SELinux is screwing me up!!!! Help!
Daniel B. Thurman
dant at cdkkt.com
Sun Dec 18 21:02:01 UTC 2005
Folks,
I believe all of my problems started because I had backup
and restored my filesystem and and *somehow* all or some
of the selinux attributes may have been messed up. Reading
the selinux manual, it says that you can rebuild it by touching
a file: /.autorelabel and reboot. I did that, and I still have
the same problem as before - nothing has changed. I checked some
of the file-permissions such as /bin/su and note that they are
correct and other files and directory - so at first mini-check it
all appears to be correct. The restore appears correct throughout
on precursory checks.
The following are problem I am having....
1) I cannot login as a non-root user! I have 4 non-root user accounts
and yet I cannot log into any of them except as root!
I get the following message when attempting to log in:
==========================================
Your session lasted less than 10 seconds. If you have not
logged out yourself, this could mean that there is some
installation problem or that you may be out of diskspace.
Try logging in with one of the failsafe sessions to see if
you can fix this problem.
[] View details (~/.xsession-errors file)
==========================================
then I get kicked out of the login session.
2) As root user, when I `su - dant', I get this EVERY TIME:
==========================================
Your default context is: user_u:system_r:kernel_t.
Do you want to want to choose a different one? [n]
==========================================
chosing the default lets me in as this user. Choosing 'n'
gives me a list of context and choosing one lets me in.
3) As root, I tried to create a non-root user:
# useradd joed
/var/log/message says:
type=USER_CHAUTHTOK msg=audit(1134936930.895:3557): user pid=19294 uid=0 auid=4294967295 msg='useradd: op=adding user acct=joed res=success'
type=USER_CHAUTHTOK msg=audit(1134936930.895:3558): user pid=19294 uid=0 auid=4294967295 msg='useradd: op=adding home directory acct=joed res=success'
type=AVC msg=audit(1134936931.415:3559): avc: denied { create } for pid=19294 comm="useradd" name=".kde" scontext=root:system_r:kernel_t tcontext=user_u:object_r:user_home_t tclass=dir
type=SYSCALL msg=audit(1134936931.415:3559): arch=40000003 syscall=39 success=no exit=-13 a0=bfde8bf0 a1=1ed a2=92f92ef a3=ffffffff items=1 pid=19294 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="useradd" exe="/usr/sbin/useradd"
type=CWD msg=audit(1134936931.415:3559): cwd="/root"
type=PATH msg=audit(1134936931.415:3559): item=0 name="/home/joed/.kde" flags=10 inode=1245989 dev=03:02 mode=040755 ouid=511 ogid=512 rdev=00:00
type=AVC msg=audit(1134936931.419:3560): avc: denied { create } for pid=19294 comm="useradd" name="passwd+" scontext=root:system_r:kernel_t tcontext=system_u:object_r:etc_t tclass=file
type=SYSCALL msg=audit(1134936931.419:3560): arch=40000003 syscall=5 success=no exit=-13 a0=bfde8f64 a1=8241 a2=1b6 a3=92f33b8 items=1 pid=19294 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="useradd" exe="/usr/sbin/useradd"
type=CWD msg=audit(1134936931.419:3560): cwd="/root"
type=PATH msg=audit(1134936931.419:3560): item=0 name="/etc/passwd+" flags=310 inode=1212417 dev=03:02 mode=040755 ouid=0 ogid=0 rdev=00:00
type=USER_CHAUTHTOK msg=audit(1134936931.419:3561): user pid=19294 uid=0 auid=4294967295 msg='useradd: op=adding user acct=joed res=failed'
4) Cannot 'yum update' successfully and these are the errors I see:
Transaction Test Succeeded
Running Transaction
Installing: arts ####################### [ 1/26]
error: unpacking of archive failed on file /usr/bin/artscat: cpio: lsetfilecon
Installing: perl ####################### [ 2/26]
error: unpacking of archive failed on file /usr/bin/a2p: cpio: lsetfilecon
Installing: cups-libs ####################### [ 3/26]
error: unpacking of archive failed on file /usr/lib/libcups.so.2: cpio: lsetfilecon
error: %pre(kdelibs-3.5.0-0.1.fc4.i386) scriptlet failed, exit status 255
error: install: %pre scriptlet failed (2), skipping kdelibs-3.5.0-0.1.fc4
Installing: kdebase [ 5/26]warning: /etc/X11/xdm/kdmrc saved as /etc/X11/xdm/kdmrc.rpmorig
Installing: kdebase ####################### [ 5/26]
error: unpacking of archive failed on file /etc/X11/xdm/kdmrc: cpio: lsetfilecon Updating : kdenetwork ####################### [ 6/26]
error: unpacking of archive failed on file /etc/pam.d/kppp: cpio: lsetfilecon
Installing: kdebindings ####################### [ 7/26]
error: unpacking of archive failed on file /usr/bin/embedjs: cpio: lsetfilecon
Updating : kdemultimedia ####################### [ 8/26]
error: unpacking of archive failed on file /etc/xdg/menus/applications-merged/kde-multimedia-music.menu: cpio: lsetfilecon
Updating : kdegraphics ####################### [ 9/26]
error: unpacking of archive failed on file /usr/bin/kcolorchooser: cpio: lsetfilecon
Updating : kdegames ####################### [10/26]
error: unpacking of archive failed on file /usr/bin/atlantik: cpio: lsetfilecon
Installing: arts-devel ####################### [11/26]
error: unpacking of archive failed on file /usr/bin/artsc-config: cpio: lsetfilecon
Installing: kdelibs-devel ####################### [12/26]
error: unpacking of archive failed on file /usr/bin/dcopidl: cpio: lsetfilecon
Updating : kdeartwork ####################### [13/26]
error: unpacking of archive failed on file /usr/bin/kbanner.kss: cpio: lsetfilecon
Updating : cups ####################### [14/26]
error: unpacking of archive failed on file /etc/cron.daily/cups: cpio: lsetfilecon
Updating : system-config-nfs ####################### [15/26]
error: unpacking of archive failed on file /etc/pam.d/system-config-nfs: cpio: lsetfilecon
Updating : kdebindings-devel ####################### [16/26]
error: unpacking of archive failed on file /usr/include/kde/kjsembed: cpio: lsetfilecon
Updating : dhcp ####################### [17/26]
error: unpacking of archive failed on file /etc/dhcpd.conf: cpio: lsetfilecon
error: %preun(kdenetwork-3.4.2-0.fc4.2.i386) scriptlet failed, exit status 255
Cleanup : kdeartwork ####################### [18/26]
error: %postun(kdeartwork-3.4.2-0.fc4.1.i386) scriptlet failed, exit status 255
error: %trigger(cups-1.1.23-15.1.i386) scriptlet failed, exit status 255
Cleanup : kdemultimedia ####################### [19/26]
error: %postun(kdemultimedia-3.4.2-0.fc4.1.i386) scriptlet failed, exit status 255
error: %preun(system-config-nfs-1.3.11-0.fc4.1.noarch) scriptlet failed, exit status 255
Cleanup : kdebindings-devel ####################### [20/26]
Cleanup : kdegraphics ####################### [21/26]
error: %postun(kdegraphics-3.4.2-0.fc4.2.i386) scriptlet failed, exit status 25
I am at loss as to why I see a general "avc: denied {xxxxxxx}" messages
interpersed in the /var/log/message and /var/log/audit/audit.log files such
as shown below:
/var/log/messages:
====================
===
No idea what these are:
Dec 12 21:48:06 linux dbus: avc: received policyload notice (seqno=3)
Dec 12 21:48:06 linux dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Dec 12 21:48:06 linux dbus: avc: received policyload notice (seqno=3)
Dec 12 21:48:06 linux dbus: avc: 0 AV entries and 0/512 buckets used, longest chain length 0
Dec 12 21:48:06 linux dbus: avc: received policyload notice (seqno=3)
Dec 12 21:48:06 linux dbus: avc: 7 AV entries and 7/512 buckets used, longest chain length 1
===
Relabeling problems shown below...
Dec 17 18:35:50 linux kernel: SELinux: initialized (dev sdb1, type ext3), uses xattr
Dec 17 18:35:50 linux kernel: audit(1134872391.398:2): avc: granted { setenforce } for pid=379 comm="rc.sysinit" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:security_t tclass=security
Dec 17 18:35:50 linux kernel: audit(1134872392.086:3): avc: denied { relabelfrom } for pid=1236 comm="setfiles" name="__db.001" dev=hda2 ino=904713 scontext=system_u:system_r:kernel_t tcontext=root:object_r:file_t tclass=file
Dec 17 18:35:50 linux kernel: audit(1134872412.527:4): avc: denied { relabelto } for pid=1236 comm="setfiles" name="root" dev=hda2 ino=671745 scontext=system_u:system_r:kernel_t tcontext=root:object_r:user_home_dir_t tclass=dir
Dec 17 18:35:50 linux kernel: audit(1134872412.547:5): avc: denied { relabelto } for pid=1236 comm="setfiles" name="bin" dev=hda2 ino=671746 scontext=system_u:system_r:kernel_t tcontext=root:object_r:user_home_t tclass=dir
Dec 17 18:35:50 linux kernel: audit(1134872412.559:6): avc: denied { relabelto } for pid=1236 comm="setfiles" name="doCerts" dev=hda2 ino=671747 scontext=system_u:system_r:kernel_t tcontext=root:object_r:user_home_t tclass=file
Dec 17 18:35:50 linux kernel: audit(1134872412.951:7): avc: denied { relabelfrom } for pid=1236 comm="setfiles" name="khelpcenter" dev=hda2 ino=672118 scontext=system_u:system_r:kernel_t tcontext=root:object_r:file_t tclass=dir
Dec 17 18:35:50 linux kernel: audit(1134872412.975:8): avc: denied { relabelto } for pid=1236 comm="setfiles" name="socket-linux.cdkkt.com" dev=hda2 ino=672307 scontext=system_u:system_r:kernel_t tcontext=root:object_r:user_home_t tclass=lnk_file
Dec 17 18:35:50 linux kernel: audit(1134872413.031:9): avc: denied { relabelto } for pid=1236 comm="setfiles" name="libflashplayer.so" dev=hda2 ino=672362 scontext=system_u:system_r:kernel_t tcontext=root:object_r:lib_t tclass=file
Dec 17 18:35:50 linux kernel: audit(1134873060.784:10): avc: denied { relabelfrom } for pid=1236 comm="setfiles" name="xterm" dev=hda2 ino=1565515 scontext=system_u:system_r:kernel_t tcontext=root:object_r:file_t tclass=lnk_file
Dec 17 18:35:50 linux kernel: audit(1134873187.416:11): avc: denied { relabelto } for pid=1236 comm="setfiles" name="dant" dev=hda2 ino=1245501 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_dir_t tclass=dir
Dec 17 18:35:50 linux kernel: audit(1134873187.416:12): avc: denied { relabelto } for pid=1236 comm="setfiles" name=".kde" dev=hda2 ino=1245502 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_t tclass=dir
Dec 17 18:35:50 linux kernel: audit(1134873187.420:13): avc: denied { relabelto } for pid=1236 comm="setfiles" name="Autorun.desktop" dev=hda2 ino=1245504 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_t tclass=file
Dec 17 18:35:50 linux kernel: audit(1134873187.492:14): avc: denied { relabelto } for pid=1236 comm="setfiles" name="socket-linux.cdkkt.com" dev=hda2 ino=1245588 scontext=system_u:system_r:kernel_t tcontext=user_u:object_r:user_home_t tclass=lnk_file
Dec 17 18:35:50 linux kernel: audit(1134873191.264:15): avc: denied { relabelfrom } for pid=1236 comm="setfiles" name="verifyFS" dev=hdb1 ino=49063 scontext=system_u:system_r:kernel_t tcontext=root:object_r:samba_share_t tclass=file
Dec 17 18:35:50 linux kernel: audit(1134873191.340:16): avc: denied { relabelfrom } for pid=1236 comm="setfiles" name="DenyHosts-1.1.2-python2.4.noarch.rpm" dev=hdb1 ino=1651599 scontext=system_u:system_r:kernel_t tcontext=root:object_r:default_t tclass=file
Dec 17 18:35:50 linux kernel: audit(1134873218.749:17): avc: denied { relabelfrom } for pid=1236 comm="setfiles" name="defaults" dev=hdb3 ino=1697393 scontext=system_u:system_r:kernel_t tcontext=root:object_r:default_t tclass=dir
Dec 17 18:35:50 linux kernel: audit(1134873319.356:18): avc: granted { setenforce } for pid=379 comm="rc.sysinit" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:security_t tclass=security
Dec 17 18:35:50 linux kernel: Adding 2289252k swap on /dev/hda3. Priority:-1 extents:1 across:2289252k
Any help would be appreciated!
Kind regards,
Dan
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.1/206 - Release Date: 12/16/2005
More information about the fedora-selinux-list
mailing list