Selinux message F-12 -

Bob Goodwin bobgoodwin at wildblue.net
Mon Dec 14 11:01:34 UTC 2009 

I keep seeing a star icon in the F-12 box which produces the message 
below. I wonder if it has anything to do with my ssh problems?

What does it mean? What must I do to satisfy it?

Bob

#

Summary:

SELinux is preventing /usr/libexec/polkit-1/polkit-agent-helper-1
"sys_tty_config" access.

Detailed Description:

[polkit-agent-he has a permissive type (policykit_auth_t). This access 
was not
denied.]

SELinux denied access requested by polkit-agent-he. It is not expected 
that this
access is required by polkit-agent-he and this access may signal an 
intrusion
attempt. It is also possible that the specific version or configuration 
of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                
unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c
                               0.c1023
Target Context                
unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c
                               0.c1023
Target Objects                None [ capability ]
Source                        polkit-agent-he
Source Path                   /usr/libexec/polkit-1/polkit-agent-helper-1
Port <Unknown>
Host                          box6
Source RPM Packages           polkit-0.95-0.git20090913.3.fc12
Target RPM Packages
Policy RPM                    selinux-policy-3.6.32-55.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     box6
Platform                      Linux box6 2.6.31.6-166.fc12.i686.PAE #1 
SMP Wed
                               Dec 9 11:00:30 EST 2009 i686 i686
Alert Count                   10
First Seen                    Wed 09 Dec 2009 10:03:47 AM EST
Last Seen                     Sun 13 Dec 2009 07:36:40 PM EST
Local ID                      71279b6b-af71-4208-85fe-64503a292646
Line Numbers

Raw Audit Messages

node=box6 type=AVC msg=audit(1260751000.112:20114): avc:  denied  { 
sys_tty_config } for  pid=15535 comm="polkit-agent-he" capability=26 
scontext=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 
tcontext=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 
tclass=capability

node=box6 type=SYSCALL msg=audit(1260751000.112:20114): arch=40000003 
syscall=54 success=yes exit=0 a0=2 a1=5401 a2=bfa30888 a3=bfa3099c 
items=0 ppid=14661 pid=15535 auid=501 uid=501 gid=501 euid=0 suid=0 
fsuid=0 egid=501 sgid=501 fsgid=501 tty=(none) ses=1 
comm="polkit-agent-he" exe="/usr/libexec/polkit-1/polkit-agent-helper-1" 
subj=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 key=(null)





.

More information about the fedora-list mailing list