Hide Forgot
Description of problem: Auto-IDS does work, but when running, PSAD generates a lot of SELinux AVC errors. Version-Release number of selected component (if applicable): psad-2.4.6-1.fc28.x86_64 Steps to Reproduce regular errors: 1. Start PSAD (systemctl start psad) 2. Check the logs (journalctl -f --grep AVC) 3. Notice the following error: aug 12 10:05:57 defiant audit[25851]: AVC avc: denied { sys_ptrace } for pid=25851 comm="ps" capability=19 scontext=system_u:system_r:psad_t:s0 tcontext=system_u:system_r:psad_t:s0 tclass=cap_userns permissive=0 Actual results: PSAD runs, but with a lot of SELinux denied errors. Expected results: PSAD seems to run with full functionality, but does generate a lot of AVC warnings.
Correct, it probably needs some dontaudit rules. I'll get to it eventually. Patches welcome.
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle. Changing version to '29'.
Hi Dominik, is this still on your radar? On average my CPU is busy with setroubleshootd between 10% and 25% because of all the AVC errors it needs to process. There are many generated every second. If you don't have the time and/or skills, then please contact someone from a special interest group that could help. For example: https://fedoraproject.org/wiki/Category:SIGs?rd=SIGs#Security I don't have the time at the moment either. Maybe in the future I could co-maintain this package, but for now it's not possible.
(In reply to Kees de Jong from comment #3) > Hi Dominik, is this still on your radar? Hello, Kees. Yes, it is. I'm slowly working through my bug list on bugzilla. I hope to tackle psad next week. > On average my CPU is busy with > setroubleshootd between 10% and 25% because of all the AVC errors it needs > to process. There are many generated every second. Sorry to hear that. I can understand this is an issue for you and I'll keep that in mind. > If you don't have the > time and/or skills, then please contact someone from a special interest > group that could help. For example: > https://fedoraproject.org/wiki/Category:SIGs?rd=SIGs#Security Thanks for the link. > I don't have the time at the moment either. Maybe in the future I could > co-maintain this package, but for now it's not possible. I see. Thanks for letting me know.
psad-2.4.6-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-0c24af8e11
psad-2.4.6-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2019-c2167f24f4
psad-2.4.6-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-c2167f24f4
psad-2.4.6-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-0c24af8e11
psad-2.4.6-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
psad-2.4.6-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.