Hide Forgot
SELinux is preventing systemd-kmsg-sy from 'open' accesses on the file comm. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that systemd-kmsg-sy should be allowed open access on the comm file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep systemd-kmsg-sy /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:syslogd_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects comm [ file ] Source systemd-kmsg-sy Source Path systemd-kmsg-sy Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.9.16-6.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 2.6.38.1-6.fc15.x86_64 #1 SMP Wed Mar 23 22:43:31 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Mon 28 Mar 2011 10:41:33 AM EST Last Seen Mon 28 Mar 2011 10:41:33 AM EST Local ID b350c495-2994-49ae-a1f6-231b82a43c1a Raw Audit Messages type=AVC msg=audit(1301272893.657:299): avc: denied { open } for pid=518 comm="systemd-kmsg-sy" name="comm" dev=proc ino=51525 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file Hash: systemd-kmsg-sy,syslogd_t,unconfined_t,file,open audit2allow #============= syslogd_t ============== allow syslogd_t unconfined_t:file open; audit2allow -R #============= syslogd_t ============== allow syslogd_t unconfined_t:file open;
Andrew, are you seeing just this one AVC message?
(In reply to comment #1) > Andrew, > are you seeing just this one AVC message? Looking back there are: read, open, getattr, search. SELinux is preventing systemd-kmsg-sy from read access on the file comm. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that systemd-kmsg-sy should be allowed read access on the comm file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep systemd-kmsg-sy /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:syslogd_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects comm [ file ] Source systemd-kmsg-sy Source Path systemd-kmsg-sy Port <Unknown> Host Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.9.16-6.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name Platform Linux 2.6.38.1-6.fc15.x86_64 #1 SMP Wed Mar 23 22:43:31 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Mon 28 Mar 2011 10:41:33 AM EST Last Seen Mon 28 Mar 2011 10:41:33 AM EST Local ID e6c15f20-207c-4142-b2cf-b9a9fb2a81cf Raw Audit Messages type=AVC msg=audit(1301272893.657:298): avc: denied { read } for pid=518 comm="systemd-kmsg-sy" name="comm" dev=proc ino=51525 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file Hash: systemd-kmsg-sy,syslogd_t,unconfined_t,file,read audit2allow #============= syslogd_t ============== allow syslogd_t unconfined_t:file read; audit2allow -R #============= syslogd_t ============== allow syslogd_t unconfined_t:file read;
SELinux is preventing systemd-kmsg-sy from getattr access on the file /proc/<pid>/comm. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that systemd-kmsg-sy should be allowed getattr access on the comm file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep systemd-kmsg-sy /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:syslogd_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects /proc/<pid>/comm [ file ] Source systemd-kmsg-sy Source Path systemd-kmsg-sy Port <Unknown> Host Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.9.16-6.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name Platform Linux 2.6.38.1-6.fc15.x86_64 #1 SMP Wed Mar 23 22:43:31 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Mon 28 Mar 2011 10:41:33 AM EST Last Seen Mon 28 Mar 2011 10:41:33 AM EST Local ID 29dd3864-0f41-4c2f-bb6f-6bf1caa37a78 Raw Audit Messages type=AVC msg=audit(1301272893.659:300): avc: denied { getattr } for pid=518 comm="systemd-kmsg-sy" path="/proc/3642/comm" dev=proc ino=51525 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=file Hash: systemd-kmsg-sy,syslogd_t,unconfined_t,file,getattr audit2allow #============= syslogd_t ============== allow syslogd_t unconfined_t:file getattr; audit2allow -R #============= syslogd_t ============== allow syslogd_t unconfined_t:file getattr;
SELinux is preventing systemd-kmsg-sy from search access on the directory 6B. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that systemd-kmsg-sy should be allowed search access on the 6B directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep systemd-kmsg-sy /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:syslogd_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects 6B [ dir ] Source systemd-kmsg-sy Source Path systemd-kmsg-sy Port <Unknown> Host Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.9.16-6.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name Platform Linux 2.6.38.1-6.fc15.x86_64 #1 SMP Wed Mar 23 22:43:31 UTC 2011 x86_64 x86_64 Alert Count 4 First Seen Mon 28 Mar 2011 07:02:20 AM EST Last Seen Mon 28 Mar 2011 03:04:46 PM EST Local ID 3a3bfb7e-b921-4382-84fd-976c02266243 Raw Audit Messages type=AVC msg=audit(1301288686.941:729): avc: denied { search } for pid=518 comm="systemd-kmsg-sy" name="3642" dev=proc ino=51524 scontext=system_u:system_r:syslogd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=dir Hash: systemd-kmsg-sy,syslogd_t,unconfined_t,dir,search audit2allow #============= syslogd_t ============== allow syslogd_t unconfined_t:dir search; audit2allow -R #============= syslogd_t ============== allow syslogd_t unconfined_t:dir search;
This looks like it must be a test problem, Not sure how systemd-kmsg-syslog would still be running when an unconfined_t user is logged in. It looks like systemd-kmsg-syslog is reading comm out of /proc?
*** Bug 694302 has been marked as a duplicate of this bug. ***