Bug 513186 - setroubleshoot: SELinux is preventing sshd (sshd_t) "write" tmpfs_t.
setroubleshoot: SELinux is preventing sshd (sshd_t) "write" tmpfs_t.
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jan F. Chadima
Fedora Extras Quality Assurance
setroubleshoot_trace_hash:2626001907c...
: SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-22 09:12 EDT by Matěj Cepl
Modified: 2009-07-23 17:00 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-23 10:39:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
information about /dev/log (712.50 KB, image/png)
2009-07-23 11:31 EDT, Matěj Cepl
no flags Details

  None (edit)
Description Matěj Cepl 2009-07-22 09:12:16 EDT
The following was filed automatically by setroubleshoot:

Souhrn:

SELinux is preventing sshd (sshd_t) "write" tmpfs_t.

Podrobný popis:

[SELinux je v uvolněném režimu, operace by byla odmítnuta, ale byla povolena
kvůli uvolněnému režimu.]

SELinux denied access requested by sshd. It is not expected that this access is
required by sshd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Povolení přístupu:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Další informace:

Kontext zdroje                system_u:system_r:sshd_t:s0-s0:c0.c1023
Kontext cíle                 system_u:object_r:tmpfs_t:s0
Objekty cíle                 log [ sock_file ]
Zdroj                         sshd
Cesta zdroje                  /usr/sbin/sshd
Port                          <Neznámé>
Počítač                    (removed)
RPM balíčky zdroje          
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.6.19-1.fc12
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Permissive
Název zásuvného modulu     catchall
Název počítače            (removed)
Platforma                     Linux (removed)
                              2.6.31-0.24.rc0.git18.fc12.i686.PAE #1 SMP Mon Jun
                              22 16:26:36 EDT 2009 i686 i686
Počet upozornění           2
Poprvé viděno               St 1. červenec 2009, 23:59:40 CEST
Naposledy viděno             Čt 2. červenec 2009, 01:16:12 CEST
Místní ID                   87bcfbbd-b45f-45f9-8ec1-1857d9efc58c
Čísla řádků              

Původní zprávy auditu      

node=(removed) type=AVC msg=audit(1246490172.806:83): avc:  denied  { write } for  pid=716 comm="sshd" name="log" dev=tmpfs ino=5933 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=sock_file

node=(removed) type=SYSCALL msg=audit(1246490172.806:83): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfa5b5ec a2=c88ff4 a3=ffffff58 items=0 ppid=1 pid=716 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshd" exe=2F7573722F7362696E2F73736864202864656C6574656429 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= sshd_t ==============
allow sshd_t tmpfs_t:sock_file write;
Comment 1 Daniel Walsh 2009-07-23 10:39:17 EDT
This looks like a labeling problem.

Was /dev/log screwed up on this machine?
Comment 2 Matěj Cepl 2009-07-23 11:31:06 EDT
Created attachment 354877 [details]
information about /dev/log

I think /dev/log is and was alright? (although there might be some selinux-policy update which did relabelling).
Comment 3 Daniel Walsh 2009-07-23 12:20:37 EDT
Well we have an AVC saying sshd can not write to a sock_file named log.  That is labeled tmpfs_t.   /dev is a tmpfs_t file system so if for some reason udev did not run properly or the boot up failed, or some other labeling failure you ended up with /dev/log with the wrong label on it.  At least that is what the evidence shows.
Comment 4 Matěj Cepl 2009-07-23 17:00:25 EDT
Just I tried to find what kind of file it is by inode number, but the result is disappointing:

[root@torquemada /]# find / -inum 5933 2>/dev/null
/sys/devices/virtual/tty/tty42/power
/lib/firmware/atmel_at76c502_3com-wpa.bin
[root@torquemada /]#

I guess it means, it is "file" generated during the state of the computer, so there is no way how to find what was it when I got that AVC denial, right?

Note You need to log in before you can comment on or make changes to this bug.