Bug 522962 - setroubleshoot: Your system may be seriously compromised!
Summary: setroubleshoot: Your system may be seriously compromised!
Keywords:
Status: CLOSED DUPLICATE of bug 520728
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Eric Paris
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:16fe27b66d3...
: 523025 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-09-12 19:04 UTC by seventhguardian
Modified: 2009-09-14 17:07 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-09-14 17:07:31 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description seventhguardian 2009-09-12 19:04:34 UTC 
The following was filed automatically by setroubleshoot:

Resumo:

Your system may be seriously compromised!

Descrição Detalhada:

SELinux has prevented iw from loading a kernel module. All confined programs
that need to load kernel modules should have already had policy written for
them. If a compromised application tries to modify the kernel this AVC will be
generated. This is a serious issue. Your system may very well be compromised.

A Permitir o Acesso:

Contact your security administrator and report this issue.

Informação Adicional:

Contexto de Origem            system_u:system_r:udev_t:s0-s0:c0.c1023
Contexto de Destino           system_u:system_r:udev_t:s0-s0:c0.c1023
Objectos de Destino           None [ capability ]
Fonte                         iw
Caminho de Origem             /usr/bin/iw
Porto                         <Desconhecida>
Máquina                      (removed)
Pacotes RPM Fonte             iw-0.9.17-2.fc12
Pacotes RPM Destino           
RPM da Política              selinux-policy-3.6.30-4.fc12
Selinux Activo                True
Tipo de Política             targeted
MLS Activo                    True
Modo de Execução Forçada   Enforcing
Nome do Plugin                sys_module
Nome da Máquina              (removed)
Plataforma                    Linux (removed) 2.6.31-0.204.rc9.fc12.x86_64 #1
                              SMP Sat Sep 5 20:45:55 EDT 2009 x86_64 x86_64
Contador de Alertas           1
Primeira Vez Visto            Qui 10 Set 2009 20:05:45 WEST
Última Vez Visto             Qui 10 Set 2009 20:05:45 WEST
ID Local                      4bd01552-cd3e-4453-a152-285caf3a5db8
Números de Linha             

Mensagens de Auditoria em Bru 

node=(removed) type=AVC msg=audit(1252609545.251:45): avc:  denied  { sys_module } for  pid=2100 comm="iw" capability=16 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability

node=(removed) type=SYSCALL msg=audit(1252609545.251:45): arch=c000003e syscall=16 success=no exit=-19 a0=4 a1=8933 a2=7fff20bbbbe0 a3=fffffffffffff158 items=0 ppid=2089 pid=2100 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iw" exe="/usr/bin/iw" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)


audit2allow suggests:

#============= udev_t ==============
allow udev_t self:capability sys_module;
Comment 1 Eric Paris 2009-09-14 17:05:12 UTC 
*** Bug 523025 has been marked as a duplicate of this bug. ***
Comment 2 Eric Paris 2009-09-14 17:07:31 UTC 

*** This bug has been marked as a duplicate of bug 520728 ***
Note You need to log in before you can comment on or make changes to this bug.