First Last Prev Next    This bug is not in your last search results.
Bug 509678 - setroubleshoot: SELinux is preventing devkit-disks-da (devicekit_disk_t) "net_admin" devicekit_disk_t.
setroubleshoot: SELinux is preventing devkit-disks-da (devicekit_disk_t)...
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
setroubleshoot_trace_hash:46926ff841b...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-04 20:26 EDT by sangu
Modified: 2009-07-06 14:28 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-06 14:28:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description sangu 2009-07-04 20:26:39 EDT 
The following was filed automatically by setroubleshoot:

요약:

SELinux is preventing devkit-disks-da (devicekit_disk_t) "net_admin"
devicekit_disk_t.

상세 설명:

SELinux denied access requested by devkit-disks-da. It is not expected that this
access is required by devkit-disks-da and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

액세스 허용:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

자세한 정보:

소스 문맥                 system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023
대상 문맥                 system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023
대상 객체                 None [ capability ]
소스                        devkit-disks-da
소스 경로                 /usr/libexec/devkit-disks-daemon
포트                        <알려지지 않음>
호스트                     (removed)
소스 RPM 패키지          DeviceKit-disks-005-2.fc12
대상 RPM 패키지          
정책 RPM                    selinux-policy-3.6.20-2.fc12
Selinux 활성화             True
정책 유형                 targeted
MLS 활성화                 True
강제 모드                 Enforcing
플러그인명               catchall
호스트명                  (removed)
플랫폼                     Linux (removed)
                              2.6.29.4-167.fc11.x86_64 #1 SMP Wed May 27
                              17:27:08 EDT 2009 x86_64 x86_64
통지 카운트              2
초기 화면                 2009년 07월 05일 (일) 오전 08시 35분 58초
마지막 화면              2009년 07월 05일 (일) 오전 09시 10분 16초
로컬 ID                     5e21fb11-dba3-4070-aebc-604a96acbd9d
줄 번호                    

원 감사 메세지          

node=(removed) type=AVC msg=audit(1246752616.480:16): avc:  denied  { net_admin } for  pid=1902 comm="devkit-disks-da" capability=12 scontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tcontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tclass=capability

node=(removed) type=SYSCALL msg=audit(1246752616.480:16): arch=c000003e syscall=49 success=yes exit=0 a0=8 a1=2128150 a2=c a3=7fff39892840 items=0 ppid=1 pid=1902 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="devkit-disks-da" exe="/usr/libexec/devkit-disks-daemon" subj=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= devicekit_disk_t ==============
allow devicekit_disk_t self:capability net_admin;
Comment 1 Daniel Walsh 2009-07-06 14:28:10 EDT 
Fixed in selinux-policy-3.6.21-1.fc12
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.