SELinux alleged Attack!
Karl Larsen
k5di at zianet.com
Sat Oct 13 17:13:14 UTC 2007
Andy Green wrote:
> Somebody in the thread at some point said:
>
>
>>> Well, none of these are normal avcs that you would see if selinux was
>>> denying access to something.
>>>
>>> A classical avc that makes trouble looks like this:
>>>
>>> Sep 2 05:03:13 hostname kernel: audit(1188705793.190:416): avc: denied
>>> { search } for pid=12965 comm="wpa_supplicant" name="netdev:wlan0"
>>> dev=debugfs ino=2841020 scontext=user_u:system_r:NetworkManager_t:s0
>>> tcontext=system_u:object_r:debugfs_t:s0 tclass=dir
>>>
>
>
>> Come on Andy, there are a whole lot of AVC things and they explain why
>> the computer came up so slow. SELinux was trying to get some things done
>> and they were not succeeding so it slowed everything to a crawl.
>>
>> What is there are reports of error, and I got them from
>> /var/log/messages/ and explains to me how SELinux slowed down my computer.
>>
>
> How many of these "AVC things" that are not avcs are there? Unless
> there are hundreds of thousands per boot it doesn't in itself explain
> why it "slowed everything to a crawl". If permissions are denied on
> opening a file or whatever, it's recorded in a single avc and that is
> the end of the story, it failed -- bang, exit. It doesn't hang around
> weeping and feeling bad until it gets the energy to go on.
>
> There has to be a reason why a process hangs on until it times out, and
> "selinux problems" is not enough of an explanation. As proposed by
> others, network timeouts are a pretty common source of hanging around
> for 'long' periods -- 'long' considering the 2 or 3 billion operations a
> second your CPU is always wanting to do.
>
> -Andy
>
>
Come on Andy, these were all caused by SELinux and explains if you
can figure out what they mean. I can't and you won't because your
convinced these are not done by SELinux.
So there seems to be nothing more to say.
--
Karl F. Larsen, AKA K5DI
Linux User
#450462 http://counter.li.org.
More information about the fedora-list
mailing list