Attachment 849810 Details for Bug 1049801 – List of all SELinux allerts (with policy 116)

List of all SELinux allerts (with policy 116)

selinux_alerts.txt (text/plain), 9.09 KB, created by Arno Mayrhofer on 2014-01-14 08:53:31 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Arno Mayrhofer

Created: 2014-01-14 08:53:31 UTC

Size: 9.09 KB

patch

obsolete

>****************************************************************
>1/21
>****************************************************************
>SELinux is preventing /usr/sbin/bumblebeed from name_connect access on the tcp_socket .
>
>*****  Plugin catchall (100. confidence) suggests   **************************
>
>If you believe that bumblebeed should be allowed name_connect access on the  tcp_socket by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>Additional Information:
>Source Context                system_u:system_r:bumblebee_t:s0
>Target Context                system_u:object_r:xserver_port_t:s0
>Target Objects                 [ tcp_socket ]
>Source                        bumblebeed
>Source Path                   /usr/sbin/bumblebeed
>Port                          6008
>Host                          goedel
>Source RPM Packages           bumblebee-3.2.1-4.fc20.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.12.1-116.fc20.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     goedel
>Platform                      Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec
>                              23 16:44:31 UTC 2013 x86_64 x86_64
>Alert Count                   1
>First Seen                    2014-01-14 09:48:40 CET
>Last Seen                     2014-01-14 09:48:40 CET
>Local ID                      d93f09d9-bf47-492f-bb8b-47ae6e4d95c8
>
>Raw Audit Messages
>type=AVC msg=audit(1389689320.871:547): avc:  denied  { name_connect } for  pid=858 comm="bumblebeed" dest=6008 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:xserver_port_t:s0 tclass=tcp_socket
>
>
>type=SYSCALL msg=audit(1389689320.871:547): arch=x86_64 syscall=connect success=no exit=ECONNREFUSED a0=7 a1=15aa640 a2=10 a3=7fff56c8f7d4 items=0 ppid=1 pid=858 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null)
>
>Hash: bumblebeed,bumblebee_t,xserver_port_t,tcp_socket,name_connect
>
>****************************************************************
>2/21
>****************************************************************
>SELinux is preventing /usr/sbin/bumblebeed from connectto access on the unix_stream_socket @/tmp/.X11-unix/X8.
>
>*****  Plugin catchall (100. confidence) suggests   **************************
>
>If you believe that bumblebeed should be allowed connectto access on the X8 unix_stream_socket by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>Additional Information:
>Source Context                system_u:system_r:bumblebee_t:s0
>Target Context                system_u:system_r:xserver_t:s0
>Target Objects                @/tmp/.X11-unix/X8 [ unix_stream_socket ]
>Source                        bumblebeed
>Source Path                   /usr/sbin/bumblebeed
>Port                          <Unknown>
>Host                          goedel
>Source RPM Packages           bumblebee-3.2.1-4.fc20.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.12.1-116.fc20.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     goedel
>Platform                      Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec
>                              23 16:44:31 UTC 2013 x86_64 x86_64
>Alert Count                   1
>First Seen                    2014-01-14 09:48:40 CET
>Last Seen                     2014-01-14 09:48:40 CET
>Local ID                      3bd2ce2c-0dbb-495e-b678-b8b923e6450c
>
>Raw Audit Messages
>type=AVC msg=audit(1389689320.972:548): avc:  denied  { connectto } for  pid=858 comm="bumblebeed" path=002F746D702F2E5831312D756E69782F5838 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:system_r:xserver_t:s0 tclass=unix_stream_socket
>
>
>type=SYSCALL msg=audit(1389689320.972:548): arch=x86_64 syscall=connect success=yes exit=0 a0=7 a1=7fff56c8f8b0 a2=14 a3=7fff56c8f8b3 items=0 ppid=1 pid=858 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null)
>
>Hash: bumblebeed,bumblebee_t,xserver_t,unix_stream_socket,connectto
>
>
>****************************************************************
>3/21
>****************************************************************
>SELinux is preventing /usr/sbin/bumblebeed from using the signal access on a process.
>
>*****  Plugin catchall (100. confidence) suggests   **************************
>
>If you believe that bumblebeed should be allowed signal access on processes labeled xserver_t by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>Additional Information:
>Source Context                system_u:system_r:bumblebee_t:s0
>Target Context                system_u:system_r:xserver_t:s0
>Target Objects                 [ process ]
>Source                        bumblebeed
>Source Path                   /usr/sbin/bumblebeed
>Port                          <Unknown>
>Host                          goedel
>Source RPM Packages           bumblebee-3.2.1-4.fc20.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.12.1-116.fc20.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     goedel
>Platform                      Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec
>                              23 16:44:31 UTC 2013 x86_64 x86_64
>Alert Count                   1
>First Seen                    2014-01-14 09:50:07 CET
>Last Seen                     2014-01-14 09:50:07 CET
>Local ID                      77e7cb32-dc33-4063-93ce-e06965fd2c9a
>
>Raw Audit Messages
>type=AVC msg=audit(1389689407.648:550): avc:  denied  { signal } for  pid=858 comm="bumblebeed" scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:system_r:xserver_t:s0 tclass=process
>
>
>type=SYSCALL msg=audit(1389689407.648:550): arch=x86_64 syscall=kill success=yes exit=0 a0=c47 a1=f a2=400 a3=0 items=0 ppid=1 pid=858 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null)
>
>Hash: bumblebeed,bumblebee_t,xserver_t,process,signal
>
>
>****************************************************************
>4/21
>****************************************************************
>SELinux is preventing /usr/sbin/bumblebeed from write access on the file bbswitch.
>
>*****  Plugin catchall (100. confidence) suggests   **************************
>
>If you believe that bumblebeed should be allowed write access on the bbswitch file by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep bumblebeed /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>Additional Information:
>Source Context                system_u:system_r:bumblebee_t:s0
>Target Context                system_u:object_r:proc_t:s0
>Target Objects                bbswitch [ file ]
>Source                        bumblebeed
>Source Path                   /usr/sbin/bumblebeed
>Port                          <Unknown>
>Host                          goedel
>Source RPM Packages           bumblebee-3.2.1-4.fc20.x86_64
>Target RPM Packages           
>Policy RPM                    selinux-policy-3.12.1-116.fc20.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     goedel
>Platform                      Linux goedel 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec
>                              23 16:44:31 UTC 2013 x86_64 x86_64
>Alert Count                   1
>First Seen                    2014-01-14 09:50:07 CET
>Last Seen                     2014-01-14 09:50:07 CET
>Local ID                      8eb21e70-1ca1-4ce7-898c-4458ebf032cc
>
>Raw Audit Messages
>type=AVC msg=audit(1389689407.693:551): avc:  denied  { write } for  pid=858 comm="bumblebeed" name="bbswitch" dev="proc" ino=4026532276 scontext=system_u:system_r:bumblebee_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
>
>
>type=SYSCALL msg=audit(1389689407.693:551): arch=x86_64 syscall=open success=yes exit=EIO a0=409895 a1=241 a2=1b6 a3=3 items=0 ppid=1 pid=858 auid=4294967295 uid=0 gid=1001 euid=0 suid=0 fsuid=0 egid=1001 sgid=1001 fsgid=1001 ses=4294967295 tty=(none) comm=bumblebeed exe=/usr/sbin/bumblebeed subj=system_u:system_r:bumblebee_t:s0 key=(null)
>
>Hash: bumblebeed,bumblebee_t,proc_t,file,write
>

Actions: View

Attachments on bug 1049801: 847030 | 847031 | 849810