Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 869495 Details for
Bug 1071573
setroubleshoot spams system log
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
setroubleshoot logspam example
setroubleshoot-logspam.txt (text/plain), 112.21 KB, created by
Elad Alfassa
on 2014-03-01 20:17:58 UTC
(
hide
)
Description:
setroubleshoot logspam example
Filename:
MIME Type:
Creator:
Elad Alfassa
Created:
2014-03-01 20:17:58 UTC
Size:
112.21 KB
patch
obsolete
>-- Logs begin at Tue 2014-02-18 21:50:46 IST, end at Sat 2014-03-01 22:08:21 IST. -- >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: RunFaultServer(10) >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: created new database: name=setroubleshoot, friendly_name=Audit Listener, filepath=/var/lib/setroubleshoot/setroubleshoot_database.xml >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: database version 3.0 compatible with current 3.0 version >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() names=['allow_ftpd_use_nfs', 'setenforce', 'httpd_write_content', 'catchall_boolean', 'allow_anon_write', 'chrome', 'vbetool', 'leaks', 'mounton', 'sshd_root', 'mmap_zero', 'automount_exec_config', 'samba_share', 'xen_image', 'swapfile', 'mozplugger', 'catchall_labels', 'public_content', 'restorecon_source', 'sys_module', 'qemu_blk_image', 'wine', 'rsync_data', 'openvpn', 'cvs_data', 'restorecon', 'allow_execmod', 'allow_execheap', 'disable_ipv6', 'bind_ports', 'httpd_can_sendmail', 'sandbox_connect', 'mozplugger_remove', 'associate', 'kernel_modules', 'allow_execstack', 'dac_override', 'sys_resource', 'file', 'catchall', 'device', 'selinuxpolicy', 'allow_ftpd_use_cifs', 'connect_ports', 'qemu_file_image', 'filesystem_associate'] >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: Number of Plugins = 46 >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: parse_socket_address_list: input='{unix}/var/run/setroubleshoot/setroubleshoot_server' >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: parse_socket_address_list: {unix}/var/run/setroubleshoot/setroubleshoot_server --> {unix}/var/run/setroubleshoot/setroubleshoot_server socket=None >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: creating system dbus: bus_name=org.fedoraproject.Setroubleshootd object_path=/org/fedoraproject/Setroubleshootd interface=org.fedoraproject.SetroubleshootdIface >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: dbus __init__ /org/fedoraproject/Setroubleshootd called >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: dbus avc(node=weatherwax type=AVC msg=audit(1393698955.436:88): avc: denied { getattr } for pid=2576 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file > node=weatherwax type=SYSCALL msg=audit(1393698955.436:88): arch=c000003e syscall=4 success=no exit=-13 a0=f4de50 a1=7fffa9a6e770 a2=7fffa9a6e770 a3=7f2567354b20 items=0 ppid=2570 pid=2576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) > node=weatherwax type=EOE msg=audit(1393698955.436:88): > ) called: 1 Connections >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=AVC msg=audit(1393698955.436:88): avc: denied { getattr } for pid=2576 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=SYSCALL msg=audit(1393698955.436:88): arch=c000003e syscall=4 success=no exit=-13 a0=f4de50 a1=7fffa9a6e770 a2=7fffa9a6e770 a3=7f2567354b20 items=0 ppid=2570 pid=2576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=EOE msg=audit(1393698955.436:88): >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: analyze_avc() avc=scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 access=['getattr'] tclass=file tpath= >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: dbus avc(node=weatherwax type=AVC msg=audit(1393698955.452:89): avc: denied { getattr } for pid=2583 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file > node=weatherwax type=SYSCALL msg=audit(1393698955.452:89): arch=c000003e syscall=4 success=no exit=-13 a0=14483a0 a1=7fff3870d6f0 a2=7fff3870d6f0 a3=7fe1ac2b0b20 items=0 ppid=2580 pid=2583 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) > node=weatherwax type=EOE msg=audit(1393698955.452:89): > ) called: 1 Connections >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=AVC msg=audit(1393698955.452:89): avc: denied { getattr } for pid=2583 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=SYSCALL msg=audit(1393698955.452:89): arch=c000003e syscall=4 success=no exit=-13 a0=14483a0 a1=7fff3870d6f0 a2=7fff3870d6f0 a3=7fe1ac2b0b20 items=0 ppid=2580 pid=2583 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=EOE msg=audit(1393698955.452:89): >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: Plugin Exception restorecon_source >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: Plugin Exception restorecon >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: signature found in database >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: sending alert to all clients >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . For complete SELinux messages. run sealert -l 9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() names=['allow_ftpd_use_nfs', 'setenforce', 'httpd_write_content', 'catchall_boolean', 'allow_anon_write', 'chrome', 'vbetool', 'leaks', 'mounton', 'sshd_root', 'mmap_zero', 'automount_exec_config', 'samba_share', 'xen_image', 'swapfile', 'mozplugger', 'catchall_labels', 'public_content', 'restorecon_source', 'sys_module', 'qemu_blk_image', 'wine', 'rsync_data', 'openvpn', 'cvs_data', 'restorecon', 'allow_execmod', 'allow_execheap', 'disable_ipv6', 'bind_ports', 'httpd_can_sendmail', 'sandbox_connect', 'mozplugger_remove', 'associate', 'kernel_modules', 'allow_execstack', 'dac_override', 'sys_resource', 'file', 'catchall', 'device', 'selinuxpolicy', 'allow_ftpd_use_cifs', 'connect_ports', 'qemu_file_image', 'filesystem_associate'] >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_nfs previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.setenforce previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_write_content previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_boolean previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_anon_write previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.chrome previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.vbetool previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.leaks previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.mounton previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.sshd_root previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.mmap_zero previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.automount_exec_config previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.samba_share previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.xen_image previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.swapfile previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_labels previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.public_content previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon_source previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_module previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_blk_image previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.wine previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.rsync_data previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.openvpn previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.cvs_data previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execmod previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execheap previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.disable_ipv6 previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.bind_ports previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_can_sendmail previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.sandbox_connect previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger_remove previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.associate previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.kernel_modules previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execstack previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.dac_override previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_resource previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.file previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.device previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.selinuxpolicy previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_cifs previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.connect_ports previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_file_image previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.filesystem_associate previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: analyze_avc() avc=scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 access=['getattr'] tclass=file tpath= >Mar 01 20:35:55 weatherwax python[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . > > ***** Plugin catchall (100. confidence) suggests ************************** > > If you believe that bash should be allowed getattr access on the file by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep chrony-helper /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: signature found in database >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: sending alert to all clients >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . For complete SELinux messages. run sealert -l 9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() names=['allow_ftpd_use_nfs', 'setenforce', 'httpd_write_content', 'catchall_boolean', 'allow_anon_write', 'chrome', 'vbetool', 'leaks', 'mounton', 'sshd_root', 'mmap_zero', 'automount_exec_config', 'samba_share', 'xen_image', 'swapfile', 'mozplugger', 'catchall_labels', 'public_content', 'restorecon_source', 'sys_module', 'qemu_blk_image', 'wine', 'rsync_data', 'openvpn', 'cvs_data', 'restorecon', 'allow_execmod', 'allow_execheap', 'disable_ipv6', 'bind_ports', 'httpd_can_sendmail', 'sandbox_connect', 'mozplugger_remove', 'associate', 'kernel_modules', 'allow_execstack', 'dac_override', 'sys_resource', 'file', 'catchall', 'device', 'selinuxpolicy', 'allow_ftpd_use_cifs', 'connect_ports', 'qemu_file_image', 'filesystem_associate'] >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_nfs previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.setenforce previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_write_content previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_boolean previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_anon_write previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.chrome previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.vbetool previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.leaks previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.mounton previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.sshd_root previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.mmap_zero previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.automount_exec_config previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.samba_share previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.xen_image previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.swapfile previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_labels previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.public_content previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon_source previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_module previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_blk_image previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.wine previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.rsync_data previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.openvpn previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.cvs_data previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execmod previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execheap previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.disable_ipv6 previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.bind_ports previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_can_sendmail previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.sandbox_connect previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger_remove previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.associate previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.kernel_modules previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execstack previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.dac_override previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_resource previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.file previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.device previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.selinuxpolicy previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_cifs previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.connect_ports previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_file_image previously imported >Mar 01 20:35:55 weatherwax setroubleshoot[2579]: load_plugins() plugins.filesystem_associate previously imported >Mar 01 20:35:55 weatherwax python[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . > > ***** Plugin catchall (100. confidence) suggests ************************** > > If you believe that bash should be allowed getattr access on the file by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep chrony-helper /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > >Mar 01 20:35:59 weatherwax setroubleshoot[2579]: dbus iface start() called: 1 Connections >Mar 01 20:35:59 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.on_connection_state_change: connection_state=flags=OPEN, result_code=0, result_msg= flags_added=OPEN flags_removed= address={unix}/var/run/setroubleshoot/setroubleshoot_server socket=0x7fd284079fa0 >Mar 01 20:35:59 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.on_connection_state_change: open, socket credentials: uid=1000 gid=1000 >Mar 01 20:35:59 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=1 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootServer" method="logon" arg_count="3"> > <arg name="type" position="0" type="string">sealert</arg> > <arg name="username" position="1" type="string">elad</arg> > <arg name="password" position="2" type="string">passwd</arg> > </cmd> > } >Mar 01 20:35:59 weatherwax setroubleshoot[2579]: logon(channel: name=None addr={unix}/var/run/setroubleshoot/setroubleshoot_server socket=0x7fd284079fa0 type=sealert) type=sealert username=elad >Mar 01 20:35:59 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.on_connection_state_change: connection_state=flags=OPEN,AUTHENTICATED, result_code=0, result_msg= flags_added=AUTHENTICATED flags_removed= address={unix}/var/run/setroubleshoot/setroubleshoot_server socket=0x7fd284079fa0 >Mar 01 20:35:59 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=2 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="query_alerts" arg_count="1"> > <arg name="criteria" position="0" type="string">*</arg> > </cmd> > } >Mar 01 20:35:59 weatherwax setroubleshoot[2579]: query_alerts: criteria=* >Mar 01 20:35:59 weatherwax setroubleshoot[2579]: query_alerts: criteria=* >Mar 01 20:36:25 weatherwax setroubleshoot[2579]: auto_save database (/var/lib/setroubleshoot/setroubleshoot_database.xml) modified_count=3 >Mar 01 20:36:25 weatherwax setroubleshoot[2579]: writing database (/var/lib/setroubleshoot/setroubleshoot_database.xml) modified_count=3 >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: dbus avc(node=weatherwax type=AVC msg=audit(1393698999.525:94): avc: denied { getattr } for pid=2670 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file > node=weatherwax type=SYSCALL msg=audit(1393698999.525:94): arch=c000003e syscall=4 success=no exit=-13 a0=23a8e50 a1=7ffff33653a0 a2=7ffff33653a0 a3=7fd7743bab20 items=0 ppid=2664 pid=2670 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) > node=weatherwax type=EOE msg=audit(1393698999.525:94): > ) called: 2 Connections >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=AVC msg=audit(1393698999.525:94): avc: denied { getattr } for pid=2670 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=SYSCALL msg=audit(1393698999.525:94): arch=c000003e syscall=4 success=no exit=-13 a0=23a8e50 a1=7ffff33653a0 a2=7ffff33653a0 a3=7fd7743bab20 items=0 ppid=2664 pid=2670 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=EOE msg=audit(1393698999.525:94): >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: analyze_avc() avc=scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 access=['getattr'] tclass=file tpath= >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: dbus avc(node=weatherwax type=AVC msg=audit(1393698999.541:95): avc: denied { getattr } for pid=2675 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file > node=weatherwax type=SYSCALL msg=audit(1393698999.541:95): arch=c000003e syscall=4 success=no exit=-13 a0=f453a0 a1=7fffd69fa580 a2=7fffd69fa580 a3=7fe4a555bb20 items=0 ppid=2672 pid=2675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) > node=weatherwax type=EOE msg=audit(1393698999.541:95): > ) called: 2 Connections >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=AVC msg=audit(1393698999.541:95): avc: denied { getattr } for pid=2675 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=SYSCALL msg=audit(1393698999.541:95): arch=c000003e syscall=4 success=no exit=-13 a0=f453a0 a1=7fffd69fa580 a2=7fffd69fa580 a3=7fe4a555bb20 items=0 ppid=2672 pid=2675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=EOE msg=audit(1393698999.541:95): >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: signature found in database >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: sending alert to all clients >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . For complete SELinux messages. run sealert -l 9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() names=['allow_ftpd_use_nfs', 'setenforce', 'httpd_write_content', 'catchall_boolean', 'allow_anon_write', 'chrome', 'vbetool', 'leaks', 'mounton', 'sshd_root', 'mmap_zero', 'automount_exec_config', 'samba_share', 'xen_image', 'swapfile', 'mozplugger', 'catchall_labels', 'public_content', 'restorecon_source', 'sys_module', 'qemu_blk_image', 'wine', 'rsync_data', 'openvpn', 'cvs_data', 'restorecon', 'allow_execmod', 'allow_execheap', 'disable_ipv6', 'bind_ports', 'httpd_can_sendmail', 'sandbox_connect', 'mozplugger_remove', 'associate', 'kernel_modules', 'allow_execstack', 'dac_override', 'sys_resource', 'file', 'catchall', 'device', 'selinuxpolicy', 'allow_ftpd_use_cifs', 'connect_ports', 'qemu_file_image', 'filesystem_associate'] >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_nfs previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.setenforce previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_write_content previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_boolean previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_anon_write previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.chrome previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.vbetool previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.leaks previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.mounton previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.sshd_root previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.mmap_zero previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=3 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="query_alerts" arg_count="1"> > <arg name="criteria" position="0" type="string">9b68bdf4-9448-4b88-9743-acddb989a455</arg> > </cmd> > } >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.automount_exec_config previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.samba_share previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.xen_image previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.swapfile previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_labels previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.public_content previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon_source previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_module previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_blk_image previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.wine previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.rsync_data previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.openvpn previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.cvs_data previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execmod previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execheap previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.disable_ipv6 previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.bind_ports previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_can_sendmail previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.sandbox_connect previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger_remove previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.associate previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.kernel_modules previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execstack previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.dac_override previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_resource previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.file previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.device previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.selinuxpolicy previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_cifs previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.connect_ports previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_file_image previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.filesystem_associate previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: analyze_avc() avc=scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 access=['getattr'] tclass=file tpath= >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=4 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="evaluate_alert_filter" arg_count="2"> > <arg name="sig" position="0" type="xml"> > <sig version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </sig> > </arg> > <arg name="username" position="1" type="string">elad</arg> > </cmd> > } >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: find_filter_by_username elad >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: new SEFaultSignatureUser for elad >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found elad user's filter = <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>0</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found filter for elad: display > <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>1</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:36:39 weatherwax python[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . > > ***** Plugin catchall (100. confidence) suggests ************************** > > If you believe that bash should be allowed getattr access on the file by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep chrony-helper /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: signature found in database >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: sending alert to all clients >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . For complete SELinux messages. run sealert -l 9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=5 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="query_alerts" arg_count="1"> > <arg name="criteria" position="0" type="string">9b68bdf4-9448-4b88-9743-acddb989a455</arg> > </cmd> > } >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() names=['allow_ftpd_use_nfs', 'setenforce', 'httpd_write_content', 'catchall_boolean', 'allow_anon_write', 'chrome', 'vbetool', 'leaks', 'mounton', 'sshd_root', 'mmap_zero', 'automount_exec_config', 'samba_share', 'xen_image', 'swapfile', 'mozplugger', 'catchall_labels', 'public_content', 'restorecon_source', 'sys_module', 'qemu_blk_image', 'wine', 'rsync_data', 'openvpn', 'cvs_data', 'restorecon', 'allow_execmod', 'allow_execheap', 'disable_ipv6', 'bind_ports', 'httpd_can_sendmail', 'sandbox_connect', 'mozplugger_remove', 'associate', 'kernel_modules', 'allow_execstack', 'dac_override', 'sys_resource', 'file', 'catchall', 'device', 'selinuxpolicy', 'allow_ftpd_use_cifs', 'connect_ports', 'qemu_file_image', 'filesystem_associate'] >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_nfs previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.setenforce previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_write_content previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_boolean previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_anon_write previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.chrome previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.vbetool previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.leaks previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.mounton previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.sshd_root previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.mmap_zero previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.automount_exec_config previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.samba_share previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.xen_image previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.swapfile previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_labels previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.public_content previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon_source previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_module previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_blk_image previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.wine previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.rsync_data previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.openvpn previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.cvs_data previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execmod previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execheap previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.disable_ipv6 previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.bind_ports previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_can_sendmail previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.sandbox_connect previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger_remove previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.associate previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.kernel_modules previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execstack previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.dac_override previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_resource previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.file previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.device previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.selinuxpolicy previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_cifs previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.connect_ports previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_file_image previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: load_plugins() plugins.filesystem_associate previously imported >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: find_filter_by_username elad >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found elad user's filter = <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>1</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found filter for elad: display > <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>2</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=6 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="evaluate_alert_filter" arg_count="2"> > <arg name="sig" position="0" type="xml"> > <sig version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </sig> > </arg> > <arg name="username" position="1" type="string">elad</arg> > </cmd> > } >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: find_filter_by_username elad >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found elad user's filter = <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>2</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:36:39 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found filter for elad: display > <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>3</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:36:39 weatherwax python[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . > > ***** Plugin catchall (100. confidence) suggests ************************** > > If you believe that bash should be allowed getattr access on the file by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep chrony-helper /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > >Mar 01 20:37:09 weatherwax setroubleshoot[2579]: auto_save database (/var/lib/setroubleshoot/setroubleshoot_database.xml) modified_count=2 >Mar 01 20:37:09 weatherwax setroubleshoot[2579]: writing database (/var/lib/setroubleshoot/setroubleshoot_database.xml) modified_count=2 >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: dbus avc(node=weatherwax type=AVC msg=audit(1393700223.046:105): avc: denied { getattr } for pid=3183 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file > node=weatherwax type=SYSCALL msg=audit(1393700223.046:105): arch=c000003e syscall=4 success=no exit=-13 a0=f64e50 a1=7fffc6296a10 a2=7fffc6296a10 a3=7fbe26f06b20 items=0 ppid=3177 pid=3183 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) > node=weatherwax type=EOE msg=audit(1393700223.046:105): > ) called: 2 Connections >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=AVC msg=audit(1393700223.46:105): avc: denied { getattr } for pid=3183 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=SYSCALL msg=audit(1393700223.46:105): arch=c000003e syscall=4 success=no exit=-13 a0=f64e50 a1=7fffc6296a10 a2=7fffc6296a10 a3=7fbe26f06b20 items=0 ppid=3177 pid=3183 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=EOE msg=audit(1393700223.46:105): >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: analyze_avc() avc=scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 access=['getattr'] tclass=file tpath= >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: dbus avc(node=weatherwax type=AVC msg=audit(1393700223.062:106): avc: denied { getattr } for pid=3188 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file > node=weatherwax type=SYSCALL msg=audit(1393700223.062:106): arch=c000003e syscall=4 success=no exit=-13 a0=216d3a0 a1=7fff2f2db9e0 a2=7fff2f2db9e0 a3=7ff80e886b20 items=0 ppid=3185 pid=3188 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) > node=weatherwax type=EOE msg=audit(1393700223.062:106): > ) called: 2 Connections >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=AVC msg=audit(1393700223.62:106): avc: denied { getattr } for pid=3188 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=SYSCALL msg=audit(1393700223.62:106): arch=c000003e syscall=4 success=no exit=-13 a0=216d3a0 a1=7fff2f2db9e0 a2=7fff2f2db9e0 a3=7ff80e886b20 items=0 ppid=3185 pid=3188 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=EOE msg=audit(1393700223.62:106): >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: signature found in database >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: sending alert to all clients >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . For complete SELinux messages. run sealert -l 9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() names=['allow_ftpd_use_nfs', 'setenforce', 'httpd_write_content', 'catchall_boolean', 'allow_anon_write', 'chrome', 'vbetool', 'leaks', 'mounton', 'sshd_root', 'mmap_zero', 'automount_exec_config', 'samba_share', 'xen_image', 'swapfile', 'mozplugger', 'catchall_labels', 'public_content', 'restorecon_source', 'sys_module', 'qemu_blk_image', 'wine', 'rsync_data', 'openvpn', 'cvs_data', 'restorecon', 'allow_execmod', 'allow_execheap', 'disable_ipv6', 'bind_ports', 'httpd_can_sendmail', 'sandbox_connect', 'mozplugger_remove', 'associate', 'kernel_modules', 'allow_execstack', 'dac_override', 'sys_resource', 'file', 'catchall', 'device', 'selinuxpolicy', 'allow_ftpd_use_cifs', 'connect_ports', 'qemu_file_image', 'filesystem_associate'] >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_nfs previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.setenforce previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_write_content previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_boolean previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_anon_write previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.chrome previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.vbetool previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.leaks previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.mounton previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.sshd_root previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=7 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="query_alerts" arg_count="1"> > <arg name="criteria" position="0" type="string">9b68bdf4-9448-4b88-9743-acddb989a455</arg> > </cmd> > } >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.mmap_zero previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.automount_exec_config previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.samba_share previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.xen_image previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.swapfile previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_labels previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.public_content previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon_source previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_module previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_blk_image previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.wine previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.rsync_data previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.openvpn previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.cvs_data previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execmod previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execheap previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.disable_ipv6 previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.bind_ports previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_can_sendmail previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.sandbox_connect previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger_remove previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.associate previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.kernel_modules previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execstack previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.dac_override previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_resource previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.file previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.device previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.selinuxpolicy previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_cifs previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.connect_ports previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_file_image previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.filesystem_associate previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: find_filter_by_username elad >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found elad user's filter = <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>3</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found filter for elad: display > <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>4</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: analyze_avc() avc=scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 access=['getattr'] tclass=file tpath= >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=8 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="evaluate_alert_filter" arg_count="2"> > <arg name="sig" position="0" type="xml"> > <sig version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </sig> > </arg> > <arg name="username" position="1" type="string">elad</arg> > </cmd> > } >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: find_filter_by_username elad >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found elad user's filter = <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>4</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found filter for elad: display > <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>5</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:57:03 weatherwax python[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . > > ***** Plugin catchall (100. confidence) suggests ************************** > > If you believe that bash should be allowed getattr access on the file by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep chrony-helper /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: signature found in database >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: sending alert to all clients >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . For complete SELinux messages. run sealert -l 9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() names=['allow_ftpd_use_nfs', 'setenforce', 'httpd_write_content', 'catchall_boolean', 'allow_anon_write', 'chrome', 'vbetool', 'leaks', 'mounton', 'sshd_root', 'mmap_zero', 'automount_exec_config', 'samba_share', 'xen_image', 'swapfile', 'mozplugger', 'catchall_labels', 'public_content', 'restorecon_source', 'sys_module', 'qemu_blk_image', 'wine', 'rsync_data', 'openvpn', 'cvs_data', 'restorecon', 'allow_execmod', 'allow_execheap', 'disable_ipv6', 'bind_ports', 'httpd_can_sendmail', 'sandbox_connect', 'mozplugger_remove', 'associate', 'kernel_modules', 'allow_execstack', 'dac_override', 'sys_resource', 'file', 'catchall', 'device', 'selinuxpolicy', 'allow_ftpd_use_cifs', 'connect_ports', 'qemu_file_image', 'filesystem_associate'] >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_nfs previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=9 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="query_alerts" arg_count="1"> > <arg name="criteria" position="0" type="string">9b68bdf4-9448-4b88-9743-acddb989a455</arg> > </cmd> > } >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.setenforce previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_write_content previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_boolean previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_anon_write previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.chrome previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.vbetool previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.leaks previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.mounton previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.sshd_root previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.mmap_zero previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.automount_exec_config previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.samba_share previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.xen_image previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.swapfile previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_labels previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.public_content previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon_source previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_module previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_blk_image previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.wine previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.rsync_data previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.openvpn previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.cvs_data previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execmod previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execheap previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.disable_ipv6 previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.bind_ports previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_can_sendmail previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.sandbox_connect previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger_remove previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.associate previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.kernel_modules previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execstack previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.dac_override previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_resource previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.file previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.device previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.selinuxpolicy previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_cifs previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.connect_ports previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_file_image previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: load_plugins() plugins.filesystem_associate previously imported >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: find_filter_by_username elad >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found elad user's filter = <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>5</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found filter for elad: display > <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>6</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=10 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="evaluate_alert_filter" arg_count="2"> > <arg name="sig" position="0" type="xml"> > <sig version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </sig> > </arg> > <arg name="username" position="1" type="string">elad</arg> > </cmd> > } >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: find_filter_by_username elad >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found elad user's filter = <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>6</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:57:03 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found filter for elad: display > <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>7</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 20:57:03 weatherwax python[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . > > ***** Plugin catchall (100. confidence) suggests ************************** > > If you believe that bash should be allowed getattr access on the file by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep chrony-helper /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > >Mar 01 20:57:33 weatherwax setroubleshoot[2579]: auto_save database (/var/lib/setroubleshoot/setroubleshoot_database.xml) modified_count=2 >Mar 01 20:57:33 weatherwax setroubleshoot[2579]: writing database (/var/lib/setroubleshoot/setroubleshoot_database.xml) modified_count=2 >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: dbus avc(node=weatherwax type=AVC msg=audit(1393704259.422:145): avc: denied { getattr } for pid=5768 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file > node=weatherwax type=SYSCALL msg=audit(1393704259.422:145): arch=c000003e syscall=4 success=no exit=-13 a0=117ebc0 a1=7ffff3d34640 a2=7ffff3d34640 a3=7fb8184fbb20 items=0 ppid=5762 pid=5768 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) > node=weatherwax type=EOE msg=audit(1393704259.422:145): > ) called: 2 Connections >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=AVC msg=audit(1393704259.422:145): avc: denied { getattr } for pid=5768 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=SYSCALL msg=audit(1393704259.422:145): arch=c000003e syscall=4 success=no exit=-13 a0=117ebc0 a1=7ffff3d34640 a2=7ffff3d34640 a3=7fb8184fbb20 items=0 ppid=5762 pid=5768 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=EOE msg=audit(1393704259.422:145): >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: analyze_avc() avc=scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 access=['getattr'] tclass=file tpath= >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: dbus avc(node=weatherwax type=AVC msg=audit(1393704259.440:146): avc: denied { getattr } for pid=5773 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file > node=weatherwax type=SYSCALL msg=audit(1393704259.440:146): arch=c000003e syscall=4 success=no exit=-13 a0=17b2190 a1=7fff347c8c70 a2=7fff347c8c70 a3=7fd509f62b20 items=0 ppid=5770 pid=5773 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) > node=weatherwax type=EOE msg=audit(1393704259.440:146): > ) called: 2 Connections >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=AVC msg=audit(1393704259.440:146): avc: denied { getattr } for pid=5773 comm="chrony-helper" path="/usr/bin/systemctl" dev="sdc2" ino=3933142 scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=SYSCALL msg=audit(1393704259.440:146): arch=c000003e syscall=4 success=no exit=-13 a0=17b2190 a1=7fff347c8c70 a2=7fff347c8c70 a3=7fd509f62b20 items=0 ppid=5770 pid=5773 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="chrony-helper" exe="/usr/bin/bash" subj=system_u:system_r:chronyd_t:s0 key=(null) >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: AuditRecordReceiver.add_record_to_cache(): node=weatherwax type=EOE msg=audit(1393704259.440:146): >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: signature found in database >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: sending alert to all clients >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . For complete SELinux messages. run sealert -l 9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() names=['allow_ftpd_use_nfs', 'setenforce', 'httpd_write_content', 'catchall_boolean', 'allow_anon_write', 'chrome', 'vbetool', 'leaks', 'mounton', 'sshd_root', 'mmap_zero', 'automount_exec_config', 'samba_share', 'xen_image', 'swapfile', 'mozplugger', 'catchall_labels', 'public_content', 'restorecon_source', 'sys_module', 'qemu_blk_image', 'wine', 'rsync_data', 'openvpn', 'cvs_data', 'restorecon', 'allow_execmod', 'allow_execheap', 'disable_ipv6', 'bind_ports', 'httpd_can_sendmail', 'sandbox_connect', 'mozplugger_remove', 'associate', 'kernel_modules', 'allow_execstack', 'dac_override', 'sys_resource', 'file', 'catchall', 'device', 'selinuxpolicy', 'allow_ftpd_use_cifs', 'connect_ports', 'qemu_file_image', 'filesystem_associate'] >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_nfs previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=11 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="query_alerts" arg_count="1"> > <arg name="criteria" position="0" type="string">9b68bdf4-9448-4b88-9743-acddb989a455</arg> > </cmd> > } >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.setenforce previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_write_content previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_boolean previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_anon_write previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.chrome previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.vbetool previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.leaks previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.mounton previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.sshd_root previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.mmap_zero previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.automount_exec_config previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.samba_share previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.xen_image previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.swapfile previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_labels previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.public_content previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon_source previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_module previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_blk_image previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.wine previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.rsync_data previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.openvpn previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.cvs_data previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execmod previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execheap previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.disable_ipv6 previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.bind_ports previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_can_sendmail previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.sandbox_connect previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger_remove previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.associate previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.kernel_modules previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execstack previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.dac_override previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_resource previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.file previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.device previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.selinuxpolicy previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_cifs previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.connect_ports previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_file_image previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.filesystem_associate previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: find_filter_by_username elad >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found elad user's filter = <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>7</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found filter for elad: display > <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>8</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: analyze_avc() avc=scontext=system_u:system_r:chronyd_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 access=['getattr'] tclass=file tpath= >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=12 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="evaluate_alert_filter" arg_count="2"> > <arg name="sig" position="0" type="xml"> > <sig version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </sig> > </arg> > <arg name="username" position="1" type="string">elad</arg> > </cmd> > } >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: find_filter_by_username elad >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found elad user's filter = <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>8</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found filter for elad: display > <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>9</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 22:04:19 weatherwax python[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . > > ***** Plugin catchall (100. confidence) suggests ************************** > > If you believe that bash should be allowed getattr access on the file by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep chrony-helper /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: signature found in database >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: sending alert to all clients >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . For complete SELinux messages. run sealert -l 9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() names=['allow_ftpd_use_nfs', 'setenforce', 'httpd_write_content', 'catchall_boolean', 'allow_anon_write', 'chrome', 'vbetool', 'leaks', 'mounton', 'sshd_root', 'mmap_zero', 'automount_exec_config', 'samba_share', 'xen_image', 'swapfile', 'mozplugger', 'catchall_labels', 'public_content', 'restorecon_source', 'sys_module', 'qemu_blk_image', 'wine', 'rsync_data', 'openvpn', 'cvs_data', 'restorecon', 'allow_execmod', 'allow_execheap', 'disable_ipv6', 'bind_ports', 'httpd_can_sendmail', 'sandbox_connect', 'mozplugger_remove', 'associate', 'kernel_modules', 'allow_execstack', 'dac_override', 'sys_resource', 'file', 'catchall', 'device', 'selinuxpolicy', 'allow_ftpd_use_cifs', 'connect_ports', 'qemu_file_image', 'filesystem_associate'] >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_nfs previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=13 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="query_alerts" arg_count="1"> > <arg name="criteria" position="0" type="string">9b68bdf4-9448-4b88-9743-acddb989a455</arg> > </cmd> > } >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.setenforce previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_write_content previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: query_alerts: criteria=9b68bdf4-9448-4b88-9743-acddb989a455 >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_boolean previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_anon_write previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.chrome previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.vbetool previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.leaks previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.mounton previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.sshd_root previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.mmap_zero previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.automount_exec_config previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.samba_share previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.xen_image previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.swapfile previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall_labels previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.public_content previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon_source previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_module previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_blk_image previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.wine previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.rsync_data previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.openvpn previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.cvs_data previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.restorecon previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execmod previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execheap previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.disable_ipv6 previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.bind_ports previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.httpd_can_sendmail previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.sandbox_connect previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.mozplugger_remove previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.associate previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.kernel_modules previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_execstack previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.dac_override previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.sys_resource previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.file previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.catchall previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.device previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.selinuxpolicy previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.allow_ftpd_use_cifs previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.connect_ports previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.qemu_file_image previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: load_plugins() plugins.filesystem_associate previously imported >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: find_filter_by_username elad >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found elad user's filter = <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>9</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found filter for elad: display > <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>10</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.default_request_handler: rpc_id=14 type=method {<?xml version="1.0" encoding="utf-8"?> > <cmd interface="SETroubleshootDatabase" method="evaluate_alert_filter" arg_count="2"> > <arg name="sig" position="0" type="xml"> > <sig version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </sig> > </arg> > <arg name="username" position="1" type="string">elad</arg> > </cmd> > } >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_alert_filter: username=elad sig=<?xml version="1.0" encoding="utf-8"?> > <SEFaultSignature version="4.0"> > <access> > <operation>getattr</operation> > </access> > <host>weatherwax</host> > <scontext mls="s0" role="system_r" type="chronyd_t" user="system_u"/> > <tclass>file</tclass> > <tcontext mls="s0" role="object_r" type="systemd_systemctl_exec_t" user="system_u"/> > </SEFaultSignature> >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: lookup_signature: found 1 matches with scores 1.00 >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: find_filter_by_username elad >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found elad user's filter = <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>10</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 22:04:19 weatherwax setroubleshoot[2579]: evaluate_filter_for_user: found filter for elad: display > <?xml version="1.0" encoding="utf-8"?> > <SEFilter> > <count>11</count> > <filter_type>0</filter_type> > </SEFilter> >Mar 01 22:04:19 weatherwax python[2579]: SELinux is preventing /usr/bin/bash from getattr access on the file . > > ***** Plugin catchall (100. confidence) suggests ************************** > > If you believe that bash should be allowed getattr access on the file by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep chrony-helper /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > >Mar 01 22:04:49 weatherwax setroubleshoot[2579]: auto_save database (/var/lib/setroubleshoot/setroubleshoot_database.xml) modified_count=2 >Mar 01 22:04:49 weatherwax setroubleshoot[2579]: writing database (/var/lib/setroubleshoot/setroubleshoot_database.xml) modified_count=2 >Mar 01 22:08:11 weatherwax setroubleshoot[2579]: dbus iface finish() called: 0 Connections >Mar 01 22:08:11 weatherwax setroubleshoot[2579]: close_connection: {unix}/var/run/setroubleshoot/setroubleshoot_server socket=0x7fd284079fa0 >Mar 01 22:08:11 weatherwax setroubleshoot[2579]: SetroubleshootdClientConnectionHandler.on_connection_state_change: connection_state=flags=HUP, result_code=1013, result_msg=connection has been broken flags_added=HUP flags_removed=OPEN,AUTHENTICATED address={unix}/var/run/setroubleshoot/setroubleshoot_server socket=None >Mar 01 22:08:21 weatherwax setroubleshoot[2579]: received signal=14 >Mar 01 22:08:21 weatherwax setroubleshoot[2579]: KeyboardInterrupt in RunFaultServer >Mar 01 22:08:21 weatherwax setroubleshoot[2579]: writing database (/var/lib/setroubleshoot/setroubleshoot_database.xml) modified_count=0
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=869495">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1071573
: 869495