[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: todays avc messages



Jason Dravet wrote:
Here are some avc messages from todays rawhide. I have tried a relabel and I still get these and more avcs in my audit.log. Hal does not work because of the last entry.

Thanks,
Jason

time->Tue Feb 14 08:05:00 2006
type=PATH msg=audit(1139925900.906:54): item=1 flags=101 inode=393231 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 type=PATH msg=audit(1139925900.906:54): item=0 name="/sbin/auditctl" flags=101 inode=655430 dev=fd:00 mode=0100750 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1139925900.906:54):  cwd="/"
type=AVC_PATH msg=audit(1139925900.906:54):  path="/ptmx"
type=SYSCALL msg=audit(1139925900.906:54): arch=40000003 syscall=11 success=yes exit=0 a0=90d5f80 a1=90d5f18 a2=90dacd8 a3=90d5d88 items=2 pid=1683 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl" exe="/sbin/auditctl" type=AVC msg=audit(1139925900.906:54): avc: denied { use } for pid=1683 comm="auditctl" name="ptmx" dev=tmpfs ino=641 scontext=system_u:system_r:auditctl_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
----
time->Tue Feb 14 08:05:01 2006
type=PATH msg=audit(1139925901.154:56): item=1 flags=101 inode=393231 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 type=PATH msg=audit(1139925901.154:56): item=0 name="/sbin/syslogd" flags=101 inode=655490 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1139925901.154:56):  cwd="/"
type=AVC_PATH msg=audit(1139925901.154:56):  path="/ptmx"
type=SYSCALL msg=audit(1139925901.154:56): arch=40000003 syscall=11 success=yes exit=0 a0=9e89ad0 a1=9e8a0c0 a2=9e89fc8 a3=9e89a40 items=2 pid=1692 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="syslogd" exe="/sbin/syslogd" type=AVC msg=audit(1139925901.154:56): avc: denied { use } for pid=1692 comm="syslogd" name="ptmx" dev=tmpfs ino=641 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
----
time->Tue Feb 14 08:05:01 2006
type=PATH msg=audit(1139925901.366:57): item=1 flags=101 inode=393231 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 type=PATH msg=audit(1139925901.366:57): item=0 name="/sbin/klogd" flags=101 inode=655480 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=CWD msg=audit(1139925901.366:57):  cwd="/"
type=AVC_PATH msg=audit(1139925901.366:57):  path="/ptmx"
type=SYSCALL msg=audit(1139925901.366:57): arch=40000003 syscall=11 success=yes exit=0 a0=904bb10 a1=904c060 a2=904bf70 a3=904b9c8 items=2 pid=1695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="klogd" exe="/sbin/klogd" type=AVC msg=audit(1139925901.366:57): avc: denied { use } for pid=1695 comm="klogd" name="ptmx" dev=tmpfs ino=641 scontext=system_u:system_r:klogd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
----
time->Tue Feb 14 09:18:05 2006
type=SYSCALL msg=audit(1139930285.404:256): arch=40000003 syscall=206 success=no exit=-1 a0=1 a1=9ec2338 a2=351ff4 a3=1 items=0 pid=3426 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="hald" exe="/usr/sbin/hald" type=AVC msg=audit(1139930285.404:256): avc: denied { setgid } for pid=3426 comm="hald" capability=6 scontext=root:system_r:hald_t:s0 tcontext=root:system_r:hald_t:s0 tclass=capability

Yes the hal one is the only important one. I have update policy on ftp://people.redhat.com/dwalsh/SELinux/Fedora to fix this. The others are being caused by a leaking file descriptor in the kernel or the initrd. A bugzilla has been filed.

Dan

--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]