npviever on rawhide: denied avcs

Daniel J Walsh dwalsh at redhat.com
Mon Oct 6 13:01:44 UTC 2008


drago01 wrote:
> On Fri, Oct 3, 2008 at 3:11 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
>> Antonio Olivares wrote:
>>>
>>> --- On Thu, 10/2/08, Antonio Olivares <olivares14031 at yahoo.com> wrote:
>>>
>>>> From: Antonio Olivares <olivares14031 at yahoo.com>
>>>> Subject: npviever on rawhide: denied avcs
>>>> To: fedora-selinux-list at redhat.com
>>>> Cc: fedora-test-list at redhat.com
>>>> Date: Thursday, October 2, 2008, 5:21 PM
>>>> Dear all,
>>>>
>>>> Doing a dmesg I see some denied avcs for npviewer
>>>>
>>>> I will attach the file,  I have not seen setroubleshoot
>>>> kick in to warn me about these avcs.  Has anyone else seen
>>>> these?
>>>>
>>>> Thanks,
>>>>
>>>> Antonio
>>>>
>>>>
>>>>       --
>>>> fedora-test-list mailing list
>>>> fedora-test-list at redhat.com
>>>> To unsubscribe:
>>>> https://www.redhat.com/mailman/listinfo/fedora-test-list
>>> Messages were not attached, file too big :(
>>>
>>> Here's preview :)
>>>
>>> type=1400 audit(1222991578.902:1308): avc:  denied  { search } for  pid=17937 comm="npviewer.bin" name="dbus" dev=dm-0 ino=3276847 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=dir
>>> type=1400 audit(1222991578.902:1309): avc:  denied  { create } for  pid=17937 comm="npviewer.bin" scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=unix_dgram_socket
>>> type=1400 audit(1222991578.903:1310): avc:  denied  { create } for  pid=17937 comm="npviewer.bin" scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tclass=unix_dgram_socket
>>> type=1400 audit(1222991578.922:1311): avc:  denied  { search } for  pid=17937 comm="npviewer.bin" name="dbus" dev=dm-0 ino=3276847 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=system_u:object_r:system_dbusd_var_lib_t:s0 tclass=dir
>>>
>>>
>>> Thanks,
>>>
>>> Antonio
>>>
>>>
>>>
>>>
>> Looks like npviewer is becoming dbus aware.  I will allow it to connect
>> to the dbus server, but I am not sure what service it is trying to
>> communicate with.
> 
> the packagekit plugin tryes to connect to daemon?
> 
Seems like a bad idea, I take it nsplugin is running code that will
eventually be allowed to install packages as root.  :^(




More information about the fedora-test-list mailing list