Bug 520904

Summary: setroubleshoot: SELinux is preventing udev-acl.ck "fowner" access on <Unknown>.
Product: [Fedora] Fedora Reporter: Matěj Cepl <mcepl>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: dwalsh, jkubin, mcepl, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:72b0651d69bd888e8b9e129fe13b44a65f8fddac85cad3e44966dfadf6989aac
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-08 10:19:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matěj Cepl 2009-09-02 19:46:31 UTC 
The following was filed automatically by setroubleshoot:

Souhrn:

SELinux is preventing udev-acl.ck "fowner" access on <Unknown>.

Podrobný popis:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by udev-acl.ck. It is not expected that this
access is required by udev-acl.ck and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Povolení přístupu:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Další informace:

Kontext zdroje                system_u:system_r:consolekit_t:s0-s0:c0.c1023
Kontext cíle                 system_u:system_r:consolekit_t:s0-s0:c0.c1023
Objekty cíle                 None [ capability ]
Zdroj                         udev-acl.ck
Cesta zdroje                  /lib/udev/udev-acl
Port                          <Neznámé>
Počítač                    (removed)
RPM balíčky zdroje          udev-145-7.fc12
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.6.28-9.fc12
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Permissive
Název zásuvného modulu     catchall
Název počítače            (removed)
Platforma                     Linux (removed) 2.6.31-0.190.rc8.fc12.x86_64 #1 SMP
                              Fri Aug 28 18:51:58 EDT 2009 x86_64 x86_64
Počet upozornění           2
Poprvé viděno               Po 31. srpen 2009, 13:31:04 CEST
Naposledy viděno             Út 1. září 2009, 23:03:34 CEST
Místní ID                   f86a3186-918f-484b-92d0-0dbd28839d96
Čísla řádků              

Původní zprávy auditu      

node=(removed) type=AVC msg=audit(1251839014.964:308): avc:  denied  { fowner } for  pid=9358 comm="udev-acl.ck" capability=3 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tclass=capability

node=(removed) type=SYSCALL msg=audit(1251839014.964:308): arch=c000003e syscall=188 success=yes exit=0 a0=da2c50 a1=310c605b47 a2=da2990 a3=2c items=0 ppid=1322 pid=9358 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udev-acl.ck" exe="/lib/udev/udev-acl" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= consolekit_t ==============
allow consolekit_t self:capability fowner;
Comment 1 Daniel Walsh 2009-09-08 10:19:45 UTC 

*** This bug has been marked as a duplicate of bug 520902 ***