Summary: SELinux is preventing /usr/sbin/rwhod "connect" access . Detailed Description: SELinux denied access requested by rwhod. It is not expected that this access is required by rwhod and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:rwho_t:s0 Target Context unconfined_u:system_r:rwho_t:s0 Target Objects None [ unix_dgram_socket ] Source rwhod Source Path /usr/sbin/rwhod Port <Unknown> Host (removed) Source RPM Packages rwho-0.17-32.fc13 Target RPM Packages Policy RPM selinux-policy-3.7.19-51.fc13 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.34.6-47.fc13.i686 #1 SMP Fri Aug 27 09:48:44 UTC 2010 i686 i686 Alert Count 1 First Seen Mon 06 Sep 2010 19:24:55 BST Last Seen Mon 06 Sep 2010 19:24:55 BST Local ID 5b780ce6-b181-426c-ba10-5bf326361e79 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1283797495.792:18373): avc: denied { connect } for pid=19119 comm="rwhod" scontext=unconfined_u:system_r:rwho_t:s0 tcontext=unconfined_u:system_r:rwho_t:s0 tclass=unix_dgram_socket node=(removed) type=SYSCALL msg=audit(1283797495.792:18373): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9b477c a2=437ff4 a3=ffffffc8 items=0 ppid=1 pid=19119 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="rwhod" exe="/usr/sbin/rwhod" subj=unconfined_u:system_r:rwho_t:s0 key=(null) Hash String generated from catchall,rwhod,rwho_t,rwho_t,unix_dgram_socket,connect audit2allow suggests: #============= rwho_t ============== allow rwho_t self:unix_dgram_socket connect;
This was a few minutes after I installed rwho package & ran the rwhod daemon… nothing more.
John, could you execute # semanage permissive -a rwho_t and see if you get other AVC messages. This command will change rhwo to a permissive domain. Thanks. Dan, I guess we will need to add logging_send_syslog_msg(rwhod_t)
Yes add this. nm -D /usr/sbin/rwhod | grep syslog U __syslog_chk
I required a reinstall of Fedora 13 (rawhide took out my networking), did an update to latest packages, installed rwho, opened firewall port, can’t seem to reproduce this now. Sorry.
John, I think we still need it. I believe there is a code path where rwhod will send syslog messages.
Fixed in selinux-policy-3.7.19-55.fc13
selinux-policy-3.7.19-57.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-57.fc13
selinux-policy-3.7.19-57.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-57.fc13
selinux-policy-3.7.19-57.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.