[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
here a few issues I have
- From: "Valent Turkovic" <valent turkovic gmail com>
- To: fedora-selinux-list redhat com
- Subject: here a few issues I have
- Date: Tue, 11 Mar 2008 13:13:11 +0100
Here are few issues I have in my selinux troubleshooter.
I have tested wicd wireless manager instead of NM and that got selinux
in a full alert mode... please check out fedora devel mailing for
links to wich packages because they aren't still in fedora
repositories.
Valent.
--
http://kernelreloaded.blog385.com/
linux, blog, anime, spirituality, windsurf, wireless
registered as user #367004 with the Linux Counter, http://counter.li.org.
ICQ: 2125241, Skype: valent.turkovic
Sažetak:
SELinux is preventing updatedb (locate_t) "getattr" to
2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70
(fusefs_t).
Detaljan opis:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
SELinux denied access requested by updatedb. It is not expected that this access
is required by updatedb and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Dopuštanje pristupa:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for
2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70,
restorecon -v
'2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Dodatni podaci:
Izvorni kontekst system_u:system_r:locate_t:s0
Ciljani kontekst system_u:object_r:fusefs_t:s0
Ciljani objekti 2F766964656F2F305F72656D6F76652064726D2F467265654D
65322F646570636F6D70 [ lnk_file ]
Source updatedb
Source Path /usr/bin/updatedb
Port <Nepoznato>
Host valent.oswireless
Source RPM Packages mlocate-0.18-1
Target RPM Packages
RPM pravila selinux-policy-3.0.8-87.fc8
Selinux je omoguÄen True
Vrsta pravila targeted
MLS je omoguÄen True
NaÄin prisile Permissive
Naziv dodatka catchall_file
Naziv raÄunala valent.oswireless
Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue
Feb 26 14:58:29 EST 2008 i686 i686
Broj uzbuna 2
First Seen Sub 08 Ožu 2008 16:56:40
Last Seen Ned 09 Ožu 2008 14:22:33
Local ID 271deaf2-371a-4144-8b9b-88e86312a17a
Brojevi redaka
Sirova poruke revizije
host=valent.oswireless type=AVC msg=audit(1205068953.548:40): avc: denied { getattr } for pid=10059 comm="updatedb" path=2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70 dev=sda12 ino=367 scontext=system_u:system_r:locate_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
host=valent.oswireless type=SYSCALL msg=audit(1205068953.548:40): arch=40000003 syscall=196 success=yes exit=0 a0=97f67c9 a1=bf8a92d8 a2=d33ff4 a3=97f67c9 items=0 ppid=10053 pid=10059 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0 key=(null)
Sažetak:
SELinux is preventing updatedb (locate_t) "getattr" to
/vista/Windows/ServiceProfiles/LocalService/AppData/LocalLow/Microsoft/CryptnetUrlCache/Content/94308059B57B3142E455B38A6EB92015
(fusefs_t).
Detaljan opis:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
SELinux denied access requested by updatedb. It is not expected that this access
is required by updatedb and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Dopuštanje pristupa:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Dodatni podaci:
Izvorni kontekst system_u:system_r:locate_t:s0
Ciljani kontekst system_u:object_r:fusefs_t:s0
Ciljani objekti /vista/Windows/ServiceProfiles/LocalService/AppDat
a/LocalLow/Microsoft/CryptnetUrlCache/Content/9430
8059B57B3142E455B38A6EB92015 [ fifo_file ]
Source updatedb
Source Path /usr/bin/updatedb
Port <Nepoznato>
Host valent.oswireless
Source RPM Packages mlocate-0.18-1
Target RPM Packages
RPM pravila selinux-policy-3.0.8-87.fc8
Selinux je omoguÄen True
Vrsta pravila targeted
MLS je omoguÄen True
NaÄin prisile Permissive
Naziv dodatka catchall
Naziv raÄunala valent.oswireless
Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue
Feb 26 14:58:29 EST 2008 i686 i686
Broj uzbuna 2
First Seen Sub 08 Ožu 2008 16:57:36
Last Seen Ned 09 Ožu 2008 14:23:29
Local ID 4634d5ad-499c-4e7d-bc3a-af746945a64a
Brojevi redaka
Sirova poruke revizije
host=valent.oswireless type=AVC msg=audit(1205069009.760:41): avc: denied { getattr } for pid=10059 comm="updatedb" path="/vista/Windows/ServiceProfiles/LocalService/AppData/LocalLow/Microsoft/CryptnetUrlCache/Content/94308059B57B3142E455B38A6EB92015" dev=sda1 ino=144151 scontext=system_u:system_r:locate_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=fifo_file
host=valent.oswireless type=SYSCALL msg=audit(1205069009.760:41): arch=40000003 syscall=196 success=yes exit=0 a0=97f6941 a1=bf8a89d8 a2=d33ff4 a3=97f6941 items=0 ppid=10053 pid=10059 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0 key=(null)
Sažetak:
SELinux is preventing restorecon (setfiles_t) "write" to /opt/wicd/data/wicd.log
(usr_t).
Detaljan opis:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
SELinux denied access requested by restorecon. It is not expected that this
access is required by restorecon and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
Dopuštanje pristupa:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /opt/wicd/data/wicd.log,
restorecon -v '/opt/wicd/data/wicd.log'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Dodatni podaci:
Izvorni kontekst unconfined_u:system_r:setfiles_t:s0
Ciljani kontekst unconfined_u:object_r:usr_t:s0
Ciljani objekti /opt/wicd/data/wicd.log [ file ]
Source restorecon
Source Path /sbin/setfiles
Port <Nepoznato>
Host valent.oswireless
Source RPM Packages policycoreutils-2.0.33-3.fc8
Target RPM Packages
RPM pravila selinux-policy-3.0.8-87.fc8
Selinux je omoguÄen True
Vrsta pravila targeted
MLS je omoguÄen True
NaÄin prisile Permissive
Naziv dodatka catchall_file
Naziv raÄunala valent.oswireless
Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue
Feb 26 14:58:29 EST 2008 i686 i686
Broj uzbuna 2
First Seen Pon 10 Ožu 2008 14:23:50
Last Seen Pon 10 Ožu 2008 14:25:53
Local ID ffbd9047-3b96-4140-adcb-1217a7d07dfb
Brojevi redaka
Sirova poruke revizije
host=valent.oswireless type=AVC msg=audit(1205155553.123:86): avc: denied { write } for pid=17305 comm="restorecon" path="/opt/wicd/data/wicd.log" dev=sda6 ino=721040 scontext=unconfined_u:system_r:setfiles_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
host=valent.oswireless type=SYSCALL msg=audit(1205155553.123:86): arch=40000003 syscall=11 success=yes exit=0 a0=853bbd8 a1=853b138 a2=8519d10 a3=0 items=0 ppid=17257 pid=17305 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="restorecon" exe="/sbin/setfiles" subj=unconfined_u:system_r:setfiles_t:s0 key=(null)
Sažetak:
SELinux is preventing wpa_supplicant (NetworkManager_t) "write" to
/opt/wicd/data/wicd.log (usr_t).
Detaljan opis:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
SELinux denied access requested by wpa_supplicant. It is not expected that this
access is required by wpa_supplicant and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
Dopuštanje pristupa:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /opt/wicd/data/wicd.log,
restorecon -v '/opt/wicd/data/wicd.log'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Dodatni podaci:
Izvorni kontekst unconfined_u:system_r:NetworkManager_t:s0
Ciljani kontekst unconfined_u:object_r:usr_t:s0
Ciljani objekti /opt/wicd/data/wicd.log [ file ]
Source wpa_supplicant
Source Path /usr/sbin/wpa_supplicant
Port <Nepoznato>
Host valent.oswireless
Source RPM Packages wpa_supplicant-0.5.7-21.fc8
Target RPM Packages
RPM pravila selinux-policy-3.0.8-87.fc8
Selinux je omoguÄen True
Vrsta pravila targeted
MLS je omoguÄen True
NaÄin prisile Permissive
Naziv dodatka catchall_file
Naziv raÄunala valent.oswireless
Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue
Feb 26 14:58:29 EST 2008 i686 i686
Broj uzbuna 1
First Seen Pon 10 Ožu 2008 14:25:43
Last Seen Pon 10 Ožu 2008 14:25:43
Local ID 7b6a21b2-e462-4d73-a5fc-7d73825e94b2
Brojevi redaka
Sirova poruke revizije
host=valent.oswireless type=AVC msg=audit(1205155543.278:85): avc: denied { write } for pid=17145 comm="wpa_supplicant" path="/opt/wicd/data/wicd.log" dev=sda6 ino=721040 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
host=valent.oswireless type=SYSCALL msg=audit(1205155543.278:85): arch=40000003 syscall=11 success=yes exit=0 a0=97519b0 a1=9751988 a2=9750410 a3=40 items=0 ppid=15567 pid=17145 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="wpa_supplicant" exe="/usr/sbin/wpa_supplicant" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
Sažetak:
SELinux is preventing consoletype (consoletype_t) "write" to
/opt/wicd/data/wicd.log (usr_t).
Detaljan opis:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
SELinux denied access requested by consoletype. It is not expected that this
access is required by consoletype and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
Dopuštanje pristupa:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /opt/wicd/data/wicd.log,
restorecon -v '/opt/wicd/data/wicd.log'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Dodatni podaci:
Izvorni kontekst unconfined_u:system_r:consoletype_t:s0
Ciljani kontekst unconfined_u:object_r:usr_t:s0
Ciljani objekti /opt/wicd/data/wicd.log [ file ]
Source consoletype
Source Path /sbin/consoletype
Port <Nepoznato>
Host valent.oswireless
Source RPM Packages initscripts-8.60-1
Target RPM Packages
RPM pravila selinux-policy-3.0.8-87.fc8
Selinux je omoguÄen True
Vrsta pravila targeted
MLS je omoguÄen True
NaÄin prisile Permissive
Naziv dodatka catchall_file
Naziv raÄunala valent.oswireless
Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue
Feb 26 14:58:29 EST 2008 i686 i686
Broj uzbuna 2
First Seen Pon 10 Ožu 2008 14:23:49
Last Seen Pon 10 Ožu 2008 14:24:31
Local ID eaf022d1-da82-4ce5-9b17-396516adbca3
Brojevi redaka
Sirova poruke revizije
host=valent.oswireless type=AVC msg=audit(1205155471.339:84): avc: denied { write } for pid=16569 comm="consoletype" path="/opt/wicd/data/wicd.log" dev=sda6 ino=721040 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
host=valent.oswireless type=SYSCALL msg=audit(1205155471.339:84): arch=40000003 syscall=11 success=yes exit=0 a0=90ebc90 a1=90eb6e0 a2=90eb900 a3=0 items=0 ppid=16568 pid=16569 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null)
Sažetak:
SELinux is preventing dhclient (dhcpc_t) "write" to /opt/wicd/data/wicd.log
(usr_t).
Detaljan opis:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
SELinux denied access requested by dhclient. It is not expected that this access
is required by dhclient and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.
Dopuštanje pristupa:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /opt/wicd/data/wicd.log,
restorecon -v '/opt/wicd/data/wicd.log'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Dodatni podaci:
Izvorni kontekst unconfined_u:system_r:dhcpc_t:s0
Ciljani kontekst unconfined_u:object_r:usr_t:s0
Ciljani objekti /opt/wicd/data/wicd.log [ file ]
Source dhclient
Source Path /sbin/dhclient
Port <Nepoznato>
Host valent.oswireless
Source RPM Packages dhclient-3.0.6-12.fc8
Target RPM Packages
RPM pravila selinux-policy-3.0.8-87.fc8
Selinux je omoguÄen True
Vrsta pravila targeted
MLS je omoguÄen True
NaÄin prisile Permissive
Naziv dodatka catchall_file
Naziv raÄunala valent.oswireless
Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue
Feb 26 14:58:29 EST 2008 i686 i686
Broj uzbuna 2
First Seen Pon 10 Ožu 2008 14:23:49
Last Seen Pon 10 Ožu 2008 14:24:31
Local ID f810b287-2750-4dd5-a813-84124c1aeca7
Brojevi redaka
Sirova poruke revizije
host=valent.oswireless type=AVC msg=audit(1205155471.332:83): avc: denied { write } for pid=16566 comm="dhclient" path="/opt/wicd/data/wicd.log" dev=sda6 ino=721040 scontext=unconfined_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
host=valent.oswireless type=SYSCALL msg=audit(1205155471.332:83): arch=40000003 syscall=11 success=yes exit=0 a0=9d66360 a1=9d66558 a2=9d653d0 a3=40 items=0 ppid=15567 pid=16566 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=unconfined_u:system_r:dhcpc_t:s0 key=(null)
Sažetak:
SELinux is preventing consoletype (consoletype_t) "write" to
/opt/wicd/data/wicd.log (usr_t).
Detaljan opis:
[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]
SELinux denied access requested by consoletype. It is not expected that this
access is required by consoletype and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
Dopuštanje pristupa:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /opt/wicd/data/wicd.log,
restorecon -v '/opt/wicd/data/wicd.log'
If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Dodatni podaci:
Izvorni kontekst unconfined_u:system_r:consoletype_t:s0
Ciljani kontekst unconfined_u:object_r:usr_t:s0
Ciljani objekti /opt/wicd/data/wicd.log [ file ]
Source consoletype
Source Path /sbin/consoletype
Port <Nepoznato>
Host valent.oswireless
Source RPM Packages initscripts-8.60-1
Target RPM Packages
RPM pravila selinux-policy-3.0.8-87.fc8
Selinux je omoguÄen True
Vrsta pravila targeted
MLS je omoguÄen True
NaÄin prisile Permissive
Naziv dodatka catchall_file
Naziv raÄunala valent.oswireless
Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue
Feb 26 14:58:29 EST 2008 i686 i686
Broj uzbuna 2
First Seen Pon 10 Ožu 2008 14:23:49
Last Seen Pon 10 Ožu 2008 14:24:31
Local ID eaf022d1-da82-4ce5-9b17-396516adbca3
Brojevi redaka
Sirova poruke revizije
host=valent.oswireless type=AVC msg=audit(1205155471.339:84): avc: denied { write } for pid=16569 comm="consoletype" path="/opt/wicd/data/wicd.log" dev=sda6 ino=721040 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file
host=valent.oswireless type=SYSCALL msg=audit(1205155471.339:84): arch=40000003 syscall=11 success=yes exit=0 a0=90ebc90 a1=90eb6e0 a2=90eb900 a3=0 items=0 ppid=16568 pid=16569 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null)
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]