Bug 521071
Summary: | setroubleshoot: SELinux is preventing Xorg "create" access on <Unknown>. | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tom London <selinux> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | cward, dwalsh, jkubin, kmaraas, mgrepl, pmd.lotr.gandalf, sebastianocossu |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | setroubleshoot_trace_hash:6b19787725aed52cb77e7ebbaeba5bdd6c4701891da91e0620654047e9d12f21 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-09-09 11:12:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tom London
2009-09-03 13:17:38 UTC
Believe the following are related: Summary: SELinux is preventing Xorg "setopt" access on <Unknown>. Detailed Description: [Xorg has a permissive type (xserver_t). This access was not denied.] SELinux denied access requested by Xorg. It is not expected that this access is required by Xorg and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Objects None [ netlink_kobject_uevent_socket ] Source Xorg Source Path /usr/bin/Xorg Port <Unknown> Host tlondon.innopath.com Source RPM Packages xorg-x11-server-Xorg-1.6.99-44.20090901.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.30-2.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name tlondon.innopath.com Platform Linux tlondon.innopath.com 2.6.31-0.190.rc8.fc12.x86_64 #1 SMP Fri Aug 28 18:51:58 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Thu 03 Sep 2009 06:14:36 AM PDT Last Seen Thu 03 Sep 2009 06:14:36 AM PDT Local ID af72fd37-72d2-4b64-9620-bb436acf97c9 Line Numbers Raw Audit Messages node=tlondon.innopath.com type=AVC msg=audit(1251983676.279:15): avc: denied { setopt } for pid=1460 comm="Xorg" scontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=netlink_kobject_uevent_socket node=tlondon.innopath.com type=SYSCALL msg=audit(1251983676.279:15): arch=c000003e syscall=54 success=yes exit=0 a0=a a1=1 a2=1a a3=7f467e648730 items=0 ppid=1438 pid=1460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="Xorg" exe="/usr/bin/Xorg" subj=system_u:system_r:xserver_t:s0-s0:c0.c1023 key=(null) and Summary: SELinux is preventing Xorg "bind" access on <Unknown>. Detailed Description: [Xorg has a permissive type (xserver_t). This access was not denied.] SELinux denied access requested by Xorg. It is not expected that this access is required by Xorg and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Objects None [ netlink_kobject_uevent_socket ] Source Xorg Source Path /usr/bin/Xorg Port <Unknown> Host tlondon.innopath.com Source RPM Packages xorg-x11-server-Xorg-1.6.99-44.20090901.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.30-2.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name tlondon.innopath.com Platform Linux tlondon.innopath.com 2.6.31-0.190.rc8.fc12.x86_64 #1 SMP Fri Aug 28 18:51:58 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Thu 03 Sep 2009 06:14:36 AM PDT Last Seen Thu 03 Sep 2009 06:14:36 AM PDT Local ID 3f8afa43-0ac7-495a-abc4-733e0e2c7791 Line Numbers Raw Audit Messages node=tlondon.innopath.com type=AVC msg=audit(1251983676.279:16): avc: denied { bind } for pid=1460 comm="Xorg" scontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=netlink_kobject_uevent_socket node=tlondon.innopath.com type=SYSCALL msg=audit(1251983676.279:16): arch=c000003e syscall=49 success=yes exit=0 a0=a a1=4b619f0 a2=c a3=7fff955db420 items=0 ppid=1438 pid=1460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="Xorg" exe="/usr/bin/Xorg" subj=system_u:system_r:xserver_t:s0-s0:c0.c1023 key=(null) and Summary: SELinux is preventing Xorg "getattr" access on <Unknown>. Detailed Description: [Xorg has a permissive type (xserver_t). This access was not denied.] SELinux denied access requested by Xorg. It is not expected that this access is required by Xorg and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Objects None [ netlink_kobject_uevent_socket ] Source Xorg Source Path /usr/bin/Xorg Port <Unknown> Host tlondon.innopath.com Source RPM Packages xorg-x11-server-Xorg-1.6.99-44.20090901.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.30-2.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name tlondon.innopath.com Platform Linux tlondon.innopath.com 2.6.31-0.190.rc8.fc12.x86_64 #1 SMP Fri Aug 28 18:51:58 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Thu 03 Sep 2009 06:14:36 AM PDT Last Seen Thu 03 Sep 2009 06:14:36 AM PDT Local ID 4f6acb4f-886e-4c1f-bdf6-67d58ad17cd1 Line Numbers Raw Audit Messages node=tlondon.innopath.com type=AVC msg=audit(1251983676.280:17): avc: denied { getattr } for pid=1460 comm="Xorg" scontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=netlink_kobject_uevent_socket node=tlondon.innopath.com type=SYSCALL msg=audit(1251983676.280:17): arch=c000003e syscall=51 success=yes exit=0 a0=a a1=7fff955db690 a2=7fff955db6a8 a3=7fff955db420 items=0 ppid=1438 pid=1460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="Xorg" exe="/usr/bin/Xorg" subj=system_u:system_r:xserver_t:s0-s0:c0.c1023 key=(null) Also getting: Summary: SELinux is preventing Xorg "getattr" access on <Unknown>. Detailed Description: [Xorg has a permissive type (xserver_t). This access was not denied.] SELinux denied access requested by Xorg. It is not expected that this access is required by Xorg and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Context system_u:system_r:xserver_t:s0-s0:c0.c1023 Target Objects None [ netlink_kobject_uevent_socket ] Source Xorg Source Path /usr/bin/Xorg Port <Unknown> Host tlondon.innopath.com Source RPM Packages xorg-x11-server-Xorg-1.6.99-44.20090901.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.30-2.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name tlondon.innopath.com Platform Linux tlondon.innopath.com 2.6.31-0.190.rc8.fc12.x86_64 #1 SMP Fri Aug 28 18:51:58 EDT 2009 x86_64 x86_64 Alert Count 1 First Seen Thu 03 Sep 2009 06:14:36 AM PDT Last Seen Thu 03 Sep 2009 06:14:36 AM PDT Local ID 4f6acb4f-886e-4c1f-bdf6-67d58ad17cd1 Line Numbers Raw Audit Messages node=tlondon.innopath.com type=AVC msg=audit(1251983676.280:17): avc: denied { getattr } for pid=1460 comm="Xorg" scontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xserver_t:s0-s0:c0.c1023 tclass=netlink_kobject_uevent_socket node=tlondon.innopath.com type=SYSCALL msg=audit(1251983676.280:17): arch=c000003e syscall=51 success=yes exit=0 a0=a a1=7fff955db690 a2=7fff955db6a8 a3=7fff955db420 items=0 ppid=1438 pid=1460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="Xorg" exe="/usr/bin/Xorg" subj=system_u:system_r:xserver_t:s0-s0:c0.c1023 key=(null) Fixed in selinux-policy-3.6.30-4.fc12.noarch i'm running selinux-policy-3.6.30-4.fc12.noarch and i'm still getting reports of this errata when i boot into gnome. I'm going to continue watching and will report back if it happens again or if it goes away. sorry, did i say errata? i mean ... s/errata/issue/ or some similar word. :) Actually, this hasn't happened again since i clear the audit reports. I'll reopen if it does... |