Bug 746616

Summary:	ntpd_t and dhcpc_t generate AVC fails
Product:	Red Hat Enterprise Linux 6	Reporter:	Juraj Marko <jmarko>
Component:	selinux-policy	Assignee:	Miroslav Grepl <mgrepl>
Status:	CLOSED ERRATA	QA Contact:	Milos Malik <mmalik>
Severity:	urgent	Docs Contact:
Priority:	urgent
Version:	6.2	CC:	azelinka, dwalsh, eparis, jscotka, mmalik, nlevinki, pmoore, psklenar
Target Milestone:	rc	Keywords:	Regression
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	selinux-policy-3.7.19-118.el6	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2011-12-06 10:20:10 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	746930
Bug Blocks:	739953, 748554, 750914

Description Juraj Marko 2011-10-17 09:56:45 UTC

Description of problem:
Some our test fails on AVC test

Version-Release number of selected component (if applicable):
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Running 'rpm -q selinux-policy || true'
selinux-policy-3.7.19-115.el6.noarch

How reproducible:
50%

Steps to Reproduce:
1. run test in beaker
  
Actual results:
/test_log-Testing-avc.log 	  	Fail 

Expected results:
/test_log-Testing-avc.log 	  	Pass

Additional info:
I will add the log from tests in next comments

Comment 1 Juraj Marko 2011-10-17 09:58:23 UTC

test: /CoreOS/iputils/Regression/bz465972-update-of-iputils-starts-rdisc
arch: x86_64 	
log:
Info: Searching AVC errors produced since 1318642617.81 (Fri Oct 14 21:36:57 2011)
Searching logs...
Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 10/14/2011 21:36:57 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result._TKAiI 2>&1'
----
time->Fri Oct 14 21:36:59 2011
type=AVC msg=audit(1318642619.141:532178): avc:  denied  { recv } for  saddr=10.16.64.14 src=67 daddr=255.255.255.255 dest=68 netif=eth1 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:37:00 2011
type=AVC msg=audit(1318642620.774:532179): avc:  denied  { recv } for  saddr=10.16.64.14 src=67 daddr=255.255.255.255 dest=68 netif=eth1 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:37:04 2011
type=AVC msg=audit(1318642624.618:532180): avc:  denied  { recv } for  saddr=10.16.64.14 src=67 daddr=255.255.255.255 dest=68 netif=eth1 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Fail: AVC messages found.
Checking for errors...
Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
Running 'cat /mnt/testarea/tmp.rhts-db-submit-result._TKAiI | /sbin/ausearch -m AVC -m SELINUX_ERR'
Fail: AVC messages found.
Running 'cat %s | /sbin/ausearch -m USER_AVC >/mnt/testarea/tmp.rhts-db-submit-result.yehkwQ 2>&1'
Info: No AVC messages found.
/bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log
No AVC messages found in dmesg
Running '/usr/sbin/sestatus'
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Running 'rpm -q selinux-policy || true'
selinux-policy-3.7.19-115.el6.noarch

Comment 2 Juraj Marko 2011-10-17 09:59:45 UTC

test: /CoreOS/iputils/Regression/bz465972-update-of-iputils-starts-rdisc
arch: ppc64
log:
Info: Searching AVC errors produced since 1318652450.75 (Sat Oct 15 00:20:50 2011)
Searching logs...
Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 10/15/2011 00:20:50 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.LOggnU 2>&1'
----
time->Sat Oct 15 00:20:58 2011
type=AVC msg=audit(1318652458.344:580967): avc:  denied  { recv } for  saddr=10.16.64.14 src=67 daddr=255.255.255.255 dest=68 netif=eth0 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Fail: AVC messages found.
Checking for errors...
Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
Running 'cat /mnt/testarea/tmp.rhts-db-submit-result.LOggnU | /sbin/ausearch -m AVC -m SELINUX_ERR'
Fail: AVC messages found.
Running 'cat %s | /sbin/ausearch -m USER_AVC >/mnt/testarea/tmp.rhts-db-submit-result.4YeBKe 2>&1'
Info: No AVC messages found.
/bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log
No AVC messages found in dmesg
Running '/usr/sbin/sestatus'
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Running 'rpm -q selinux-policy || true'
selinux-policy-3.7.19-115.el6.noarch

Comment 3 Juraj Marko 2011-10-17 10:00:59 UTC

test: /CoreOS/iputils/Regression/bz465972-update-of-iputils-starts-rdisc
arch: i386
log:
Info: Searching AVC errors produced since 1318651023.83 (Fri Oct 14 23:57:03 2011)
Searching logs...
Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 10/14/2011 23:57:03 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.gKlDA1 2>&1'
----
time->Fri Oct 14 23:57:03 2011
type=AVC msg=audit(1318651023.048:177667): avc:  denied  { recv } for  saddr=10.16.64.14 src=67 daddr=255.255.255.255 dest=68 netif=eth0 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 23:57:07 2011
type=SYSCALL msg=audit(1318651027.653:177669): arch=40000003 syscall=102 success=no exit=-111 a0=b a1=bf84f610 a2=25b0d4 a3=ffffffff items=0 ppid=1 pid=1412 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1318651027.653:177669): avc:  denied  { send } for  pid=1412 comm="ntpd" saddr=10.16.64.82 src=123 daddr=10.16.71.254 dest=123 netif=eth0 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 23:57:07 2011
type=AVC msg=audit(1318651027.047:177668): avc:  denied  { recv } for  pid=14957 comm="yum" saddr=10.16.64.14 src=67 daddr=255.255.255.255 dest=68 netif=eth0 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 23:57:09 2011
type=SYSCALL msg=audit(1318651029.653:177670): arch=40000003 syscall=102 success=no exit=-111 a0=b a1=bf84f610 a2=25b0d4 a3=ffffffff items=0 ppid=1 pid=1412 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1318651029.653:177670): avc:  denied  { send } for  pid=1412 comm="ntpd" saddr=10.16.64.82 src=123 daddr=65.49.70.245 dest=123 netif=eth0 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 23:57:17 2011
type=SYSCALL msg=audit(1318651037.653:177672): arch=40000003 syscall=102 success=no exit=-111 a0=b a1=bf84f610 a2=25b0d4 a3=ffffffff items=0 ppid=1 pid=1412 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1318651037.653:177672): avc:  denied  { send } for  pid=1412 comm="ntpd" saddr=10.16.64.82 src=123 daddr=10.16.255.2 dest=123 netif=eth0 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 23:57:18 2011
type=SYSCALL msg=audit(1318651038.653:177673): arch=40000003 syscall=102 success=no exit=-111 a0=b a1=bf84f610 a2=25b0d4 a3=ffffffff items=0 ppid=1 pid=1412 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1318651038.653:177673): avc:  denied  { send } for  pid=1412 comm="ntpd" saddr=10.16.64.82 src=123 daddr=64.6.144.6 dest=123 netif=eth0 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 23:57:16 2011
type=SYSCALL msg=audit(1318651036.653:177671): arch=40000003 syscall=102 success=no exit=-111 a0=b a1=bf84f610 a2=25b0d4 a3=ffffffff items=0 ppid=1 pid=1412 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1318651036.653:177671): avc:  denied  { send } for  pid=1412 comm="ntpd" saddr=10.16.64.82 src=123 daddr=173.203.122.111 dest=123 netif=eth0 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 23:57:23 2011
type=SYSCALL msg=audit(1318651043.653:177674): arch=40000003 syscall=102 success=no exit=-111 a0=b a1=bf84f610 a2=25b0d4 a3=ffffffff items=0 ppid=1 pid=1412 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1318651043.653:177674): avc:  denied  { send } for  pid=1412 comm="ntpd" saddr=10.16.64.82 src=123 daddr=10.16.255.3 dest=123 netif=eth0 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Fail: AVC messages found.
Checking for errors...
Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
Running 'cat /mnt/testarea/tmp.rhts-db-submit-result.gKlDA1 | /sbin/ausearch -m AVC -m SELINUX_ERR'
Fail: AVC messages found.
Running 'cat %s | /sbin/ausearch -m USER_AVC >/mnt/testarea/tmp.rhts-db-submit-result.Nxrvzx 2>&1'
Info: No AVC messages found.
/bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log
No AVC messages found in dmesg
Running '/usr/sbin/sestatus'
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Running 'rpm -q selinux-policy || true'
selinux-policy-3.7.19-115.el6.noarch

Comment 4 Juraj Marko 2011-10-17 10:07:23 UTC

test: /CoreOS/logrotate/bug168295


arch: x86_64
log:
Info: Searching AVC errors produced since 1318642829.61 (Fri Oct 14 21:40:29 2011)
Searching logs...
Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 10/14/2011 21:40:29 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.emwzQO 2>&1'
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.794:532233): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fff39beabb0 a2=1c a3=4000 items=0 ppid=2044 pid=19519 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.794:532233): avc:  denied  { send } for  pid=19519 comm="smtp" saddr=10.16.66.113 src=52576 daddr=10.16.36.29 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.795:532234): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fff39beabb0 a2=1c a3=4000 items=0 ppid=2044 pid=19519 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.795:532234): avc:  denied  { send } for  pid=19519 comm="smtp" saddr=10.16.66.113 src=41025 daddr=10.16.255.2 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.795:532235): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fff39beabb0 a2=1c a3=4000 items=0 ppid=2044 pid=19519 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.795:532235): avc:  denied  { send } for  pid=19519 comm="smtp" saddr=10.16.66.113 src=55767 daddr=10.16.255.3 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.795:532236): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fff39beabb0 a2=1c a3=4000 items=0 ppid=2044 pid=19519 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.795:532236): avc:  denied  { send } for  pid=19519 comm="smtp" saddr=10.16.66.113 src=55299 daddr=10.16.36.29 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.795:532237): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fff39beabb0 a2=1c a3=4000 items=0 ppid=2044 pid=19519 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.795:532237): avc:  denied  { send } for  pid=19519 comm="smtp" saddr=10.16.66.113 src=41870 daddr=10.16.255.2 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.795:532238): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fff39beabb0 a2=1c a3=4000 items=0 ppid=2044 pid=19519 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.795:532238): avc:  denied  { send } for  pid=19519 comm="smtp" saddr=10.16.66.113 src=47903 daddr=10.16.255.3 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.801:532239): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fffffa8a530 a2=1c a3=4000 items=0 ppid=2044 pid=19523 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.801:532239): avc:  denied  { send } for  pid=19523 comm="smtp" saddr=10.16.66.113 src=55506 daddr=10.16.36.29 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.801:532240): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fffffa8a530 a2=1c a3=4000 items=0 ppid=2044 pid=19523 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.801:532240): avc:  denied  { send } for  pid=19523 comm="smtp" saddr=10.16.66.113 src=36435 daddr=10.16.255.2 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.801:532241): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fffffa8a530 a2=1c a3=4000 items=0 ppid=2044 pid=19523 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.801:532241): avc:  denied  { send } for  pid=19523 comm="smtp" saddr=10.16.66.113 src=42024 daddr=10.16.255.3 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.801:532242): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fffffa8a530 a2=1c a3=4000 items=0 ppid=2044 pid=19523 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.801:532242): avc:  denied  { send } for  pid=19523 comm="smtp" saddr=10.16.66.113 src=51866 daddr=10.16.36.29 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.801:532243): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fffffa8a530 a2=1c a3=4000 items=0 ppid=2044 pid=19523 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.801:532243): avc:  denied  { send } for  pid=19523 comm="smtp" saddr=10.16.66.113 src=52632 daddr=10.16.255.2 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Fri Oct 14 21:40:30 2011
type=SYSCALL msg=audit(1318642830.802:532244): arch=c000003e syscall=44 success=no exit=-111 a0=c a1=7fffffa8a530 a2=1c a3=4000 items=0 ppid=2044 pid=19523 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318642830.802:532244): avc:  denied  { send } for  pid=19523 comm="smtp" saddr=10.16.66.113 src=58477 daddr=10.16.255.3 dest=53 netif=eth1 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Fail: AVC messages found.
Checking for errors...
Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
Running 'cat /mnt/testarea/tmp.rhts-db-submit-result.emwzQO | /sbin/ausearch -m AVC -m SELINUX_ERR'
Fail: AVC messages found.
Running 'cat %s | /sbin/ausearch -m USER_AVC >/mnt/testarea/tmp.rhts-db-submit-result.9JxHgB 2>&1'
Info: No AVC messages found.
/bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log
No AVC messages found in dmesg
Running '/usr/sbin/sestatus'
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Running 'rpm -q selinux-policy || true'
selinux-policy-3.7.19-115.el6.noarch


arch: ppc64
log:
Info: Searching AVC errors produced since 1318652783.29 (Sat Oct 15 00:26:23 2011)
Searching logs...
Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 10/15/2011 00:26:23 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.g2cVW_ 2>&1'
----
time->Sat Oct 15 00:26:24 2011
type=SYSCALL msg=audit(1318652784.381:581033): arch=80000015 syscall=102 success=no exit=-111 a0=9 a1=ffff0c061a0 a2=1c a3=4000 items=0 ppid=2012 pid=18264 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318652784.381:581033): avc:  denied  { send } for  pid=18264 comm="smtp" saddr=10.16.67.64 src=53158 daddr=10.16.36.29 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:26:24 2011
type=SYSCALL msg=audit(1318652784.381:581034): arch=80000015 syscall=102 success=no exit=-111 a0=9 a1=ffff0c061a0 a2=1c a3=4000 items=0 ppid=2012 pid=18264 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318652784.381:581034): avc:  denied  { send } for  pid=18264 comm="smtp" saddr=10.16.67.64 src=54145 daddr=10.16.255.2 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:26:24 2011
type=SYSCALL msg=audit(1318652784.381:581035): arch=80000015 syscall=102 success=no exit=-111 a0=9 a1=ffff0c061a0 a2=1c a3=4000 items=0 ppid=2012 pid=18264 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318652784.381:581035): avc:  denied  { send } for  pid=18264 comm="smtp" saddr=10.16.67.64 src=32941 daddr=10.16.255.3 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:26:24 2011
type=SYSCALL msg=audit(1318652784.381:581036): arch=80000015 syscall=102 success=no exit=-111 a0=9 a1=ffff0c061a0 a2=1c a3=4000 items=0 ppid=2012 pid=18264 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318652784.381:581036): avc:  denied  { send } for  pid=18264 comm="smtp" saddr=10.16.67.64 src=42275 daddr=10.16.36.29 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:26:24 2011
type=SYSCALL msg=audit(1318652784.381:581037): arch=80000015 syscall=102 success=no exit=-111 a0=9 a1=ffff0c061a0 a2=1c a3=4000 items=0 ppid=2012 pid=18264 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318652784.381:581037): avc:  denied  { send } for  pid=18264 comm="smtp" saddr=10.16.67.64 src=46307 daddr=10.16.255.2 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:26:24 2011
type=SYSCALL msg=audit(1318652784.381:581038): arch=80000015 syscall=102 success=no exit=-111 a0=9 a1=ffff0c061a0 a2=1c a3=4000 items=0 ppid=2012 pid=18264 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318652784.381:581038): avc:  denied  { send } for  pid=18264 comm="smtp" saddr=10.16.67.64 src=56015 daddr=10.16.255.3 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:26:24 2011
type=SYSCALL msg=audit(1318652784.391:581039): arch=80000015 syscall=102 success=no exit=-111 a0=9 a1=fffdb2e7240 a2=1c a3=4000 items=0 ppid=2012 pid=18266 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318652784.391:581039): avc:  denied  { send } for  pid=18266 comm="smtp" saddr=10.16.67.64 src=56017 daddr=10.16.36.29 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:26:24 2011
type=SYSCALL msg=audit(1318652784.391:581040): arch=80000015 syscall=102 success=no exit=-111 a0=9 a1=fffdb2e7240 a2=1c a3=4000 items=0 ppid=2012 pid=18266 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318652784.391:581040): avc:  denied  { send } for  pid=18266 comm="smtp" saddr=10.16.67.64 src=33365 daddr=10.16.255.2 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:26:24 2011
type=SYSCALL msg=audit(1318652784.391:581041): arch=80000015 syscall=102 success=no exit=-111 a0=9 a1=fffdb2e7240 a2=1c a3=4000 items=0 ppid=2012 pid=18266 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318652784.391:581041): avc:  denied  { send } for  pid=18266 comm="smtp" saddr=10.16.67.64 src=52280 daddr=10.16.255.3 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:26:24 2011
type=SYSCALL msg=audit(1318652784.391:581042): arch=80000015 syscall=102 success=no exit=-111 a0=9 a1=fffdb2e7240 a2=1c a3=4000 items=0 ppid=2012 pid=18266 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318652784.391:581042): avc:  denied  { send } for  pid=18266 comm="smtp" saddr=10.16.67.64 src=33929 daddr=10.16.36.29 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Fail: AVC messages found.
Checking for errors...
Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
Running 'cat /mnt/testarea/tmp.rhts-db-submit-result.g2cVW_ | /sbin/ausearch -m AVC -m SELINUX_ERR'
Fail: AVC messages found.
Running 'cat %s | /sbin/ausearch -m USER_AVC >/mnt/testarea/tmp.rhts-db-submit-result.PUQGpK 2>&1'
Info: No AVC messages found.
/bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log
No AVC messages found in dmesg
Running '/usr/sbin/sestatus'
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Running 'rpm -q selinux-policy || true'
selinux-policy-3.7.19-115.el6.noarch


arch: i386
log:
Info: Searching AVC errors produced since 1318651746.51 (Sat Oct 15 00:09:06 2011)
Searching logs...
Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 10/15/2011 00:09:06 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.sZTvYX 2>&1'
----
time->Sat Oct 15 00:09:06 2011
type=SYSCALL msg=audit(1318651746.658:177789): arch=40000003 syscall=102 success=no exit=-111 a0=b a1=bf84f610 a2=25b0d4 a3=ffffffff items=0 ppid=1 pid=1412 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1318651746.658:177789): avc:  denied  { send } for  pid=1412 comm="ntpd" saddr=10.16.64.82 src=123 daddr=10.16.255.2 dest=123 netif=eth0 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.840:177790): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bfbbe698 a2=5b7ff4 a3=1045b60 items=0 ppid=1488 pid=21717 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.840:177790): avc:  denied  { send } for  pid=21717 comm="smtp" saddr=10.16.64.82 src=57273 daddr=10.16.36.29 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.840:177791): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bfbbe698 a2=5b7ff4 a3=1045b60 items=0 ppid=1488 pid=21717 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.840:177791): avc:  denied  { send } for  pid=21717 comm="smtp" saddr=10.16.64.82 src=48176 daddr=10.16.255.2 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.841:177792): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bfbbe698 a2=5b7ff4 a3=1045b60 items=0 ppid=1488 pid=21717 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.841:177792): avc:  denied  { send } for  pid=21717 comm="smtp" saddr=10.16.64.82 src=46957 daddr=10.16.255.3 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.842:177793): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bfbbe698 a2=5b7ff4 a3=1045b60 items=0 ppid=1488 pid=21717 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.842:177793): avc:  denied  { send } for  pid=21717 comm="smtp" saddr=10.16.64.82 src=41141 daddr=10.16.36.29 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.842:177794): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bfbbe698 a2=5b7ff4 a3=1045b60 items=0 ppid=1488 pid=21717 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.842:177794): avc:  denied  { send } for  pid=21717 comm="smtp" saddr=10.16.64.82 src=41683 daddr=10.16.255.2 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.842:177795): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bfbbe698 a2=5b7ff4 a3=1045b60 items=0 ppid=1488 pid=21717 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.842:177795): avc:  denied  { send } for  pid=21717 comm="smtp" saddr=10.16.64.82 src=46740 daddr=10.16.255.3 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.870:177796): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bf8dff78 a2=ea3ff4 a3=b69b60 items=0 ppid=1488 pid=21718 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.870:177796): avc:  denied  { send } for  pid=21718 comm="smtp" saddr=10.16.64.82 src=34732 daddr=10.16.36.29 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.871:177797): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bf8dff78 a2=ea3ff4 a3=b69b60 items=0 ppid=1488 pid=21718 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.871:177797): avc:  denied  { send } for  pid=21718 comm="smtp" saddr=10.16.64.82 src=54575 daddr=10.16.255.2 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.871:177798): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bf8dff78 a2=ea3ff4 a3=b69b60 items=0 ppid=1488 pid=21718 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.871:177798): avc:  denied  { send } for  pid=21718 comm="smtp" saddr=10.16.64.82 src=56023 daddr=10.16.255.3 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.872:177799): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bf8dff78 a2=ea3ff4 a3=b69b60 items=0 ppid=1488 pid=21718 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.872:177799): avc:  denied  { send } for  pid=21718 comm="smtp" saddr=10.16.64.82 src=60797 daddr=10.16.36.29 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.872:177800): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bf8dff78 a2=ea3ff4 a3=b69b60 items=0 ppid=1488 pid=21718 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.872:177800): avc:  denied  { send } for  pid=21718 comm="smtp" saddr=10.16.64.82 src=50487 daddr=10.16.255.2 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
----
time->Sat Oct 15 00:09:08 2011
type=SYSCALL msg=audit(1318651748.872:177801): arch=40000003 syscall=102 success=no exit=-111 a0=9 a1=bf8dff78 a2=ea3ff4 a3=b69b60 items=0 ppid=1488 pid=21718 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=system_u:system_r:postfix_smtp_t:s0 key=(null)
type=AVC msg=audit(1318651748.872:177801): avc:  denied  { send } for  pid=21718 comm="smtp" saddr=10.16.64.82 src=58448 daddr=10.16.255.3 dest=53 netif=eth0 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Fail: AVC messages found.
Checking for errors...
Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
Running 'cat /mnt/testarea/tmp.rhts-db-submit-result.sZTvYX | /sbin/ausearch -m AVC -m SELINUX_ERR'
Fail: AVC messages found.
Running 'cat %s | /sbin/ausearch -m USER_AVC >/mnt/testarea/tmp.rhts-db-submit-result.BvhwQV 2>&1'
Info: No AVC messages found.
/bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log
No AVC messages found in dmesg
Running '/usr/sbin/sestatus'
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Running 'rpm -q selinux-policy || true'
selinux-policy-3.7.19-115.el6.noarch

Comment 5 Juraj Marko 2011-10-17 10:11:45 UTC

test: /CoreOS/logrotate/bug208538

arch: ppc64
log:
Info: Searching AVC errors produced since 1318652806.75 (Sat Oct 15 00:26:46 2011)
Searching logs...
Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 10/15/2011 00:26:46 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.6gluLI 2>&1'
----
time->Sat Oct 15 00:26:46 2011
type=SYSCALL msg=audit(1318652806.621:581052): arch=80000015 syscall=102 success=no exit=-111 a0=b a1=fffe8b31c00 a2=30 a3=0 items=0 ppid=1 pid=1936 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1318652806.621:581052): avc:  denied  { send } for  pid=1936 comm="ntpd" saddr=10.16.67.64 src=123 daddr=10.16.71.254 dest=123 netif=eth0 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Fail: AVC messages found.
Checking for errors...
Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
Running 'cat /mnt/testarea/tmp.rhts-db-submit-result.6gluLI | /sbin/ausearch -m AVC -m SELINUX_ERR'
Fail: AVC messages found.
Running 'cat %s | /sbin/ausearch -m USER_AVC >/mnt/testarea/tmp.rhts-db-submit-result.QfObJc 2>&1'
Info: No AVC messages found.
/bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log
No AVC messages found in dmesg
Running '/usr/sbin/sestatus'
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Running 'rpm -q selinux-policy || true'
selinux-policy-3.7.19-115.el6.noarch


arch: i386
log:
Info: Searching AVC errors produced since 1318651793.67 (Sat Oct 15 00:09:53 2011)
Searching logs...
Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 10/15/2011 00:09:53 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.D5hshT 2>&1'
----
time->Sat Oct 15 00:09:53 2011
type=SYSCALL msg=audit(1318651793.654:177807): arch=40000003 syscall=102 success=no exit=-111 a0=b a1=bf84f610 a2=25b0d4 a3=ffffffff items=0 ppid=1 pid=1412 auid=4294967295 uid=38 gid=38 euid=38 suid=38 fsuid=38 egid=38 sgid=38 fsgid=38 tty=(none) ses=4294967295 comm="ntpd" exe="/usr/sbin/ntpd" subj=system_u:system_r:ntpd_t:s0 key=(null)
type=AVC msg=audit(1318651793.654:177807): avc:  denied  { send } for  pid=1412 comm="ntpd" saddr=10.16.64.82 src=123 daddr=10.16.71.254 dest=123 netif=eth0 scontext=system_u:system_r:ntpd_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Fail: AVC messages found.
Checking for errors...
Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
Running 'cat /mnt/testarea/tmp.rhts-db-submit-result.D5hshT | /sbin/ausearch -m AVC -m SELINUX_ERR'
Fail: AVC messages found.
Running 'cat %s | /sbin/ausearch -m USER_AVC >/mnt/testarea/tmp.rhts-db-submit-result.du3YIL 2>&1'
Info: No AVC messages found.
/bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log
No AVC messages found in dmesg
Running '/usr/sbin/sestatus'
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Running 'rpm -q selinux-policy || true'
selinux-policy-3.7.19-115.el6.noarch

Comment 11 Paul Moore 2011-10-17 20:53:58 UTC

Looks like there is some amount of Secmark configuration on the system (this explains the packet:{send recv} access control points becoming active) but not all traffic is being labeled via Secmark (the reason why tcontext is unlabeled_t).  From a quick glance at the logs above, everything looks correct to me.

Depending on your point of view, this is either a configuration issue or a policy issue.  Personally, I tend to think it is the former.

Comment 12 Jan Ščotka 2011-10-18 09:36:25 UTC

I found another one, I'm not sure if it is same or not?

Info: Searching AVC errors produced since 1318901755.08 (Mon Oct 17 21:35:55 2011)
Searching logs...
Running '/usr/bin/env LC_ALL=en_US.UTF-8 /sbin/ausearch -m AVC -m USER_AVC -m SELINUX_ERR -ts 10/17/2011 21:35:55 < /dev/null >/mnt/testarea/tmp.rhts-db-submit-result.tTLweP 2>&1'
----
time->Mon Oct 17 21:35:59 2011
type=SYSCALL msg=audit(1318901759.229:342151): arch=40000003 syscall=11 success=no exit=-13 a0=9ee5438 a1=9ee5498 a2=9eea388 a3=9ee5498 items=0 ppid=21106 pid=21108 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="ldd" exe="/bin/bash" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1318901759.229:342151): avc:  denied  { execute_no_trans } for  pid=21108 comm="ldd" path="/lib/ld-2.12.so" dev=dm-0 ino=1183575 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:lib_t:s0 tclass=file
Fail: AVC messages found.
Checking for errors...
Using stronger AVC checks.
	Define empty RHTS_OPTION_STRONGER_AVC parameter if this causes any problems.
Running 'cat /mnt/testarea/tmp.rhts-db-submit-result.tTLweP | /sbin/ausearch -m AVC -m SELINUX_ERR'
Fail: AVC messages found.
Running 'cat %s | /sbin/ausearch -m USER_AVC >/mnt/testarea/tmp.rhts-db-submit-result.rmSllf 2>&1'
Info: No AVC messages found.
/bin/grep 'avc: ' /mnt/testarea/dmesg.log | /bin/grep --invert-match TESTOUT.log
No AVC messages found in dmesg
Running '/usr/sbin/sestatus'
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted
Running 'rpm -q selinux-policy || true'
selinux-policy-3.7.19-115.el6.noarch

Comment 13 Milos Malik 2011-10-18 09:53:11 UTC

The AVC displayed in comment#12 does not contain "unlabeled_t" substring in tcontext="..." which means it is not related to the unlabelednet module / this bug.

Comment 14 Jan Ščotka 2011-10-18 09:55:55 UTC

ok, I fill new one

Comment 15 Miroslav Grepl 2011-10-18 13:19:56 UTC

Needs to go to snapshot 3.

Comment 16 Miroslav Grepl 2011-10-18 14:07:46 UTC

Fixed in selinux-policy-3.7.19-118.el6.noarch

# sesearch -A -s ntpd_t -t unlabeled_t -c packet
Found 3 semantic av rules:
   allow ntpd_t unlabeled_t : packet { send recv } ;

Comment 22 errata-xmlrpc 2011-12-06 10:20:10 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1511.html