Bug 298081 - selinux problem
selinux problem
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-20 09:28 EDT by Alexey Kuznetsov
Modified: 2008-01-30 14:06 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 14:06:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Alexey Kuznetsov 2007-09-20 09:28:55 EDT
Summary
    SELinux is preventing /usr/libexec/hald-addon-macbookpro-backlight
    (hald_mac_t) "read" to pci (proc_t).

Detailed Description
    SELinux denied access requested by /usr/libexec/hald-addon-macbookpro-
    backlight. It is not expected that this access is required by /usr/libexec
    /hald-addon-macbookpro-backlight and this access may signal an intrusion
    attempt. It is also possible that the specific version or configuration of
    the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for pci, restorecon -v pci If this
    does not work, there is currently no automatic way to allow this access.
    Instead,  you can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context                system_u:system_r:hald_mac_t
Target Context                system_u:object_r:proc_t
Target Objects                pci [ dir ]
Affected RPM Packages         hal-0.5.9-8.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-42.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     axet-laptop
Platform                      Linux axet-laptop 2.6.22.5-76.fc7 #1 SMP Thu Aug
                              30 13:47:21 EDT 2007 i686 i686
Alert Count                   27
First Seen                    Tue 04 Sep 2007 02:10:10 PM BRT
Last Seen                     Thu 20 Sep 2007 09:57:19 AM BRT
Local ID                      f251d6c3-284b-4cc8-9ea3-eec3053a7039
Line Numbers                  

Raw Audit Messages            

avc: denied { read } for comm="hald-addon-macb" dev=proc egid=0 euid=0
exe="/usr/libexec/hald-addon-macbookpro-backlight" exit=-13 fsgid=0 fsuid=0
gid=0 items=0 name="pci" pid=2623 scontext=system_u:system_r:hald_mac_t:s0
sgid=0 subj=system_u:system_r:hald_mac_t:s0 suid=0 tclass=dir
tcontext=system_u:object_r:proc_t:s0 tty=(none) uid=0
Comment 1 David Zeuthen 2007-09-20 14:25:23 EDT
If it's a SELinux problem you need to file it against a SELinux component...
Comment 2 Alexey Kuznetsov 2007-09-20 14:49:50 EDT
Summary
    SELinux is preventing /usr/libexec/hald-addon-macbookpro-backlight
    (hald_mac_t) "read" to pci (proc_t).

Detailed Description
    SELinux denied access requested by /usr/libexec/hald-addon-macbookpro-
    backlight. It is not expected that this access is required by /usr/libexec
    /hald-addon-macbookpro-backlight and this access may signal an intrusion
    attempt. It is also possible that the specific version or configuration of
    the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for pci, restorecon -v pci If this
    does not work, there is currently no automatic way to allow this access.
    Instead,  you can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context                system_u:system_r:hald_mac_t
Target Context                system_u:object_r:proc_t
Target Objects                pci [ dir ]
Affected RPM Packages         hal-0.5.9-8.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-42.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     axet-laptop
Platform                      Linux axet-laptop 2.6.22.5-76.fc7 #1 SMP Thu Aug
                              30 13:47:21 EDT 2007 i686 i686
Alert Count                   32
First Seen                    Tue 04 Sep 2007 02:10:10 PM BRT
Last Seen                     Thu 20 Sep 2007 03:31:25 PM BRT
Local ID                      f251d6c3-284b-4cc8-9ea3-eec3053a7039
Line Numbers                  

Raw Audit Messages            

avc: denied { read } for comm="hald-addon-macb" dev=proc egid=0 euid=0
exe="/usr/libexec/hald-addon-macbookpro-backlight" exit=-13 fsgid=0 fsuid=0
gid=0 items=0 name="pci" pid=2590 scontext=system_u:system_r:hald_mac_t:s0
sgid=0 subj=system_u:system_r:hald_mac_t:s0 suid=0 tclass=dir
tcontext=system_u:object_r:proc_t:s0 tty=(none) uid=0

Comment 3 Daniel Walsh 2007-09-21 14:56:53 EDT
Fixed in selinux-policy-2.6.4-43.fc7.src.rpm
Comment 4 Alexey Kuznetsov 2007-09-21 15:10:55 EDT
two more messages for selinux-policy-2.6.4-42.fc7.src.rpm

Summary
    SELinux is preventing /usr/libexec/hald-addon-macbookpro-backlight
    (hald_mac_t) "read" to mem (memory_device_t).

Detailed Description
    SELinux denied access requested by /usr/libexec/hald-addon-macbookpro-
    backlight. It is not expected that this access is required by /usr/libexec
    /hald-addon-macbookpro-backlight and this access may signal an intrusion
    attempt. It is also possible that the specific version or configuration of
    the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for mem, restorecon -v mem If this
    does not work, there is currently no automatic way to allow this access.
    Instead,  you can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context                system_u:system_r:hald_mac_t
Target Context                system_u:object_r:memory_device_t
Target Objects                mem [ chr_file ]
Affected RPM Packages         hal-0.5.9-8.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-42.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     axet-laptop
Platform                      Linux axet-laptop 2.6.22.5-76.fc7 #1 SMP Thu Aug
                              30 13:47:21 EDT 2007 i686 i686
Alert Count                   2
First Seen                    Thu 20 Sep 2007 05:50:53 PM BRT
Last Seen                     Fri 21 Sep 2007 10:25:50 AM BRT
Local ID                      70a791c7-8f57-4fd2-b5d7-52277d9ef2ae
Line Numbers                  

Raw Audit Messages            

avc: denied { read } for comm="hald-addon-macb" dev=tmpfs egid=0 euid=0
exe="/usr/libexec/hald-addon-macbookpro-backlight" exit=-13 fsgid=0 fsuid=0
gid=0 items=0 name="mem" pid=2597 scontext=system_u:system_r:hald_mac_t:s0
sgid=0 subj=system_u:system_r:hald_mac_t:s0 suid=0 tclass=chr_file
tcontext=system_u:object_r:memory_device_t:s0 tty=(none) uid=0



Summary
    SELinux is preventing /usr/libexec/hald-addon-macbookpro-backlight
    (hald_mac_t) "search" to / (sysfs_t).

Detailed Description
    SELinux denied access requested by /usr/libexec/hald-addon-macbookpro-
    backlight. It is not expected that this access is required by /usr/libexec
    /hald-addon-macbookpro-backlight and this access may signal an intrusion
    attempt. It is also possible that the specific version or configuration of
    the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for /, restorecon -v / If this does
    not work, there is currently no automatic way to allow this access. Instead,
    you can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context                system_u:system_r:hald_mac_t
Target Context                system_u:object_r:sysfs_t
Target Objects                / [ dir ]
Affected RPM Packages         hal-0.5.9-8.fc7
                              [application]filesystem-2.4.6-1.fc7 [target]
Policy RPM                    selinux-policy-2.6.4-42.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     axet-laptop
Platform                      Linux axet-laptop 2.6.22.5-76.fc7 #1 SMP Thu Aug
                              30 13:47:21 EDT 2007 i686 i686
Alert Count                   2
First Seen                    Thu 20 Sep 2007 05:50:53 PM BRT
Last Seen                     Fri 21 Sep 2007 10:25:50 AM BRT
Local ID                      464cd133-420f-4956-9ce9-d26392a403a2
Line Numbers                  

Raw Audit Messages            

avc: denied { search } for comm="hald-addon-macb" dev=sysfs egid=0 euid=0
exe="/usr/libexec/hald-addon-macbookpro-backlight" exit=-13 fsgid=0 fsuid=0
gid=0 items=0 name="/" pid=2597 scontext=system_u:system_r:hald_mac_t:s0 sgid=0
subj=system_u:system_r:hald_mac_t:s0 suid=0 tclass=dir
tcontext=system_u:object_r:sysfs_t:s0 tty=(none) uid=0

Comment 5 Daniel Walsh 2008-01-30 14:06:55 EST
Bulk closing a old selinux policy bugs that were in the modified state.  If the
bug is still not fixed.  Please reopen.

Note You need to log in before you can comment on or make changes to this bug.