Summary: SELinux is preventing plymouth "connectto" access on @/ply-boot-protocol. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by plymouth. It is not expected that this access is required by plymouth and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Context system_u:system_r:plymouthd_t:s0 Target Objects @/ply-boot-protocol [ unix_stream_socket ] Source plymouth Source Path plymouth Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.9.2-1.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.36-0.14.rc3.git0.fc15.x86_64 #1 SMP Wed Sep 1 20:29:19 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Sat 04 Sep 2010 12:24:48 PM EDT Last Seen Sat 04 Sep 2010 12:24:48 PM EDT Local ID ddaeb642-79e7-4ad3-969a-da1303828456 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1283617488.32:60): avc: denied { connectto } for pid=4086 comm="plymouth" path=002F706C792D626F6F742D70726F746F636F6C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:plymouthd_t:s0 tclass=unix_stream_socket Hash String generated from catchall,plymouth,xdm_t,plymouthd_t,unix_stream_socket,connectto audit2allow suggests: #============= xdm_t ============== allow xdm_t plymouthd_t:unix_stream_socket connectto;
Résumé: SELinux empêche l'accès en « connectto » à /bin/plymouth on @/ply-boot-prot Description détaillée: [SELinux est en mode permissif. Cet accès n'a pas été refusé.] SELinux a refusé l'accès demandé par plymouth. Il n'est pas prévu que cet accès soit requis par plymouth et cet accès peut signaler une tentative d'intrusion. Il est également possible que cette version ou cette configuration spécifique de l'application provoque cette demande d'accès supplémenta Autoriser l'accès: Vous pouvez créer un module de stratégie locale pour autoriser cet accès - lisez la FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Merci de remplir un rapport de bogue. Informations complémentaires: Contexte source system_u:system_r:xdm_t:s0-s0:c0.c1023 Contexte cible system_u:system_r:plymouthd_t:s0 Objets du contexte @/ply-boot-protocol [ unix_stream_socket ] source plymouth Chemin de la source /bin/plymouth Port <Inconnu> Hôte (supprimé) Paquetages RPM source plymouth-0.8.4-0.20100823.4.fc14 Paquetages RPM cible Politique RPM selinux-policy-3.9.2-1.fc14 Selinux activé True Type de politique targeted Mode strict Permissive Nom du plugin catchall Nom de l'hôte (supprimé) Plateforme Linux 2.6.35.2-9.fc14.x86_64 #1 SMP Tue Aug 17 22:36:15 UTC 2010 x86_64 x86_64 Compteur d'alertes 1 Première alerte sam. 04 sept. 2010 19:50:11 CEST Dernière alerte sam. 04 sept. 2010 19:50:11 CEST ID local 07496127-619a-4bdf-84a5-e9625beea2b4 Numéros des lignes Messages d'audit bruts node=arekh.okg type=AVC msg=audit(1283622611.277:85910): avc: denied { connectto } for pid=11266 comm="plymouth" path=002F706C792D626F6F742D70726F746F636F6C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:plymouthd_t:s0 tclass=unix_stream_socket node= type=SYSCALL msg=audit(1283622611.277:85910): arch=c000003e syscall=42 success=yes exit=0 a0=6 a1=6e0410 a2=6e a3=7fff36ae9230 items=0 ppid=11265 pid=11266 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="plymouth" exe="/bin/plymouth" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
Fixed in selinux-policy-3.9.3-1.fc14
selinux-policy-3.9.3-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/selinux-policy-3.9.3-1.fc14
selinux-policy-3.9.3-1.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.9.3-1.fc14
selinux-policy-3.9.3-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.