Description of problem: SELinux is preventing /usr/sbin/load_policy (load_policy_t) "write" to pipe (rpm_t). Source Context: system_u:system_r:load_policy_t:s0Target Context: system_u:system_r:rpm_t:s0Target Objects: pipe [ fifo_file ]Affected RPM Packages: policycoreutils-2.0.29-1.fc8 [application]Policy RPM: selinux-policy-3.0.8-20.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchallHost Name: dhcp-lab-228.englab.brq.redhat.comPlatform: Linux dhcp-lab-228.englab.brq.redhat.com 2.6.23-5.fc8 #1 SMP Wed Oct 10 19:25:16 EDT 2007 x86_64 x86_64Alert Count: 7First Seen: Pá 12. říjen 2007, 14:59:02 CESTLast Seen: Po 15. říjen 2007, 10:05:29 CESTLocal ID: 29ff9786-cc78-42f3-8380-3fc28747a808Line Numbers: Raw Audit Messages :avc: denied { write } for comm=load_policy dev=pipefs egid=0 euid=0 exe=/usr/sbin/load_policy exit=0 fsgid=0 fsuid=0 gid=0 items=0 path=pipe:[42398] pid=7186 scontext=system_u:system_r:load_policy_t:s0 sgid=0 subj=system_u:system_r:load_policy_t:s0 suid=0 tclass=fifo_file tcontext=system_u:system_r:rpm_t:s0 tty=pts1 uid=0 ------------------------------------------- SELinux is preventing /usr/bin/readlink (udev_t) "getattr" to /home (home_root_t). Source Context: system_u:system_r:udev_t:s0-s0:c0.c1023Target Context: system_u:object_r:home_root_t:s0Target Objects: /home [ dir ]Affected RPM Packages: coreutils-6.9-6.fc8 [application]filesystem-2.4.11-1.fc8 [target]Policy RPM: selinux-policy-3.0.8-20.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchall_fileHost Name: dhcp-lab-228.englab.brq.redhat.comPlatform: Linux dhcp-lab-228.englab.brq.redhat.com 2.6.21-2949.fc8xen #1 SMP Wed Oct 10 11:45:45 EDT 2007 x86_64 x86_64Alert Count: 1First Seen: Pá 12. říjen 2007, 15:34:44 CESTLast Seen: Pá 12. říjen 2007, 15:34:44 CESTLocal ID: f3cdf5e0-a555-4d5f-9755-76685094fdecLine Numbers: Raw Audit Messages :avc: denied { getattr } for comm=readlink dev=sda7 egid=0 euid=0 exe=/usr/bin/readlink exit=0 fsgid=0 fsuid=0 gid=0 items=0 name=/ path=/home pid=3822 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 --------------------------------------------------- SELinux is preventing /usr/bin/readlink (udev_t) "search" to (home_root_t). Source Context: system_u:system_r:udev_t:s0-s0:c0.c1023Target Context: system_u:object_r:home_root_t:s0Target Objects: None [ dir ]Affected RPM Packages: coreutils-6.9-6.fc8 [application]Policy RPM: selinux-policy-3.0.8-20.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchall_fileHost Name: dhcp-lab-228.englab.brq.redhat.comPlatform: Linux dhcp-lab-228.englab.brq.redhat.com 2.6.21-2949.fc8xen #1 SMP Wed Oct 10 11:45:45 EDT 2007 x86_64 x86_64Alert Count: 1First Seen: Pá 12. říjen 2007, 15:34:44 CESTLast Seen: Pá 12. říjen 2007, 15:34:44 CESTLocal ID: daa032c0-8486-4760-906c-21a3405cd910Line Numbers: Raw Audit Messages :avc: denied { search } for comm=readlink dev=sda7 egid=0 euid=0 exe=/usr/bin/readlink exit=0 fsgid=0 fsuid=0 gid=0 items=0 name=/ pid=3822 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=dir tcontext=system_u:object_r:home_root_t:s0 tty=(none) uid=0 ------------------------------------------------- SELinux is preventing /usr/sbin/brctl (brctl_t) "use" to /sys/kernel/hotplug (kernel_t). Source Context: system_u:system_r:brctl_t:s0-s0:c0.c1023Target Context: system_u:system_r:kernel_t:s0Target Objects: /sys/kernel/hotplug [ fd ]Affected RPM Packages: bridge-utils-1.2-2.fc8 [application]Policy RPM: selinux-policy-3.0.8-20.fc8Selinux Enabled: TruePolicy Type: targetedMLS Enabled: TrueEnforcing Mode: PermissivePlugin Name: plugins.catchallHost Name: dhcp-lab-228.englab.brq.redhat.comPlatform: Linux dhcp-lab-228.englab.brq.redhat.com 2.6.21-2949.fc8xen #1 SMP Wed Oct 10 11:45:45 EDT 2007 x86_64 x86_64Alert Count: 1First Seen: Pá 12. říjen 2007, 15:18:07 CESTLast Seen: Pá 12. říjen 2007, 15:18:07 CESTLocal ID: ba7cdbb9-6eed-4f95-9e89-68f10be03163Line Numbers: Raw Audit Messages :avc: denied { use } for comm=brctl dev=proc egid=0 euid=0 exe=/usr/sbin/brctl exit=0 fsgid=0 fsuid=0 gid=0 items=0 name=hotplug path=/sys/kernel/hotplug pid=3442 scontext=system_u:system_r:brctl_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:brctl_t:s0-s0:c0.c1023 suid=0 tclass=fd tcontext=system_u:system_r:kernel_t:s0 tty=(none) uid=0 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 228851 [details] just compresed my actual log from SElinux if the messsages are not as readable as the plain text
Please attach your /var/log/audit/audit/audit.log
Created attachment 230771 [details] audit.log Here it goes
What service in inetd is listing on port 904?
It's the default port selected by vmware - I guess this should be then handled most probably by some rule on the vmware installation - because the port number could be arbitrarily changed during the installation (or even just reconfiguration) - so it probably not something which could be easily hardcoded. rpm & installation code is written directly by VMWARE company - so it might be probably needed to send them a patch for their installation script to get things done in the right way ? (I'm not sure - just an idea...)
Fixed in selinux-policy-3.0.8-56.fc8
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.