Hide Forgot
SELinux is preventing /usr/bin/who from using the 'signull' accesses on a process. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that who should be allowed signull access on processes labeled xdm_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep who /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:fsdaemon_t:s0 Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Objects Unknown [ process ] Source who Source Path /usr/bin/who Port <Unknown> Host (removed) Source RPM Packages coreutils-8.10-2.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-26.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux thomasdenhutch 2.6.38.7-30.fc15.i686.PAE #1 SMP Fri May 27 05:44:56 UTC 2011 i686 i686 Alert Count 4 First Seen Sat 11 Jun 2011 09:22:05 AM CDT Last Seen Sat 11 Jun 2011 09:22:35 AM CDT Local ID bbf13c0a-d50e-4c9b-865e-3e94e002d2d5 Raw Audit Messages type=AVC msg=audit(1307802155.866:61): avc: denied { signull } for pid=2170 comm="who" scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1307802155.866:61): arch=i386 syscall=kill success=no exit=EACCES a0=51e a1=0 a2=80537fc a3=9ee2860 items=0 ppid=2169 pid=2170 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=who exe=/usr/bin/who subj=system_u:system_r:fsdaemon_t:s0 key=(null) Hash: who,fsdaemon_t,xdm_t,process,signull audit2allow #============= fsdaemon_t ============== allow fsdaemon_t xdm_t:process signull; audit2allow -R #============= fsdaemon_t ============== allow fsdaemon_t xdm_t:process signull;
This must be some kind of joke? why would smartd be running the who command, and why would be who command want to send a null signal to gdm?
Charles, do you know what you were doing when this happened?
This must be associated. SELinux is preventing /usr/bin/who from using the kill capability. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that who should have the kill capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep who /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:fsdaemon_t:s0 Target Context system_u:system_r:fsdaemon_t:s0 Target Objects Unknown [ capability ] Source who Source Path /usr/bin/who Port <Unknown> Host acer1705.ipw Source RPM Packages coreutils-8.10-2.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-26.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name acer1705.ipw Platform Linux acer1705.ipw 2.6.38.7-30.fc15.i686 #1 SMP Fri May 27 06:02:17 UTC 2011 i686 i686 Alert Count 1 First Seen Mon 13 Jun 2011 08:38:50 AM BST Last Seen Mon 13 Jun 2011 08:38:50 AM BST Local ID 9cc8be0e-ebc3-44f5-b29a-1a9eabfefc32 Raw Audit Messages type=AVC msg=audit(1307950730.5:72): avc: denied { kill } for pid=4729 comm="who" capability=5 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=capability type=SYSCALL msg=audit(1307950730.5:72): arch=i386 syscall=kill success=no exit=EPERM a0=101d a1=0 a2=80537fc a3=87f1860 items=0 ppid=4728 pid=4729 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=who exe=/usr/bin/who subj=system_u:system_r:fsdaemon_t:s0 key=(null) Hash: who,fsdaemon_t,fsdaemon_t,capability,kill audit2allow #============= fsdaemon_t ============== allow fsdaemon_t self:capability kill; audit2allow -R #============= fsdaemon_t ============== allow fsdaemon_t self:capability kill; This also happened at the same time. SELinux is preventing /bin/bash from using the dac_override capability. ***** Plugin dac_override (91.4 confidence) suggests *********************** If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system Then turn on full auditing to get path information about the offending file and generate the error again. Do Turn on full auditing # auditctl -w /etc/shadow -p w Try to recreate AVC. Then execute # ausearch -m avc -ts recent If you see PATH record check ownership/permissions on file, and fix it, otherwise report as a bugzilla. ***** Plugin catchall (9.59 confidence) suggests *************************** If you believe that bash should have the dac_override capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep smartdnotify /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:fsdaemon_t:s0 Target Context system_u:system_r:fsdaemon_t:s0 Target Objects Unknown [ capability ] Source smartdnotify Source Path /bin/bash Port <Unknown> Host acer1705.ipw Source RPM Packages bash-4.2.10-2.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-26.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name acer1705.ipw Platform Linux acer1705.ipw 2.6.38.7-30.fc15.i686 #1 SMP Fri May 27 06:02:17 UTC 2011 i686 i686 Alert Count 3 First Seen Mon 13 Jun 2011 08:38:50 AM BST Last Seen Mon 13 Jun 2011 08:38:50 AM BST Local ID 84effbcf-1b53-41a7-a7f1-5f6e259facff Raw Audit Messages type=AVC msg=audit(1307950730.16:78): avc: denied { dac_override } for pid=4724 comm="smartdnotify" capability=1 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:system_r:fsdaemon_t:s0 tclass=capability type=SYSCALL msg=audit(1307950730.16:78): arch=i386 syscall=open success=no exit=EACCES a0=94ba6f0 a1=8201 a2=0 a3=0 items=0 ppid=4723 pid=4724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=smartdnotify exe=/bin/bash subj=system_u:system_r:fsdaemon_t:s0 key=(null) Hash: smartdnotify,fsdaemon_t,fsdaemon_t,capability,dac_override audit2allow #============= fsdaemon_t ============== allow fsdaemon_t self:capability dac_override; audit2allow -R #============= fsdaemon_t ============== allow fsdaemon_t self:capability dac_override; I was reading an email at the time in thunderbird, the system was busy doing something at the time as there was a lot of disk activity. I am alsousing a clean install of FC15, only three days old.
Is there a different executable named who?
Maybe smartmon guys could explain what is going on.
(In reply to comment #5) > Maybe smartmon guys could explain what is going on. New feature: instead of just sending a mail to root (no one reads it on desktops) we send mail to root AND show notification when smartd finds some problem with your disk. Because we can't use notify-send (I'll skip the details) and because sending message with 'wall' works in cases where notify-send can't be used, we've decided to use 'wall'. But because 'wall' adds quite big ugly header, we do 'wall' ourself by sending message to user terminals. Code can be found in : /usr/libexec/smartmontools/smartdnotify =============== #! /bin/sh # Send mail echo "$SMARTD_MESSAGE" | mail -s "$SMARTD_FAILTYPE" "$SMARTD_ADDRESS" # Notify desktop user MESSAGE="WARNING: Your hard drive is failing" # direct write to terminals, do not use 'wall', because we don't want its ugly header for t in $(who | awk '{ print $2; }' | grep -e '^tty' -e '^pts/') do echo "$MESSAGE $SMARTD_MESSAGE" >/dev/$t 2>/dev/null ||: done ===============
FWIW, same here with F14. # rpm -q smartmontools smartmontools-5.40-6.fc14.x86_64 Add '-M test' to /etc/smartd.conf and start smartd to trigger it. /var/log/messages: Jul 21 09:46:01 rotterdam smartd[3586]: smartd 5.40 2010-10-16 r3189 [x86_64-redhat-linux-gnu] (local build)#012Copyright (C) 2002-10 by Bruce Allen, http://smartmontools.sourceforge.net#012 Jul 21 09:46:01 rotterdam smartd[3586]: Opened configuration file /etc/smartd.conf Jul 21 09:46:01 rotterdam smartd[3586]: Configuration file /etc/smartd.conf was parsed, found DEVICESCAN, scanning devices Jul 21 09:46:01 rotterdam smartd[3586]: Device: /dev/sda, type changed from 'scsi' to 'sat' Jul 21 09:46:01 rotterdam smartd[3586]: Device: /dev/sda [SAT], opened Jul 21 09:46:01 rotterdam smartd[3586]: Device: /dev/sda [SAT], found in smartd database. Jul 21 09:46:01 rotterdam smartd[3586]: Device: /dev/sda [SAT], is SMART capable. Adding to "monitor" list. Jul 21 09:46:01 rotterdam smartd[3586]: Monitoring 1 ATA and 0 SCSI devices Jul 21 09:46:01 rotterdam smartd[3586]: Executing test of /usr/libexec/smartmontools/smartdnotify to root ... Jul 21 09:46:01 rotterdam smartd[3586]: Test of /usr/libexec/smartmontools/smartdnotify to root produced unexpected output (311 bytes) to STDOUT/STDERR: #012/usr/libexec/smartmontools/smartdnotify: line 13: /dev/tty1: Permesso negato#012/usr/libexec/smartmontools/smartdnotify: line 13: /dev/pts/0: Permesso negato#012/usr/libexec/smartmontools/smartdnotify: line 13: /dev/pts/1: Permesso negato#012/usr/libexec/smartmontools/smartdnotify: line 13: /dev/pts/2: Permesso negato#012 Jul 21 09:46:01 rotterdam smartd[3586]: Test of /usr/libexec/smartmontools/smartdnotify to root: successful Jul 21 09:46:01 rotterdam smartd[3602]: smartd has fork()ed into background mode. New PID=3602. Jul 21 09:46:03 rotterdam setroubleshoot: SELinux is preventing /usr/bin/who from using the signull access on a process. For complete SELinux messages. run sealert -l 43443471-0171-4fe7-8c47-418cc958b160 Jul 21 09:46:03 rotterdam setroubleshoot: SELinux is preventing /usr/bin/who from using the kill capability. For complete SELinux messages. run sealert -l 6b497703-f692-483a-ab2e-5e2639c3d1cb Jul 21 09:46:03 rotterdam setroubleshoot: SELinux is preventing /usr/bin/who from using the kill capability. For complete SELinux messages. run sealert -l 6b497703-f692-483a-ab2e-5e2639c3d1cb Jul 21 09:46:03 rotterdam setroubleshoot: SELinux is preventing /usr/bin/who from using the kill capability. For complete SELinux messages. run sealert -l 6b497703-f692-483a-ab2e-5e2639c3d1cb Jul 21 09:46:03 rotterdam setroubleshoot: SELinux is preventing /bin/bash from using the dac_override capability. For complete SELinux messages. run sealert -l 99e008ac-560a-4b69-bbe8-b9c90cf4738a Jul 21 09:46:03 rotterdam setroubleshoot: SELinux is preventing /bin/bash from using the dac_override capability. For complete SELinux messages. run sealert -l 99e008ac-560a-4b69-bbe8-b9c90cf4738a Jul 21 09:46:03 rotterdam setroubleshoot: SELinux is preventing /bin/bash from using the dac_override capability. For complete SELinux messages. run sealert -l 99e008ac-560a-4b69-bbe8-b9c90cf4738a Jul 21 09:46:03 rotterdam setroubleshoot: SELinux is preventing /bin/bash from using the dac_override capability. For complete SELinux messages. run sealert -l 99e008ac-560a-4b69-bbe8-b9c90cf4738a Jul 21 09:46:03 rotterdam setroubleshoot: SELinux is preventing /bin/bash from using the dac_override capability. For complete SELinux messages. run sealert -l 99e008ac-560a-4b69-bbe8-b9c90cf4738a Jul 21 09:46:03 rotterdam setroubleshoot: SELinux is preventing /bin/bash from using the dac_override capability. For complete SELinux messages. run sealert -l 99e008ac-560a-4b69-bbe8-b9c90cf4738a
I gave up on Fedora 15, obtained and installed Fedora 14 without incident. Fedora 15 was (past tense) a bad, but brief experience for me--several failed installation attempts. (In reply to comment #0) > SELinux is preventing /usr/bin/who from using the 'signull' accesses on a > process. > > ***** Plugin catchall (100. confidence) suggests *************************** > > If you believe that who should be allowed signull access on processes labeled > xdm_t by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep who /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > > Additional Information: > Source Context system_u:system_r:fsdaemon_t:s0 > Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023 > Target Objects Unknown [ process ] > Source who > Source Path /usr/bin/who > Port <Unknown> > Host (removed) > Source RPM Packages coreutils-8.10-2.fc15 > Target RPM Packages > Policy RPM selinux-policy-3.9.16-26.fc15 > Selinux Enabled True > Policy Type targeted > Enforcing Mode Enforcing > Host Name (removed) > Platform Linux thomasdenhutch 2.6.38.7-30.fc15.i686.PAE #1 > SMP Fri May 27 05:44:56 UTC 2011 i686 i686 > Alert Count 4 > First Seen Sat 11 Jun 2011 09:22:05 AM CDT > Last Seen Sat 11 Jun 2011 09:22:35 AM CDT > Local ID bbf13c0a-d50e-4c9b-865e-3e94e002d2d5 > > Raw Audit Messages > type=AVC msg=audit(1307802155.866:61): avc: denied { signull } for pid=2170 > comm="who" scontext=system_u:system_r:fsdaemon_t:s0 > tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process > > > type=SYSCALL msg=audit(1307802155.866:61): arch=i386 syscall=kill success=no > exit=EACCES a0=51e a1=0 a2=80537fc a3=9ee2860 items=0 ppid=2169 pid=2170 > auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 > tty=(none) ses=4294967295 comm=who exe=/usr/bin/who > subj=system_u:system_r:fsdaemon_t:s0 key=(null) > > Hash: who,fsdaemon_t,xdm_t,process,signull > > audit2allow > > #============= fsdaemon_t ============== > allow fsdaemon_t xdm_t:process signull; > > audit2allow -R > > #============= fsdaemon_t ============== > allow fsdaemon_t xdm_t:process signull;
+application_signull(fsdaemon_t) has been added to F16
I have added it also to F15. Will be in selinux-policy-3.9.16-36.fc15