Summary: Your system may be seriously compromised! /sbin/modprobe tried to load a kernel module. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux has prevented modprobe from loading a kernel module. All confined programs that need to load kernel modules should have already had policy written for them. If a compromised application tries to modify the kernel this AVC will be generated. This is a serious issue. Your system may very well be compromised. Allowing Access: Contact your security administrator and report this issue. Additional Information: Source Context system_u:system_r:devicekit_power_t:s0 Target Context system_u:system_r:devicekit_power_t:s0 Target Objects None [ capability ] Source modprobe Source Path /sbin/modprobe Port <Unknown> Host (removed) Source RPM Packages module-init-tools-3.11.1-2.fc13 Target RPM Packages Policy RPM selinux-policy-3.8.8-20.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name sys_module Host Name (removed) Platform Linux (removed) 2.6.35.4-11.rc1.fc14.x86_64 #1 SMP Wed Aug 25 12:24:12 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Thu 26 Aug 2010 01:32:32 PM PDT Last Seen Thu 26 Aug 2010 01:32:32 PM PDT Local ID 72f1489c-c2fd-43bc-85da-8050ce9975a7 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1282854752.5:16): avc: denied { sys_module } for pid=1708 comm="modprobe" capability=16 scontext=system_u:system_r:devicekit_power_t:s0 tcontext=system_u:system_r:devicekit_power_t:s0 tclass=capability node=(removed) type=SYSCALL msg=audit(1282854752.5:16): arch=c000003e syscall=175 success=yes exit=0 a0=12081c0 a1=6348 a2=1200220 a3=7fffdc98bbb0 items=0 ppid=1701 pid=1708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/sbin/modprobe" subj=system_u:system_r:devicekit_power_t:s0 key=(null) Hash String generated from sys_module,modprobe,devicekit_power_t,devicekit_power_t,capability,sys_module audit2allow suggests: #============= devicekit_power_t ============== allow devicekit_power_t self:capability sys_module;
This happened with systemd-8-1 and systemd-8-2. There are 11 other AVC denials that occur during boot. I only filed one other report, bug 627751. Let me know if I should file the other ten. Gene
*** This bug has been marked as a duplicate of bug 627751 ***