Summary: SELinux is preventing /var/lib/boinc/projects/climateprediction.net/hadam3p_6.14_i686-pc-linux-gnu "signull" access . Detailed Description: [hadam3p_6.14_i6 has a permissive type (boinc_t). This access was not denied.] SELinux denied access requested by hadam3p_6.14_i6. It is not expected that this access is required by hadam3p_6.14_i6 and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:boinc_t:s0 Target Context system_u:system_r:boinc_t:s0 Target Objects None [ process ] Source hadam3p_6.14_i6 Source Path /var/lib/boinc/projects/climateprediction.net/hada m3p_6.14_i686-pc-linux-gnu Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.7.19-15.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.33.3-85.fc13.i686.PAE #1 SMP Thu May 6 18:27:11 UTC 2010 i686 i686 Alert Count 30 First Seen on. 26. mai 2010 kl. 17.00 +0000 Last Seen fr. 28. mai 2010 kl. 06.12 +0000 Local ID 5da76435-199b-4b86-8e02-988809322405 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1275019941.263:20146): avc: denied { signull } for pid=10727 comm="hadam3p_6.14_i6" scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:system_r:boinc_t:s0 tclass=process node=(removed) type=SYSCALL msg=audit(1275019941.263:20146): arch=40000003 syscall=37 success=yes exit=0 a0=29eb a1=0 a2=29eb a3=0 items=0 ppid=3504 pid=10727 auid=4294967295 uid=494 gid=490 euid=494 suid=494 fsuid=494 egid=490 sgid=490 fsgid=490 tty=(none) ses=4294967295 comm="hadam3p_6.14_i6" exe="/var/lib/boinc/projects/climateprediction.net/hadam3p_6.14_i686-pc-linux-gnu" subj=system_u:system_r:boinc_t:s0 key=(null) Hash String generated from catchall,hadam3p_6.14_i6,boinc_t,boinc_t,process,signull audit2allow suggests: #============= boinc_t ============== allow boinc_t self:process signull;
Fixed in selinux-policy-3.7.19-23.fc13
selinux-policy-3.7.19-23.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-23.fc13
selinux-policy-3.7.19-23.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-23.fc13
selinux-policy-3.7.19-23.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
I am not sure this is the same bug but I get about 20 such messages when boinc starts up. Summary: SELinux is preventing /a4400/boinc/projects/climateprediction.net/hadam3p_um_6.14_i686-pc-linux-gnu "ioctl" access on /a4400/boinc/projects/climateprediction.net/hadam3p_n46j_1959_2_006153909/dataout/phist.day. Detailed Description: SELinux denied access requested by hadam3p_um_6.14. It is not expected that this access is required by hadam3p_um_6.14 and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:boinc_t:s0 Target Context system_u:object_r:default_t:s0 Target Objects /a4400/boinc/projects/climateprediction.net/hadam3 p_n46j_1959_2_006153909/dataout/phist.day [ file ] Source hadsm3_um_6.08_ Source Path /a4400/boinc/projects/climateprediction.net/hadsm3 _um_6.08_i686-pc-linux-gnu Port <Unknown> Host rack2.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.7.19-23.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name rack2.localdomain Platform Linux rack2.localdomain 2.6.33.5-112.fc13.x86_64 #1 SMP Thu May 27 02:28:31 UTC 2010 x86_64 x86_64 Alert Count 24 First Seen Mon Jun 14 08:10:05 2010 Last Seen Mon Jun 14 12:08:01 2010 Local ID d62e5a8f-4861-4410-bb10-25fcd3381f6c Line Numbers Raw Audit Messages node=rack2.localdomain type=AVC msg=audit(1276481281.656:80): avc: denied { ioctl } for pid=1708 comm="hadam3p_um_6.14" path="/a4400/boinc/projects/climateprediction.net/hadam3p_n46j_1959_2_006153909/dataout/phist.day" dev=sda11 ino=450879 scontext=system_u:system_r:boinc_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file node=rack2.localdomain type=SYSCALL msg=audit(1276481281.656:80): arch=40000003 syscall=54 per=400000 success=no exit=4294967271 a0=11 a1=5401 a2=ff237318 a3=ff237358 items=0 ppid=1646 pid=1708 auid=4294967295 uid=493 gid=486 euid=493 suid=493 fsuid=493 egid=486 sgid=486 fsgid=486 tty=(none) ses=4294967295 comm="hadam3p_um_6.14" exe="/a4400/boinc/projects/climateprediction.net/hadam3p_um_6.14_i686-pc-linux-gnu" subj=system_u:system_r:boinc_t:s0 key=(null)
The problem is '/a4400/boinc' is not standard location. Execute: # semanage fcontext -a -t var_t '/a4400(/.*)?' # semanage fcontext -a -e /var/lib/boinc /a4400/boinc # restorecon -R -v /a4400 to make this work. It will label '/a4400' as var_t and everything under /a4400/boinc as if it was under /var/lib/boinc.