Description of problem: Selinux is generating a bunch of alerts caused by gcm-apply when logging in to a fedora 13 vm that was fully updated a day ago. Version-Release number of selected component (if applicable): How reproducible: seems to happen on each reboot Steps to Reproduce: 1. reboot fedora and log in 2. 3. Actual results: security warnings Expected results: no security warnings Additional info: Here's the clipboard dump from the selinux security alert application: Summary: SELinux is preventing /usr/bin/gcm-apply "name_bind" access on <Unknown>. Detailed Description: SELinux denied access requested by gcm-apply. The current boolean settings do not allow this access. If you have not setup gcm-apply to require this access this may signal an intrusion attempt. If you do intend this access you need to change the booleans on this system to allow the access. Allowing Access: Confined processes can be configured to run requiring different access, SELinux provides booleans to allow you to turn on/off access as needed. The boolean allow_ypbind is set incorrectly. Boolean Description: Allow system to run with NIS Fix Command: # setsebool -P allow_ypbind 1 Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:object_r:ipp_port_t:s0 Target Objects None [ udp_socket ] Source gcm-apply Source Path /usr/bin/gcm-apply Port 8614 Host localhost.localdomain Source RPM Packages gnome-color-manager-2.30.0-5.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-2.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall_boolean Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.33.2-57.fc13.i686.PAE #1 SMP Tue Apr 20 08:58:17 UTC 2010 i686 i686 Alert Count 20 First Seen Sun 25 Apr 2010 12:01:57 PM PDT Last Seen Sun 25 Apr 2010 12:06:22 PM PDT Local ID 40440b76-f7d0-42b9-b773-2a1a9c465d9d Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1272222382.827:15): avc: denied { name_bind } for pid=1538 comm="gcm-apply" src=8614 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ipp_port_t:s0 tclass=udp_socket node=localhost.localdomain type=SYSCALL msg=audit(1272222382.827:15): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf955060 a2=f82278 a3=8709cd4 items=0 ppid=1 pid=1538 auid=4294967295 uid=42 gid=473 euid=42 suid=42 fsuid=42 egid=473 sgid=473 fsgid=473 tty=(none) ses=4294967295 comm="gcm-apply" exe="/usr/bin/gcm-apply" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
Are you running with NIS?
No - or at least not that I'm aware of. This is an isolated virtual machine running under vmware fusion on a macbook pro OS X 10.6. I did select a fair number of optional items during the install (mostly development tools), but other than that, I haven't added or configured anything beyond the installer defaults.
Ok, I am just wondering why gcm-apply would try to listen/bind on port 8614?
No idea. Let me know if you want me to dig through any logs or other files looking for clues.
Richard Hughes suggests that gcm-apply is calling sane_init which is causing this AVC. He also states that it no longer needs to call this. Can we get a version of gcm-apply that does not call sane_init?
Could you grab the gnome-color-manager .src.rpm package from here please: http://people.freedesktop.org/~hughsient/fedora/13/SRPMS -- rebuild it and then install it, and then verify that it no longer produces a SELinux notice. Thanks.
*** Bug 590467 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 588295 ***