Bug 520904 - setroubleshoot: SELinux is preventing udev-acl.ck "fowner" access on <Unknown>.
Summary: setroubleshoot: SELinux is preventing udev-acl.ck "fowner" access on &lt...
Keywords:
Status: CLOSED DUPLICATE of bug 520902
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:72b0651d69b...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-02 19:46 UTC by Matěj Cepl
Modified: 2018-04-11 07:13 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-09-08 10:19:45 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Matěj Cepl 2009-09-02 19:46:31 UTC
The following was filed automatically by setroubleshoot:

Souhrn:

SELinux is preventing udev-acl.ck "fowner" access on <Unknown>.

Podrobný popis:

[SELinux is in permissive mode. This access was not denied.]

SELinux denied access requested by udev-acl.ck. It is not expected that this
access is required by udev-acl.ck and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Povolení přístupu:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Další informace:

Kontext zdroje                system_u:system_r:consolekit_t:s0-s0:c0.c1023
Kontext cíle                 system_u:system_r:consolekit_t:s0-s0:c0.c1023
Objekty cíle                 None [ capability ]
Zdroj                         udev-acl.ck
Cesta zdroje                  /lib/udev/udev-acl
Port                          <Neznámé>
Počítač                    (removed)
RPM balíčky zdroje          udev-145-7.fc12
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.6.28-9.fc12
Selinux povolen               True
Typ politiky                  targeted
MLS povoleno                  True
Vynucovací režim            Permissive
Název zásuvného modulu     catchall
Název počítače            (removed)
Platforma                     Linux (removed) 2.6.31-0.190.rc8.fc12.x86_64 #1 SMP
                              Fri Aug 28 18:51:58 EDT 2009 x86_64 x86_64
Počet upozornění           2
Poprvé viděno               Po 31. srpen 2009, 13:31:04 CEST
Naposledy viděno             Út 1. září 2009, 23:03:34 CEST
Místní ID                   f86a3186-918f-484b-92d0-0dbd28839d96
Čísla řádků              

Původní zprávy auditu      

node=(removed) type=AVC msg=audit(1251839014.964:308): avc:  denied  { fowner } for  pid=9358 comm="udev-acl.ck" capability=3 scontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tcontext=system_u:system_r:consolekit_t:s0-s0:c0.c1023 tclass=capability

node=(removed) type=SYSCALL msg=audit(1251839014.964:308): arch=c000003e syscall=188 success=yes exit=0 a0=da2c50 a1=310c605b47 a2=da2990 a3=2c items=0 ppid=1322 pid=9358 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udev-acl.ck" exe="/lib/udev/udev-acl" subj=system_u:system_r:consolekit_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= consolekit_t ==============
allow consolekit_t self:capability fowner;

Comment 1 Daniel Walsh 2009-09-08 10:19:45 UTC

*** This bug has been marked as a duplicate of bug 520902 ***


Note You need to log in before you can comment on or make changes to this bug.