abrt version: 2.0.5 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.0.0-1.fc16.x86_64 reason: SELinux is preventing /sbin/ldconfig from 'append' accesses on the chr_file /dev/tty3. time: Wed Aug 24 10:12:42 2011 description: :SELinux is preventing /sbin/ldconfig from 'append' accesses on the chr_file /dev/tty3. : :***** Plugin leaks (50.5 confidence) suggests ****************************** : :If you want to ignore ldconfig trying to append access the tty3 chr_file, because you believe it should not need this access. :Then you should report this as a bug. :You can generate a local policy module to dontaudit this access. :Do :# grep /sbin/ldconfig /var/log/audit/audit.log | audit2allow -D -M mypol :# semodule -i mypol.pp : :***** Plugin catchall (50.5 confidence) suggests *************************** : :If you believe that ldconfig should be allowed append access on the tty3 chr_file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep ldconfig /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c102 : 3 :Target Context system_u:object_r:tty_device_t:s0 :Target Objects /dev/tty3 [ chr_file ] :Source ldconfig :Source Path /sbin/ldconfig :Port <Unknown> :Host (removed) :Source RPM Packages glibc-2.14.90-4 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-15.fc16 :Selinux Enabled True :Policy Type targeted :Enforcing Mode Permissive :Host Name (removed) :Platform Linux nilgiri 3.0.0-1.fc16.x86_64 #1 SMP Fri Jul : 22 16:09:29 UTC 2011 x86_64 x86_64 :Alert Count 1 :First Seen Wed 24 Aug 2011 10:11:44 AM CEST :Last Seen Wed 24 Aug 2011 10:11:44 AM CEST :Local ID c211495f-45f6-405c-bc3b-78c827325d11 : :Raw Audit Messages :type=AVC msg=audit(1314173504.293:69): avc: denied { append } for pid=15478 comm="ldconfig" path="/dev/tty3" dev=devtmpfs ino=4063 scontext=unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file : : :type=AVC msg=audit(1314173504.293:69): avc: denied { read write } for pid=15478 comm="ldconfig" path="/dev/mapper/control" dev=devtmpfs ino=5557 scontext=unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file : : :type=SYSCALL msg=audit(1314173504.293:69): arch=x86_64 syscall=execve success=yes exit=0 a0=265b020 a1=266c300 a2=2696a80 a3=7fffc5558830 items=0 ppid=2199 pid=15478 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=ldconfig exe=/sbin/ldconfig subj=unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c1023 key=(null) : :Hash: ldconfig,ldconfig_t,tty_device_t,chr_file,append : :audit2allow : :#============= ldconfig_t ============== :allow ldconfig_t lvm_control_t:chr_file { read write }; :allow ldconfig_t tty_device_t:chr_file append; : :audit2allow -R : :#============= ldconfig_t ============== :allow ldconfig_t lvm_control_t:chr_file { read write }; :allow ldconfig_t tty_device_t:chr_file append; :
What app were you running when this happened these are clearly leaks. lvm?
(In reply to comment #1) > What app were you running when this happened these are clearly leaks. No idea... > lvm? Not intentionally. I was just exploring F16's GNOME Shell experience.
Ok well unless you can get it to happen again and figure out which app causes it, there is not much we can do. I would figure it was some kind of control app.
I hit this during a live install of F16 (using a personal build with various pre-Beta RC2 builds in it). I'll re-open if it turns out to consistently happen during Beta rC2 live installs.
I hit this when doing a default install of Fedora 16 Beta RC3 x86_64 Live. The notification popped up at the end of the installation (around bootloader installation).
It very well could be leaks from the installation program.
I've seen in again, when installing on bare metal from Live image. It seems like easily reproducible. What should I do to help debug this?
It is probably something anaconda is leaking, although the append to tty_device_t might be intentional.
I added a couple of dontaudit rules to stop ldconfig_t from complaining, although these will not cause anything to break. Should be in selinux-policy-3.10.0-35.fc16
This could be anaconda's logging code: pyanaconda/isys/log.c: main_log_tty = fopen("/dev/tty3", "a"); I'm afraid I don't know enough about the problem space here to know what's wrong or how to fix it. Got any pointers?
Chris you are not doing anything wrong, I think we should just dontaudit these access. The lvm_control is the one I would like to see fixed. Outputting to a tty is expected.
selinux-policy-3.10.0-36.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-36.fc16
Package selinux-policy-3.10.0-36.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-36.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-36.fc16 then log in and leave karma (feedback).
selinux-policy-3.10.0-38.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.