Fedora Account System
Red Hat Associate
Red Hat Customer
Zusammenfassung: SELinux is preventing /bin/bash "add_name" access on prelink.full. Detaillierte Beschreibung: [prelink hat einen toleranten Typ (prelink_cron_system_t). Dieser Zugriff wurde nicht verweigert.] SELinux denied access requested by prelink. It is not expected that this access is required by prelink and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Zugriff erlauben: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Zusätzliche Informationen: Quellkontext system_u:system_r:prelink_cron_system_t:s0-s0:c0.c 1023 Zielkontext system_u:object_r:var_lib_t:s0 Zielobjekte prelink.full [ dir ] Quelle prelink Quellen-Pfad /bin/bash Port <Unbekannt> Host (removed) Quellen-RPM-Pakete bash-4.0.33-1.fc12 Ziel-RPM-Pakete RPM-Richtlinie selinux-policy-3.6.32-49.fc12 SELinux aktiviert True Richtlinienversion targeted Enforcing-Modus Enforcing Plugin-Name catchall Hostname (removed) Plattform Linux (removed) 2.6.31.6-145.fc12.x86_64 #1 SMP Sat Nov 21 15:57:45 EST 2009 x86_64 x86_64 Anzahl der Alarme 3 Zuerst gesehen Do 26 Nov 2009 17:15:36 CET Zuletzt gesehen Do 26 Nov 2009 17:15:36 CET Lokale ID e677f998-afc1-4458-b724-a7ef55e9d7df Zeilennummern Raw-Audit-Meldungen node=(removed) type=AVC msg=audit(1259252136.736:22966): avc: denied { add_name } for pid=20116 comm="prelink" name="prelink.full" scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir node=(removed) type=AVC msg=audit(1259252136.736:22966): avc: denied { create } for pid=20116 comm="prelink" name="prelink.full" scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file node=(removed) type=AVC msg=audit(1259252136.736:22966): avc: denied { write open } for pid=20116 comm="prelink" name="prelink.full" dev=sda3 ino=225 scontext=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1259252136.736:22966): arch=c000003e syscall=2 success=yes exit=128 a0=12ac980 a1=241 a2=1b6 a3=0 items=0 ppid=20112 pid=20116 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="prelink" exe="/bin/bash" subj=system_u:system_r:prelink_cron_system_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-49.fc12,catchall,prelink,prelink_cron_system_t,var_lib_t,dir,add_name audit2allow suggests: #============= prelink_cron_system_t ============== allow prelink_cron_system_t var_lib_t:dir add_name; allow prelink_cron_system_t var_lib_t:file { write create open };
*** This bug has been marked as a duplicate of bug 541692 ***