Summary: SELinux is preventing /usr/sbin/smbd "getattr" access on /dev/network_throughput. Detailed Description: SELinux denied access requested by smbd. It is not expected that this access is required by smbd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:smbd_t:s0 Target Context system_u:object_r:netcontrol_device_t:s0 Target Objects /dev/network_throughput [ chr_file ] Source smbd Source Path /usr/sbin/smbd Port <Unknown> Host (removed) Source RPM Packages samba-3.4.5-55.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-89.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.12-174.2.22.fc12.x86_64 #1 SMP Fri Feb 19 18:55:03 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Sat 20 Feb 2010 12:57:38 PM PST Last Seen Sat 20 Feb 2010 12:57:38 PM PST Local ID 86e5f004-a79e-434f-a1ef-d1e32c53d2e9 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1266699458.135:34928): avc: denied { getattr } for pid=2804 comm="smbd" path="/dev/network_throughput" dev=tmpfs ino=3375 scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:netcontrol_device_t:s0 tclass=chr_file node=(removed) type=SYSCALL msg=audit(1266699458.135:34928): arch=c000003e syscall=4 success=no exit=-13 a0=7fc530903ce0 a1=7fffa9fa23e0 a2=7fffa9fa23e0 a3=ffffffee items=0 ppid=1970 pid=2804 auid=4294967295 uid=0 gid=0 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=4294967295 comm="smbd" exe="/usr/sbin/smbd" subj=system_u:system_r:smbd_t:s0 key=(null) Hash String generated from catchall,smbd,smbd_t,netcontrol_device_t,chr_file,getattr audit2allow suggests: #============= smbd_t ============== allow smbd_t netcontrol_device_t:chr_file getattr;
How did you get this to happen? Are you sharing the entire system?
(In reply to comment #1) > How did you get this to happen? Are you sharing the entire system? I don't know what I was doing when it happened. I just got the bug icon in the task bar. This same messages was received for a whole bunch of access', but I only submitted the first one. I am running samba to connect (via a bridged adapter) to Windows xp running in a VirtualBox (V 3.1.4) on the same machine (the vbox shared folders change all the time/date stamps on my files to current time), and I share my home folder (ext4) and NTFS drive with my laptop via a wireless network. Nothing else.
Could you execute ausearch -m avc -ts recent And attach a compresses output. If there is sensitive data, just email it to dwalsh or pipe it through audit2allow. ausearch -m avc -ts recent | audit2allow
[root@laurie ~]# ausearch -m avc -ts recent | audit2allow <no matches>
Sorry for two appends. Still nothing even without the audit2allow part. [root@laurie ~]# ausearch -m avc -ts recent <no matches>
Created attachment 395593 [details] avc log containing smbd rejects Here is my avc log for the past month. It does contain the smbd messages at line 302 and others. Jim Shipman
Miroslav, Looks like smbd is doing a getattr of everything in /dev Add dev_getattr_all_blk_files(smbd_t) dev_getattr_all_chr_files(smbd_t)
Sorry, but I don't know what to add those lines to. I'm not very familiar with the se part of selinux or smbd. How do I "add" those lines? Thanks, Jim
I went into the SELinux Management tool under Administration and looked at the boolean items for samba. I noticed that everything was checked including "allow samba to share any file/director read/write". I unchecked everything except for domain controller, share home dirs, share ntfs/fusefs, and modify public files. I'll see if that takes care of my problem. Note: This was a fresh install of Fedora 12 (with all the updates), so how did SELinux get messed up? Jim
(In reply to comment #7) > Miroslav, Looks like smbd is doing a getattr of everything in /dev > > Add > > dev_getattr_all_blk_files(smbd_t) > dev_getattr_all_chr_files(smbd_t) Yes, it looks so. Jim, you can allow it for now using # grep smbd /var/log/audit/audit.log | audit2allow -M mysamba # semodule -i mysamba.pp I am adding these rules to default policy. Fixed in selinux-policy-3.6.32-92.fc12
selinux-policy-3.6.32-92.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-92.fc12
selinux-policy-3.6.32-92.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-2953
selinux-policy-3.6.32-92.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.