1353505409.125:89): avc: denied { setcap } for pid=1435 comm="dnsmasq" scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=process > > >type=SYSCALL msg=audit(1353505409.125:89): arch=i386 syscall=capset success=yes exit=0 a0=9134900 a1=9134910 a2=4cd57ca8 a3=4cd57c20 items=0 ppid=1 pid=1435 auid=4294967295 uid=0 gid=40 euid=0 suid=0 fsuid=0 egid=40 sgid=40 fsgid=40 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,blueman_t,process,setcap > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:process setcap; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:process setcap; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from using the setuid capability. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that dnsmasq should have the setuid capability by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ capability ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Unknown> >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID 743674e4-e2bf-49c4-a5e7-5c949244ca62 > >Raw Audit Messages >type=AVC msg=audit(1353505409.128:90): avc: denied { setuid } for pid=1435 comm="dnsmasq" capability=7 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=capability > > >type=SYSCALL msg=audit(1353505409.128:90): arch=i386 syscall=setuid32 success=yes exit=0 a0=63 a1=0 a2=1 a3=d5 items=0 ppid=1 pid=1435 auid=4294967295 uid=99 gid=40 euid=99 suid=99 fsuid=99 egid=40 sgid=40 fsgid=40 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,blueman_t,capability,setuid > >audit2allow > >#============= blueman_t ============== >allow blueman_t self:capability setuid; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t self:capability setuid; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/bin/python2.7 from read access on the file dnsmasq.pan1.pid. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should be allowed read access on the dnsmasq.pan1.pid file by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep blueman-mechani /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:object_r:var_run_t:s0 >Target Objects dnsmasq.pan1.pid [ file ] >Source blueman-mechani >Source Path /usr/bin/python2.7 >Port <Unknown> >Host <Unknown> >Source RPM Packages python-2.7.3-7.2.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:29 CET >Last Seen 2012-11-21 14:43:29 CET >Local ID a3acae8b-6ed3-41ba-962d-ec43d35bb15f > >Raw Audit Messages >type=AVC msg=audit(1353505409.191:91): avc: denied { read } for pid=1410 comm="blueman-mechani" name="dnsmasq.pan1.pid" dev="tmpfs" ino=21649 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file > > >type=AVC msg=audit(1353505409.191:91): avc: denied { open } for pid=1410 comm="blueman-mechani" path="/run/dnsmasq.pan1.pid" dev="tmpfs" ino=21649 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file > > >type=SYSCALL msg=audit(1353505409.191:91): arch=i386 syscall=open success=yes exit=ENOEXEC a0=8dd4b48 a1=8000 a2=1b6 a3=8dd9260 items=0 ppid=1 pid=1410 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=blueman-mechani exe=/usr/bin/python2.7 subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: blueman-mechani,blueman_t,var_run_t,file,read > >audit2allow > >#============= blueman_t ============== >allow blueman_t var_run_t:file { read open }; > >audit2allow -R > >#============= blueman_t ============== >allow blueman_t var_run_t:file { read open }; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/sbin/dnsmasq from using the net_bind_service capability. > >***** Plugin catchall_boolean (89.3 confidence) suggests ******************* > >If you want to allow_ypbind >Then you must tell SELinux about this by enabling the 'allow_ypbind' boolean.You can read 'blueman_selinux' man page for more details. >Do >setsebool -P allow_ypbind 1 > >***** Plugin catchall (11.6 confidence) suggests *************************** > >If you believe that dnsmasq should have the net_bind_service capability by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep dnsmasq /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Context system_u:system_r:blueman_t:s0-s0:c0.c1023 >Target Objects [ capability ] >Source dnsmasq >Source Path /usr/sbin/dnsmasq >Port <Unknown> >Host <Unknown> >Source RPM Packages dnsmasq-2.63-1.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 1 >First Seen 2012-11-21 14:43:30 CET >Last Seen 2012-11-21 14:43:30 CET >Local ID 27ae6f74-b23c-4f42-aa2f-8e0a7ca2d599 > >Raw Audit Messages >type=AVC msg=audit(1353505410.579:94): avc: denied { net_bind_service } for pid=1435 comm="dnsmasq" capability=10 scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tcontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 tclass=capability > > >type=SYSCALL msg=audit(1353505410.579:94): arch=i386 syscall=socketcall success=yes exit=0 a0=2 a1=bfc52750 a2=9131270 a3=a items=0 ppid=1 pid=1435 auid=4294967295 uid=99 gid=40 euid=99 suid=99 fsuid=99 egid=40 sgid=40 fsgid=40 tty=(none) ses=4294967295 comm=dnsmasq exe=/usr/sbin/dnsmasq subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null) > >Hash: dnsmasq,blueman_t,blueman_t,capability,net_bind_service > >audit2allow > >#============= blueman_t ============== >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t self:capability net_bind_service; > >audit2allow -R > >#============= blueman_t ============== >#!!!! This avc can be allowed using the boolean 'allow_ypbind' > >allow blueman_t self:capability net_bind_service; > > >-------------------------------------------------------------------------------- > >SELinux is preventing /usr/bin/python2.7 from using the net_admin capability. > >***** Plugin catchall (100. confidence) suggests *************************** > >If you believe that python2.7 should have the net_admin capability by default. >Then you should report this as a bug. >You can generate a local policy module to allow this access. >Do >allow this access for now by executing: ># grep setroubleshootd /var/log/audit/audit.log | audit2allow -M mypol ># semodule -i mypol.pp > > >Additional Information: >Source Context system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 >Target Context system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 >Target Objects [ capability ] >Source setroubleshootd >Source Path /usr/bin/python2.7 >Port <Unknown> >Host <Unknown> >Source RPM Packages rpm-4.9.1.3-7.fc17.i686 >Target RPM Packages >Policy RPM selinux-policy-3.10.0-161.fc17.noarch >Selinux Enabled True >Policy Type targeted >Enforcing Mode Enforcing >Host Name seb-mini9 >Platform Linux seb-mini9 3.6.6-1.fc17.i686.PAE #1 SMP Mon > Nov 5 22:05:54 UTC 2012 i686 i686 >Alert Count 3 >First Seen 2012-11-21 14:43:37 CET >Last Seen 2012-11-21 14:43:37 CET >Local ID 7450f2ae-622b-4104-b6dd-f29a0f1ed62b > >Raw Audit Messages >type=AVC msg=audit(1353505417.438:96): avc: denied { net_admin } for pid=1505 comm="rpm" capability=12 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=capability > > >type=SYSCALL msg=audit(1353505417.438:96): arch=i386 syscall=lstat64 success=yes exit=0 a0=8364380 a1=bfd2e8dc a2=4cd55ff4 a3=8364380 items=0 ppid=1504 pid=1505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rpm exe=/usr/bin/rpm subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null) > >Hash: setroubleshootd,setroubleshootd_t,setroubleshootd_t,capability,net_admin > >audit2allow > >#============= setroubleshootd_t ============== >allow setroubleshootd_t self:capability net_admin; > >audit2allow -R > >#============= setroubleshootd_t ============== >allow setroubleshootd_t self:capability net_admin; > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=649235">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 877751
:
647186
|
647187
|
647201
| 649235