AVCs during suspend/resume (vbetool/hald/ntpd)

Sat Mar 4 23:05:25 UTC 2006

Running latest rawhide (2.6.15-1.2009.4.2_FC), targeted/enforcing,
some AVCs are generated (I think during resume).

Running in Permissive mode, I get:
----
type=PATH msg=audit(03/04/2006 14:39:51.707:29) : item=1
flags=follow,open inode=1045516 dev=fd:00 mode=file,755 ouid=root
ogid=root rdev=00:00
type=PATH msg=audit(03/04/2006 14:39:51.707:29) : item=0
name=/usr/sbin/vbetool flags=follow,open inode=5794873 dev=fd:00
mode=file,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(03/04/2006 14:39:51.707:29) :  cwd=/usr/share/hal/scripts
type=AVC_PATH msg=audit(03/04/2006 14:39:51.707:29) :  path=/var/run/vbestate
type=SYSCALL msg=audit(03/04/2006 14:39:51.707:29) : arch=i386
syscall=execve success=yes exit=0 a0=8a49e98 a1=8a49eb0 a2=8a4f980
a3=8a4f528 items=2 pid=2933 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=vbetool exe=/usr/sbin/vbetool
type=AVC msg=audit(03/04/2006 14:39:51.707:29) : avc:  denied  { write
} for  pid=2933 comm=vbetool name=vbestate dev=dm-0 ino=2777558
scontext=system_u:system_r:vbetool_t:s0
tcontext=system_u:object_r:hald_var_run_t:s0 tclass=file
----
type=PATH msg=audit(03/04/2006 14:40:31.194:30) : item=1
flags=follow,open inode=1045516 dev=fd:00 mode=file,755 ouid=root
ogid=root rdev=00:00
type=PATH msg=audit(03/04/2006 14:40:31.194:30) : item=0
name=/usr/sbin/vbetool flags=follow,open inode=5794873 dev=fd:00
mode=file,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(03/04/2006 14:40:31.194:30) :  cwd=/usr/share/hal/scripts
type=AVC_PATH msg=audit(03/04/2006 14:40:31.194:30) :  path=/var/run/vbestate
type=SYSCALL msg=audit(03/04/2006 14:40:31.194:30) : arch=i386
syscall=execve success=yes exit=0 a0=9268650 a1=927d070 a2=9268980
a3=9268518 items=2 pid=3115 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=vbetool exe=/usr/sbin/vbetool
type=AVC msg=audit(03/04/2006 14:40:31.194:30) : avc:  denied  { read
} for  pid=3115 comm=vbetool name=vbestate dev=dm-0 ino=2777558
scontext=system_u:system_r:vbetool_t:s0
tcontext=system_u:object_r:hald_var_run_t:s0 tclass=file
----
type=AVC_PATH msg=audit(03/04/2006 14:40:31.222:31) :  path=/var/run/vbestate
type=SYSCALL msg=audit(03/04/2006 14:40:31.222:31) : arch=i386
syscall=ioctl success=no exit=-25(Inappropriate ioctl for device) a0=0
a1=4b3a a2=0 a3=bfc59044 items=0 pid=3115 auid=unknown(1515870810)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=vbetool exe=/usr/sbin/vbetool
type=AVC msg=audit(03/04/2006 14:40:31.222:31) : avc:  denied  { ioctl
} for  pid=3115 comm=vbetool name=vbestate dev=dm-0 ino=2777558
scontext=system_u:system_r:vbetool_t:s0
tcontext=system_u:object_r:hald_var_run_t:s0 tclass=file
----
type=PATH msg=audit(03/04/2006 14:40:33.010:32) : item=0
name=/dev/tty8 flags=follow inode=681 dev=00:0f mode=char,660
ouid=root ogid=tty rdev=04:08
type=CWD msg=audit(03/04/2006 14:40:33.010:32) :  cwd=/usr/share/hal/scripts
type=SYSCALL msg=audit(03/04/2006 14:40:33.010:32) : arch=i386
syscall=chown32 success=yes exit=0 a0=bf97d207 a1=0 a2=0 a3=bf97d2c4
items=1 pid=3126 auid=unknown(4294967295) uid=root gid=root euid=root
suid=root fsuid=root egid=root sgid=root fsgid=root comm=openvt
exe=/usr/bin/openvt
type=AVC msg=audit(03/04/2006 14:40:33.010:32) : avc:  denied  {
setattr } for pid=3126 comm=openvt name=tty8 dev=tmpfs ino=681
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
----
type=PATH msg=audit(03/04/2006 14:40:51.308:33) : item=1
flags=follow,open inode=1045516 dev=fd:00 mode=file,755 ouid=root
ogid=root rdev=00:00
type=PATH msg=audit(03/04/2006 14:40:51.308:33) : item=0
name=/usr/sbin/ntpdate flags=follow,open inode=5802324 dev=fd:00
mode=file,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(03/04/2006 14:40:51.308:33) :  cwd=/
type=AVC_PATH msg=audit(03/04/2006 14:40:51.308:33) :  path=/dev/null
type=SYSCALL msg=audit(03/04/2006 14:40:51.308:33) : arch=i386
syscall=execve success=yes exit=0 a0=9aa9458 a1=9aaa320 a2=9aab1b0
a3=9aaa838 items=2 pid=3182 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=ntpdate exe=/usr/sbin/ntpdate
type=AVC msg=audit(03/04/2006 14:40:51.308:33) : avc:  denied  { use }
for  pid=3182 comm=ntpdate name=null dev=tmpfs ino=1151
scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=fd
----

<<<<<<REBOOT HERE, in Enforcing mode>>>>>>>>
----
type=PATH msg=audit(03/04/2006 14:46:19.552:13) : item=0
name=/proc/sys/vm/ flags=follow,access inode=4026531930 dev=00:03
mode=dir,555 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(03/04/2006 14:46:19.552:13) :  cwd=/usr/share/hal/scripts
type=SYSCALL msg=audit(03/04/2006 14:46:19.552:13) : arch=i386
syscall=access success=no exit=-13(Permission denied) a0=9c3a3c8 a1=2
a2=2 a3=9c39538 items=1 pid=2695 auid=unknown(4294967295) uid=root
gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=pm-powersave exe=/bin/bash
type=AVC msg=audit(03/04/2006 14:46:19.552:13) : avc:  denied  { write
} for  pid=2695 comm=pm-powersave name=vm dev=proc ino=-268435366
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=dir
----
type=PATH msg=audit(03/04/2006 14:46:22.004:14) : item=0
name=/proc/sys/vm/ flags=follow,access inode=4026531930 dev=00:03
mode=dir,555 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(03/04/2006 14:46:22.004:14) :  cwd=/usr/share/hal/scripts
type=SYSCALL msg=audit(03/04/2006 14:46:22.004:14) : arch=i386
syscall=access success=no exit=-13(Permission denied) a0=8e403c8 a1=2
a2=2 a3=8e3f538 items=1 pid=2733 auid=unknown(4294967295) uid=root
gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=pm-powersave exe=/bin/bash
type=AVC msg=audit(03/04/2006 14:46:22.004:14) : avc:  denied  { write
} for  pid=2733 comm=pm-powersave name=vm dev=proc ino=-268435366
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_vm_t:s0 tclass=dir
----

--
Tom London