Résumé: SELinux empêche l'accès en "write" à /var/lib/boinc/projects/www.worldcommunitygrid.org/wcg_hfcc_autodock_6.11_i686-pc-linux-gnu on fifo_fi Description détaillée: [wcg_faah_autodo a un type permissif (boinc_project_t). Cet accès n'a pas été refusé.] SELinux a refusé l'accès demandé par wcg_hfcc_autodo. Il n'est pas prévu que cet accès soit requis par wcg_hfcc_autodo et cet accès peut signaler une tentative d'intrusion. Il est également possible que cette version ou cette configuration spécifique de l'application provoque cette demande d'accès supplémenta Autoriser l'accès: Vous pouvez créer un module de stratégie locale pour autoriser cet accès - lisez la FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Merci de remplir un rapport de bogue. Informations complémentaires: Contexte source system_u:system_r:boinc_project_t:s0 Contexte cible system_u:system_r:boinc_project_t:s0 Objets du contexte fifo_file [ fifo_file ] source wcg_faah_autodo Chemin de la source /var/lib/boinc/projects/www.worldcommunitygrid.org /wcg_faah_autodock_6.07_i686-pc-linux-gnu Port <Inconnu> Hôte (supprimé) Paquetages RPM source Paquetages RPM cible Politique RPM selinux-policy-3.7.19-44.fc13 Selinux activé True Type de politique targeted Mode strict Enforcing Nom du plugin catchall Nom de l'hôte (supprimé) Plateforme Linux (supprimé) 2.6.33.6-147.2.4.fc13.i686.PAE #1 SMP Fri Jul 23 17:21:06 UTC 2010 i686 i686 Compteur d'alertes 31 Première alerte mer. 11 août 2010 06:36:09 CEST Dernière alerte jeu. 12 août 2010 06:09:53 CEST ID local 13a7b866-b604-42bc-baed-d4f416250031 Numéros des lignes Messages d'audit bruts node=(supprimé) type=AVC msg=audit(1281586193.815:130): avc: denied { write } for pid=2767 comm="wcg_hfcc_autodo" path="pipe:[29429]" dev=pipefs ino=29429 scontext=system_u:system_r:boinc_project_t:s0 tcontext=system_u:system_r:boinc_project_t:s0 tclass=fifo_file node=(supprimé) type=SYSCALL msg=audit(1281586193.815:130): arch=40000003 syscall=4 success=yes exit=148 a0=8 a1=bf935320 a2=94 a3=bf935320 items=0 ppid=1489 pid=2767 auid=4294967295 uid=492 gid=480 euid=492 suid=492 fsuid=492 egid=480 sgid=480 fsgid=480 tty=(none) ses=4294967295 comm="wcg_hfcc_autodo" exe="/var/lib/boinc/projects/www.worldcommunitygrid.org/wcg_hfcc_autodock_6.11_i686-pc-linux-gnu" subj=system_u:system_r:boinc_project_t:s0 key=(null) Hash String generated from catchall,wcg_faah_autodo,boinc_project_t,boinc_project_t,fifo_file,write audit2allow suggests: #============= boinc_project_t ============== allow boinc_project_t self:fifo_file write;
Boinc_client seems to work fine but SELinux always show this message. /var/log/messages contains a lot of alert like. Aug 12 06:09:20 Hostname setroubleshoot: SELinux empêche l'accès en "read" à /var/lib/boinc/projects/www.worldcommunitygrid.org/wcg_hfcc_autodock_6.11_i686-pc-linux-gnu on fifo_file. For complete SELinux messages. run sealert -l 62c337c0-553a-4c1e-ae33-370045505045 Aug 12 06:10:08 Hostname setroubleshoot: [dbus.proxies.ERROR] Introspect error on :1.65:/org/fedoraproject/Setroubleshootd: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. Aug 12 06:10:15 Hostname setroubleshoot: SELinux empêche l'accès en "write" à /var/lib/boinc/projects/www.worldcommunitygrid.org/wcg_hfcc_autodock_6.11_i686-pc-linux-gnu on fifo_file. For complete SELinux messages. run sealert -l 13a7b866-b604-42bc-baed-d4f416250031 Aug 12 06:10:16 Hostname setroubleshoot: SELinux empêche l'accès en "read" à /var/lib/boinc/projects/www.worldcommunitygrid.org/wcg_hfcc_autodock_6.11_i686-pc-linux-gnu on fifo_file. For complete SELinux messages. run sealert -l 62c337c0-553a-4c1e-ae33-370045505045 Before the last update all was working fine without Setroubleshoot message.
*** Bug 623534 has been marked as a duplicate of this bug. ***
Boinc runs as permissive domain so nothing is blocked. Thanks for reporting. Fixed in selinux-policy-3.7.19-46.fc13. This update is available from koji for now http://koji.fedoraproject.org/koji/buildinfo?buildID=189375
Good job, update works fine. # yum --enablerepo=updates-testing update selinux-policy Bug can be closed.
Update karma.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
This message is a reminder that Fedora 13 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '13'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 13's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 13 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping