Bug 522962

Summary:	setroubleshoot: Your system may be seriously compromised!
Product:	[Fedora] Fedora	Reporter:	seventhguardian
Component:	selinux-policy	Assignee:	Eric Paris <eparis>
Status:	CLOSED DUPLICATE	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	low
Version:	rawhide	CC:	dwalsh, jkubin, lorisdianna, mgrepl, seventhguardian
Target Milestone:	---
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:	setroubleshoot_trace_hash:16fe27b66d34427ea22361ea4271da1353e5ad57225f9e9f23ee6e3bf7e80145
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2009-09-14 17:07:31 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description seventhguardian 2009-09-12 19:04:34 UTC

The following was filed automatically by setroubleshoot:

Resumo:

Your system may be seriously compromised!

Descrição Detalhada:

SELinux has prevented iw from loading a kernel module. All confined programs
that need to load kernel modules should have already had policy written for
them. If a compromised application tries to modify the kernel this AVC will be
generated. This is a serious issue. Your system may very well be compromised.

A Permitir o Acesso:

Contact your security administrator and report this issue.

Informação Adicional:

Contexto de Origem            system_u:system_r:udev_t:s0-s0:c0.c1023
Contexto de Destino           system_u:system_r:udev_t:s0-s0:c0.c1023
Objectos de Destino           None [ capability ]
Fonte                         iw
Caminho de Origem             /usr/bin/iw
Porto                         <Desconhecida>
Máquina                      (removed)
Pacotes RPM Fonte             iw-0.9.17-2.fc12
Pacotes RPM Destino           
RPM da Política              selinux-policy-3.6.30-4.fc12
Selinux Activo                True
Tipo de Política             targeted
MLS Activo                    True
Modo de Execução Forçada   Enforcing
Nome do Plugin                sys_module
Nome da Máquina              (removed)
Plataforma                    Linux (removed) 2.6.31-0.204.rc9.fc12.x86_64 #1
                              SMP Sat Sep 5 20:45:55 EDT 2009 x86_64 x86_64
Contador de Alertas           1
Primeira Vez Visto            Qui 10 Set 2009 20:05:45 WEST
Última Vez Visto             Qui 10 Set 2009 20:05:45 WEST
ID Local                      4bd01552-cd3e-4453-a152-285caf3a5db8
Números de Linha             

Mensagens de Auditoria em Bru 

node=(removed) type=AVC msg=audit(1252609545.251:45): avc:  denied  { sys_module } for  pid=2100 comm="iw" capability=16 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability

node=(removed) type=SYSCALL msg=audit(1252609545.251:45): arch=c000003e syscall=16 success=no exit=-19 a0=4 a1=8933 a2=7fff20bbbbe0 a3=fffffffffffff158 items=0 ppid=2089 pid=2100 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iw" exe="/usr/bin/iw" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= udev_t ==============
allow udev_t self:capability sys_module;

Comment 1 Eric Paris 2009-09-14 17:05:12 UTC

*** Bug 523025 has been marked as a duplicate of this bug. ***

Comment 2 Eric Paris 2009-09-14 17:07:31 UTC


*** This bug has been marked as a duplicate of bug 520728 ***