Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 522962 - setroubleshoot: Your system may be seriously compromised!
Summary: setroubleshoot: Your system may be seriously compromised!
Status: CLOSED DUPLICATE of bug 520728
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Eric Paris
QA Contact: Fedora Extras Quality Assurance
Whiteboard: setroubleshoot_trace_hash:16fe27b66d3...
: 523025 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2009-09-12 19:04 UTC by seventhguardian
Modified: 2009-09-14 17:07 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-09-14 17:07:31 UTC
Type: ---

Attachments (Terms of Use)

Description seventhguardian 2009-09-12 19:04:34 UTC
The following was filed automatically by setroubleshoot:


Your system may be seriously compromised!

Descrição Detalhada:

SELinux has prevented iw from loading a kernel module. All confined programs
that need to load kernel modules should have already had policy written for
them. If a compromised application tries to modify the kernel this AVC will be
generated. This is a serious issue. Your system may very well be compromised.

A Permitir o Acesso:

Contact your security administrator and report this issue.

Informação Adicional:

Contexto de Origem            system_u:system_r:udev_t:s0-s0:c0.c1023
Contexto de Destino           system_u:system_r:udev_t:s0-s0:c0.c1023
Objectos de Destino           None [ capability ]
Fonte                         iw
Caminho de Origem             /usr/bin/iw
Porto                         <Desconhecida>
Máquina                      (removed)
Pacotes RPM Fonte             iw-0.9.17-2.fc12
Pacotes RPM Destino           
RPM da Política              selinux-policy-3.6.30-4.fc12
Selinux Activo                True
Tipo de Política             targeted
MLS Activo                    True
Modo de Execução Forçada   Enforcing
Nome do Plugin                sys_module
Nome da Máquina              (removed)
Plataforma                    Linux (removed) 2.6.31-0.204.rc9.fc12.x86_64 #1
                              SMP Sat Sep 5 20:45:55 EDT 2009 x86_64 x86_64
Contador de Alertas           1
Primeira Vez Visto            Qui 10 Set 2009 20:05:45 WEST
Última Vez Visto             Qui 10 Set 2009 20:05:45 WEST
ID Local                      4bd01552-cd3e-4453-a152-285caf3a5db8
Números de Linha             

Mensagens de Auditoria em Bru 

node=(removed) type=AVC msg=audit(1252609545.251:45): avc:  denied  { sys_module } for  pid=2100 comm="iw" capability=16 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability

node=(removed) type=SYSCALL msg=audit(1252609545.251:45): arch=c000003e syscall=16 success=no exit=-19 a0=4 a1=8933 a2=7fff20bbbbe0 a3=fffffffffffff158 items=0 ppid=2089 pid=2100 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iw" exe="/usr/bin/iw" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)

audit2allow suggests:

#============= udev_t ==============
allow udev_t self:capability sys_module;

Comment 1 Eric Paris 2009-09-14 17:05:12 UTC
*** Bug 523025 has been marked as a duplicate of this bug. ***

Comment 2 Eric Paris 2009-09-14 17:07:31 UTC

*** This bug has been marked as a duplicate of bug 520728 ***

Note You need to log in before you can comment on or make changes to this bug.