Bug 560412

Summary: SELinux is preventing /usr/sbin/ulogd "module_request" access.
Product: [Fedora] Fedora Reporter: fredouille <f.berard>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: dwalsh, gafton, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: setroubleshoot_trace_hash:7de18274d82f29afb85e02a6d55b480e59abee7e212c88fbe66ee9319875e6a8
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-02-23 23:35:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description fredouille 2010-01-31 15:52:59 UTC
Résumé:

SELinux is preventing /usr/sbin/ulogd "module_request" access.

Description détaillée:

[ulogd a un type permissif (ulogd_t). Cet accès n'a pas été refusé.]

SELinux denied access requested by ulogd. It is not expected that this access is
required by ulogd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Autoriser l'accès:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Informations complémentaires:

Contexte source               system_u:system_r:ulogd_t:s0
Contexte cible                system_u:system_r:kernel_t:s0
Objets du contexte            None [ system ]
source                        ulogd
Chemin de la source           /usr/sbin/ulogd
Port                          <Inconnu>
Hôte                         (removed)
Paquetages RPM source         ulogd-1.24-13.fc12
Paquetages RPM cible          
Politique RPM                 selinux-policy-3.6.32-59.fc12
Selinux activé               True
Type de politique             targeted
Mode strict                   Enforcing
Nom du plugin                 catchall
Nom de l'hôte                (removed)
Plateforme                    Linux (removed) 2.6.31.5-127.fc12.x86_64 #1
                              SMP Sat Nov 7 21:11:14 EST 2009 x86_64 x86_64
Compteur d'alertes            1
Première alerte              dim. 17 janv. 2010 16:04:58 CET
Dernière alerte              dim. 17 janv. 2010 16:04:58 CET
ID local                      8feaca6c-018d-4e09-8c4d-e3015a415c38
Numéros des lignes           

Messages d'audit bruts        

node=(removed) type=AVC msg=audit(1263740698.604:6): avc:  denied  { module_request } for  pid=1525 comm="ulogd" scontext=system_u:system_r:ulogd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=system

node=(removed) type=SYSCALL msg=audit(1263740698.604:6): arch=c000003e syscall=41 success=yes exit=3 a0=10 a1=3 a2=5 a3=28 items=0 ppid=1524 pid=1525 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ulogd" exe="/usr/sbin/ulogd" subj=system_u:system_r:ulogd_t:s0 key=(null)



Hash String generated from  selinux-policy-3.6.32-59.fc12,catchall,ulogd,ulogd_t,kernel_t,system,module_request
audit2allow suggests:

#============= ulogd_t ==============
#!!!! This avc can be allowed using the boolean 'domain_kernel_load_modules'

allow ulogd_t kernel_t:system module_request;

Comment 1 Daniel Walsh 2010-02-01 20:09:01 UTC
Did you disable ipv6?

Comment 2 Daniel Walsh 2010-02-23 23:35:54 UTC

*** This bug has been marked as a duplicate of bug 487666 ***

Comment 3 Cristian Gafton 2010-05-30 20:38:34 UTC
(In reply to comment #1)
> Did you disable ipv6?    

Yes, this is happening on F12 hosts that have ipv6 disabled.