todays avc messages
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 14 17:47:37 UTC 2006
Jason Dravet wrote:
> Here are some avc messages from todays rawhide. I have tried a
> relabel and I still get these and more avcs in my audit.log. Hal does
> not work because of the last entry.
>
> Thanks,
> Jason
>
> time->Tue Feb 14 08:05:00 2006
> type=PATH msg=audit(1139925900.906:54): item=1 flags=101 inode=393231
> dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
> type=PATH msg=audit(1139925900.906:54): item=0 name="/sbin/auditctl"
> flags=101 inode=655430 dev=fd:00 mode=0100750 ouid=0 ogid=0 rdev=00:00
> type=CWD msg=audit(1139925900.906:54): cwd="/"
> type=AVC_PATH msg=audit(1139925900.906:54): path="/ptmx"
> type=SYSCALL msg=audit(1139925900.906:54): arch=40000003 syscall=11
> success=yes exit=0 a0=90d5f80 a1=90d5f18 a2=90dacd8 a3=90d5d88 items=2
> pid=1683 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 comm="auditctl" exe="/sbin/auditctl"
> type=AVC msg=audit(1139925900.906:54): avc: denied { use } for
> pid=1683 comm="auditctl" name="ptmx" dev=tmpfs ino=641
> scontext=system_u:system_r:auditctl_t:s0
> tcontext=system_u:system_r:kernel_t:s0 tclass=fd
> ----
> time->Tue Feb 14 08:05:01 2006
> type=PATH msg=audit(1139925901.154:56): item=1 flags=101 inode=393231
> dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
> type=PATH msg=audit(1139925901.154:56): item=0 name="/sbin/syslogd"
> flags=101 inode=655490 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
> type=CWD msg=audit(1139925901.154:56): cwd="/"
> type=AVC_PATH msg=audit(1139925901.154:56): path="/ptmx"
> type=SYSCALL msg=audit(1139925901.154:56): arch=40000003 syscall=11
> success=yes exit=0 a0=9e89ad0 a1=9e8a0c0 a2=9e89fc8 a3=9e89a40 items=2
> pid=1692 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 comm="syslogd" exe="/sbin/syslogd"
> type=AVC msg=audit(1139925901.154:56): avc: denied { use } for
> pid=1692 comm="syslogd" name="ptmx" dev=tmpfs ino=641
> scontext=system_u:system_r:syslogd_t:s0
> tcontext=system_u:system_r:kernel_t:s0 tclass=fd
> ----
> time->Tue Feb 14 08:05:01 2006
> type=PATH msg=audit(1139925901.366:57): item=1 flags=101 inode=393231
> dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
> type=PATH msg=audit(1139925901.366:57): item=0 name="/sbin/klogd"
> flags=101 inode=655480 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
> type=CWD msg=audit(1139925901.366:57): cwd="/"
> type=AVC_PATH msg=audit(1139925901.366:57): path="/ptmx"
> type=SYSCALL msg=audit(1139925901.366:57): arch=40000003 syscall=11
> success=yes exit=0 a0=904bb10 a1=904c060 a2=904bf70 a3=904b9c8 items=2
> pid=1695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 comm="klogd" exe="/sbin/klogd"
> type=AVC msg=audit(1139925901.366:57): avc: denied { use } for
> pid=1695 comm="klogd" name="ptmx" dev=tmpfs ino=641
> scontext=system_u:system_r:klogd_t:s0
> tcontext=system_u:system_r:kernel_t:s0 tclass=fd
> ----
> time->Tue Feb 14 09:18:05 2006
> type=SYSCALL msg=audit(1139930285.404:256): arch=40000003 syscall=206
> success=no exit=-1 a0=1 a1=9ec2338 a2=351ff4 a3=1 items=0 pid=3426
> auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> comm="hald" exe="/usr/sbin/hald"
> type=AVC msg=audit(1139930285.404:256): avc: denied { setgid } for
> pid=3426 comm="hald" capability=6 scontext=root:system_r:hald_t:s0
> tcontext=root:system_r:hald_t:s0 tclass=capability
>
Yes the hal one is the only important one. I have update policy on
ftp://people.redhat.com/dwalsh/SELinux/Fedora
to fix this. The others are being caused by a leaking file descriptor
in the kernel or the initrd. A bugzilla has been filed.
Dan
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list