Description of problem: (this is one of the many notices -- for the rest read /var/log/audit/audit.log, which is attached) Souhrn: SELinux is preventing ps (dhcpc_t) "read" to ./stat (kernel_t). Podrobný popis: [SELinux je v uvolněném režimu, operace by byla odmítnuta, ale byla povolena kvůli uvolněnému režimu.] SELinux denied access requested by ps. It is not expected that this access is required by ps and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Povolení přístupu: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./stat, restorecon -v './stat' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Další informace: Kontext zdroje system_u:system_r:dhcpc_t:SystemLow-SystemHigh Kontext cíle system_u:system_r:kernel_t Objekty cíle ./stat [ file ] Zdroj ps Cesta zdroje /bin/ps Port <Neznámé> Počítač viklef RPM balíčky zdroje procps-3.2.7-20.fc9 RPM balíčky cíle RPM politiky selinux-policy-3.3.1-42.fc9 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Permissive Název zásuvného modulu catchall_file Název počítače viklef Platforma Linux viklef 2.6.25-14.fc9.i686 #1 SMP Thu May 1 06:28:41 EDT 2008 i686 i686 Počet uporoznění 1 Poprvé viděno Út 13. květen 2008, 02:05:01 CEST Naposledy viděno Út 13. květen 2008, 02:05:01 CEST Místní ID 053de02b-8eac-43fd-914d-f60744c78a6d Čísla řádků Původní zprávy auditu host=viklef type=AVC msg=audit(1210637101.839:51): avc: denied { read } for pid=22221 comm="ps" name="stat" dev=proc ino=418187 scontext=system_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=file host=viklef type=SYSCALL msg=audit(1210637101.839:51): arch=40000003 syscall=5 success=yes exit=5 a0=5ba900 a1=0 a2=0 a3=5ba900 items=0 ppid=22220 pid=22221 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null) Version-Release number of selected component (if applicable): procps-3.2.7-20.fc9.i386 selinux-policy-targeted-3.3.1-42.fc9.noarch How reproducible: many many notices (45 since the last time I removed them)
Created attachment 305212 [details] /var/log/audit/audit.log
Looks that DHCP client calls ps (something is in /etc/sysconfig/network-scripts/ifup-eth) and SELinux shoots it. This doesn't seem to have anything to do with procps. It's probably selinux-policy for dhclient (dhcpv6-client?) that has to be fixed.
Yes this is an SELinux issue, There is a run in selinux policy domain_dontaudit_list_all_domains_state(dhcpc_t) This would not happen in enforcing mode. But I will dontaudit in permissive Fixed in selinux-policy-3.3.1-51.fc9.noarch
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Not yet: Souhrn: SELinux is preventing ps (dhcpc_t) "read" to ./stat (initrc_t). Podrobný popis: [SELinux je v uvolněném režimu, operace by byla odmítnuta, ale byla povolena kvůli uvolněnému režimu.] SELinux denied access requested by ps. It is not expected that this access is required by ps and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Povolení přístupu: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./stat, restorecon -v './stat' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Další informace: Kontext zdroje system_u:system_r:dhcpc_t:SystemLow-SystemHigh Kontext cíle system_u:system_r:initrc_t:SystemLow-SystemHigh Objekty cíle ./stat [ file ] Zdroj ps Cesta zdroje /bin/ps Port <Neznámé> Počítač viklef RPM balíčky zdroje procps-3.2.7-20.fc9 RPM balíčky cíle RPM politiky selinux-policy-3.3.1-51.fc9 Selinux povolen True Typ politiky targeted MLS povoleno True Vynucovací režim Permissive Název zásuvného modulu catchall_file Název počítače viklef Platforma Linux viklef 2.6.25.4-26.fc9.i686 #1 SMP Mon May 19 19:49:30 EDT 2008 i686 i686 Počet uporoznění 1 Poprvé viděno St 21. květen 2008, 07:18:57 CEST Naposledy viděno St 21. květen 2008, 07:18:57 CEST Místní ID 8daf07b4-84ad-46b2-8da8-2ab4be87a73a Čísla řádků Původní zprávy auditu host=viklef type=AVC msg=audit(1211347137.563:105): avc: denied { read } for pid=8217 comm="ps" name="stat" dev=proc ino=104789 scontext=system_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0-s0:c0.c1023 tclass=file host=viklef type=SYSCALL msg=audit(1211347137.563:105): arch=40000003 syscall=5 success=yes exit=5 a0=5ba900 a1=0 a2=0 a3=5ba900 items=0 ppid=8216 pid=8217 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)
Even after touch /.autorelabel ; reboot I can 100% reproduce this just by going through suspend/resume cycle.
fixed in selinux-policy-3.3.1-55.fc9.noarch
This message is a reminder that Fedora 9 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 9. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '9'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 9's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 9 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping