Bug 662914 - SELinux is preventing /sbin/unix_chkpwd "sys_nice" access .
Summary: SELinux is preventing /sbin/unix_chkpwd "sys_nice" access .
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 14
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:84a83bd6023...
: 677727 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-14 07:44 UTC by Pavel Lisý
Modified: 2011-10-07 19:14 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2011-10-07 19:14:45 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Pavel Lisý 2010-12-14 07:44:30 UTC 
Souhrn:

SELinux is preventing /sbin/unix_chkpwd "sys_nice" access .

Podrobný popis:

SELinux denied access requested by unix_chkpwd. It is not expected that this
access is required by unix_chkpwd and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Povolení přístupu:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Další informace:

Kontext zdroje                system_u:system_r:chkpwd_t:s0-s0:c0.c1023
Kontext cíle                  system_u:system_r:chkpwd_t:s0-s0:c0.c1023
Objekty cíle                  None [ capability ]
Zdroj                         unix_chkpwd
Cesta zdroje                  /sbin/unix_chkpwd
Port                          <Neznámé>
Počítač                       (odstraněno)
RPM balíčky zdroje            pam-1.1.1-6.fc14
RPM balíčky cíle              
RPM politiky                  selinux-policy-3.9.7-16.fc14
Selinux povolen               True
Typ politiky                  targeted
Vynucovací režim              Enforcing
Název zásuvného modulu        catchall
Název počítače                (odstraněno)
Platforma                     Linux (odstraněno) 2.6.35.9-64.fc14.x86_64
                              #1 SMP Fri Dec 3 12:19:41 UTC 2010 x86_64 x86_64
Počet upozornění              4
Poprvé viděno                 Út 14. prosinec 2010, 08:35:01 CET
Naposledy viděno              Út 14. prosinec 2010, 08:40:02 CET
Místní ID                     a9bb5e63-a4fd-4124-bf38-6bd62df74a59
Čísla řádků                   

Původní zprávy auditu         

node=(odstraněno) type=AVC msg=audit(1292312402.15:61165): avc:  denied  { sys_nice } for  pid=26045 comm="unix_chkpwd" capability=23  scontext=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 tclass=capability

node=(odstraněno) type=AVC msg=audit(1292312402.15:61165): avc:  denied  { setsched } for  pid=26045 comm="unix_chkpwd" scontext=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 tclass=process

node=(odstraněno) type=SYSCALL msg=audit(1292312402.15:61165): arch=c000003e syscall=144 success=no exit=-13 a0=65bd a1=0 a2=7ffff45fcdf0 a3=7ffff45fcb30 items=0 ppid=26044 pid=26045 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="unix_chkpwd" exe="/sbin/unix_chkpwd" subj=system_u:system_r:chkpwd_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  catchall,unix_chkpwd,chkpwd_t,chkpwd_t,capability,sys_nice
audit2allow suggests:

#============= chkpwd_t ==============
allow chkpwd_t self:capability sys_nice;
allow chkpwd_t self:process setsched;
Comment 3 Miroslav Grepl 2011-02-16 15:35:38 UTC 
*** Bug 677727 has been marked as a duplicate of this bug. ***
Comment 4 Daniel Walsh 2011-04-17 09:34:21 UTC 
Are you still seeing these?
Note You need to log in before you can comment on or make changes to this bug.