Bug 241484
Summary: | saslauthd can't authenticate against PAM with SELinux enforcing | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Nils Philippsen <nphilipp> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED DUPLICATE | QA Contact: | Ben Levenson <benl> |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | dwalsh, nalin |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-05-29 14:40:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Nils Philippsen
2007-05-26 14:32:35 UTC
Got these 2 additional denials as well, but this was already when running permissive: #1: Summary SELinux is preventing /usr/sbin/saslauthd (saslauthd_t) "audit_write" to <Unknown> (saslauthd_t). Detailed Description SELinux denied access requested by /usr/sbin/saslauthd. It is not expected that this access is required by /usr/sbin/saslauthd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context user_u:system_r:saslauthd_t Target Context user_u:system_r:saslauthd_t Target Objects None [ capability ] Affected RPM Packages cyrus-sasl-2.1.22-6 [application] Policy RPM selinux-policy-2.6.4-8.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall Host Name wombat Platform Linux wombat 2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:47:07 EDT 2007 x86_64 x86_64 Alert Count 1 First Seen Sat 26 May 2007 11:08:36 PM CEST Last Seen Sat 26 May 2007 11:08:36 PM CEST Local ID 6932edc5-fe2b-4342-b5ea-5d895566d060 Line Numbers Raw Audit Messages avc: denied { audit_write } for comm="saslauthd" egid=0 euid=0 exe="/usr/sbin/saslauthd" exit=120 fsgid=0 fsuid=0 gid=0 items=0 pid=16318 scontext=user_u:system_r:saslauthd_t:s0 sgid=0 subj=user_u:system_r:saslauthd_t:s0 suid=0 tclass=capability tcontext=user_u:system_r:saslauthd_t:s0 tty=(none) uid=0 and #2: Summary SELinux is preventing /usr/sbin/saslauthd (saslauthd_t) "read" to <Unknown> (saslauthd_t). Detailed Description SELinux denied access requested by /usr/sbin/saslauthd. It is not expected that this access is required by /usr/sbin/saslauthd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context user_u:system_r:saslauthd_t Target Context user_u:system_r:saslauthd_t Target Objects None [ netlink_audit_socket ] Affected RPM Packages cyrus-sasl-2.1.22-6 [application] Policy RPM selinux-policy-2.6.4-8.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall Host Name wombat Platform Linux wombat 2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:47:07 EDT 2007 x86_64 x86_64 Alert Count 1 First Seen Sat 26 May 2007 11:08:36 PM CEST Last Seen Sat 26 May 2007 11:08:36 PM CEST Local ID a85ce800-c9b7-40d6-9f10-9b405ad61fc1 Line Numbers Raw Audit Messages avc: denied { read } for comm="saslauthd" egid=0 euid=0 exe="/usr/sbin/saslauthd" exit=36 fsgid=0 fsuid=0 gid=0 items=0 pid=16318 scontext=user_u:system_r:saslauthd_t:s0 sgid=0 subj=user_u:system_r:saslauthd_t:s0 suid=0 tclass=netlink_audit_socket tcontext=user_u:system_r:saslauthd_t:s0 tty=(none) uid=0 And another one: Summary SELinux is preventing /usr/sbin/saslauthd (saslauthd_t) "nlmsg_relay" to <Unknown> (saslauthd_t). Detailed Description SELinux denied access requested by /usr/sbin/saslauthd. It is not expected that this access is required by /usr/sbin/saslauthd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context user_u:system_r:saslauthd_t Target Context user_u:system_r:saslauthd_t Target Objects None [ netlink_audit_socket ] Affected RPM Packages cyrus-sasl-2.1.22-6 [application] Policy RPM selinux-policy-2.6.4-8.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall Host Name wombat Platform Linux wombat 2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:47:07 EDT 2007 x86_64 x86_64 Alert Count 7 First Seen Sun 27 May 2007 06:12:09 PM CEST Last Seen Sun 27 May 2007 08:12:09 PM CEST Local ID 6c127942-8b52-4e2d-b3cc-ae6cf0baecbb Line Numbers Raw Audit Messages avc: denied { nlmsg_relay } for comm="saslauthd" egid=0 euid=0 exe="/usr/sbin/saslauthd" exit=120 fsgid=0 fsuid=0 gid=0 items=0 pid=16321 scontext=user_u:system_r:saslauthd_t:s0 sgid=0 subj=user_u:system_r:saslauthd_t:s0 suid=0 tclass=netlink_audit_socket tcontext=user_u:system_r:saslauthd_t:s0 tty=(none) uid=0 |