Red Hat Bugzilla – Bug 603606
SELinux is preventing /usr/sbin/prelink "getattr" access to /usr/libexec/telepathy-sofiasip.
Last modified: 2010-06-14 18:43:49 EDT
Souhrn: SELinux is preventing /usr/sbin/prelink "getattr" access to /usr/libexec/telepathy-sofiasip. Podrobný popis: [SELinux je v tolerantním režimu. Přístup byl povolen.] SELinux denied prelink getattr on /usr/libexec/telepathy-sofiasip. The prelink program is only allowed to manipulate files that are identified as executables or shared libraries by SELinux. Libraries that get placed in lib directories get labeled by default as a shared library. Similarly, executables that get placed in a bin or sbin directory get labeled as executables by SELinux. However, if these files get installed in other directories they might not get the correct label. If prelink is trying to manipulate a file that is not a binary or share library this may indicate an intrusion attack. Povolení přístupu: You can alter the file context by executing "chcon -t bin_t '/usr/libexec/telepathy-sofiasip'" or "chcon -t lib_t '/usr/libexec/telepathy-sofiasip'" if it is a shared library. If you want to make these changes permanent you must execute the semanage command. "semanage fcontext -a -t bin_t '/usr/libexec/telepathy-sofiasip'" or "semanage fcontext -a -t lib_t '/usr/libexec/telepathy-sofiasip'". If you feel this executable/shared library is in the wrong location please file a bug against the package that includes the file. If you feel that SELinux should know about this file and label it correctly please file a bug against SELinux policy. Další informace: Kontext zdroje system_u:system_r:prelink_t:s0-s0:c0.c1023 Kontext cíle system_u:object_r:unlabeled_t:s0 Objekty cíle /usr/libexec/telepathy-sofiasip [ file ] Zdroj prelink Cesta zdroje /usr/sbin/prelink Port <Neznámé> Počítač (removed) RPM balíčky zdroje prelink-0.4.3-3.el6 RPM balíčky cíle telepathy-sofiasip-0.6.2-1.el6 RPM politiky selinux-policy-3.7.19-24.el6 Selinux povolen True Typ politiky targeted Vynucovací režim Permissive Název zásuvného modulu prelink_mislabled Název počítače (removed) Platforma Linux (removed) 2.6.32-33.el6.x86_64 #1 SMP Thu Jun 3 13:00:03 EDT 2010 x86_64 x86_64 Počet upozornění 1 Poprvé viděno Po 14. červen 2010, 03:11:51 CEST Naposledy viděno Po 14. červen 2010, 03:11:51 CEST Místní ID c24d1129-a6d7-4417-b808-e8661718a70a Čísla řádků Původní zprávy auditu node=(removed) type=AVC msg=audit(1276477911.319:4451): avc: denied { getattr } for pid=6008 comm="prelink" path="/usr/libexec/telepathy-sofiasip" dev=dm-1 ino=533575 scontext=system_u:system_r:prelink_t:s0-s0:c0.c1023 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file node=(removed) type=SYSCALL msg=audit(1276477911.319:4451): arch=c000003e syscall=6 success=yes exit=0 a0=a2f790 a1=7fffbad84340 a2=7fffbad84340 a3=1000 items=0 ppid=5999 pid=6008 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=678 comm="prelink" exe="/usr/sbin/prelink" subj=system_u:system_r:prelink_t:s0-s0:c0.c1023 key=(null) Hash String generated from prelink_mislabled,prelink,prelink_t,unlabeled_t,file,getattr audit2allow suggests: #============= prelink_t ============== allow prelink_t unlabeled_t:file getattr;
Maybe that's just another aspect of my past experimental telepathy-sofiasip module: johanka:~# restorecon -v -R /usr/libexec/ restorecon reset /usr/libexec/telepathy-sofiasip context system_u:object_r:telepathy_sofiasip_exec_t:s0->system_u:object_r:telepathysofiasip_exec_t:s0 johanka:~#
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion.
This was caused by the bogus telepathy policy this machine had installed.