[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

flood of selinux avcs, settroubleshoot all over the place(sorry for all the avcs)



Dear all,

Here are all the selinux errors that I have encountered.
I apologize for putting in all at the same time, but I am just overwhelmed at the amount.  I guess setroubleshoot daemon got happy and started sending all the avcs encountered.  

Thank you for advice given in advance.  

Regards,

Antonio 



Summary:

SELinux is preventing gvfsd-trash (staff_t) "dac_override" to <Unknown>
(staff_t).

Detailed Description:

SELinux denied access requested by gvfsd-trash. It is not expected that this
access is required by gvfsd-trash and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Objects                None [ capability ]
Source                        pulseaudio
Source Path                   /usr/bin/pulseaudio
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           gvfs-0.2.3-1.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   39
First Seen                    Wed 09 Apr 2008 07:03:20 PM CDT
Last Seen                     Wed 09 Apr 2008 07:03:45 PM CDT
Local ID                      d2fbeab2-c5e1-4968-a58a-3897ade13c01
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785825.117:127): avc:  denied  { dac_override } for  pid=5405 comm="gvfsd-trash" capability=1 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=AVC msg=audit(1207785825.117:127): avc:  denied  { dac_read_search } for  pid=5405 comm="gvfsd-trash" capability=2 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=SYSCALL msg=audit(1207785825.117:127): arch=40000003 syscall=196 success=no exit=-13 a0=86652e8 a1=b741b1e0 a2=d14ff4 a3=0 items=0 ppid=5404 pid=5405 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="gvfsd-trash" exe="/usr/libexec/gvfsd-trash" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing escd (staff_t) "read write" to
./636F6F6C6B6579706B313173452D47617465203020302D30 (auth_cache_t).

Detailed Description:

SELinux denied access requested by escd. It is not expected that this access is
required by escd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for
./636F6F6C6B6579706B313173452D47617465203020302D30,

restorecon -v './636F6F6C6B6579706B313173452D47617465203020302D30'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Context                system_u:object_r:auth_cache_t
Target Objects                ./636F6F6C6B6579706B313173452D47617465203020302D30
                              [ file ]
Source                        escd
Source Path                   /usr/lib/esc-1.0.1/escd
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           esc-1.0.1-9.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Wed 09 Apr 2008 07:03:22 PM CDT
Last Seen                     Wed 09 Apr 2008 07:03:22 PM CDT
Local ID                      6cd2e4ee-4e7e-4112-adcc-b3705916d481
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785802.447:91): avc:  denied  { read write } for  pid=5282 comm="escd" name=636F6F6C6B6579706B313173452D47617465203020302D30 dev=dm-0 ino=2485540 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:auth_cache_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1207785802.447:91): arch=40000003 syscall=5 success=no exit=-13 a0=8a45540 a1=20002 a2=180 a3=0 items=0 ppid=1 pid=5282 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="escd" exe="/usr/lib/esc-1.0.1/escd" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing pulseaudio (staff_t) "ipc_lock" to <Unknown> (staff_t).

Detailed Description:

SELinux denied access requested by pulseaudio. It is not expected that this
access is required by pulseaudio and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Objects                None [ capability ]
Source                        gnome-keyring-d
Source Path                   /usr/bin/gnome-keyring-daemon
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           pulseaudio-0.9.10-1.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   15
First Seen                    Wed 09 Apr 2008 07:03:06 PM CDT
Last Seen                     Wed 09 Apr 2008 07:03:21 PM CDT
Local ID                      638ce06f-cd52-41b7-8f87-c3296b7b9c4e
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785801.262:89): avc:  denied  { ipc_lock } for  pid=5217 comm="pulseaudio" capability=14 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=SYSCALL msg=audit(1207785801.262:89): arch=40000003 syscall=150 success=yes exit=0 a0=b6804000 a1=3c84 a2=195cb4 a3=3c84 items=0 ppid=5214 pid=5217 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing gvfs-fuse-daemo (staff_t) "sys_admin" to <Unknown>
(staff_t).

Detailed Description:

SELinux denied access requested by gvfs-fuse-daemo. It is not expected that this
access is required by gvfs-fuse-daemo and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Objects                None [ capability ]
Source                        gvfs-fuse-daemo
Source Path                   /usr/libexec/gvfs-fuse-daemon
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           gvfs-fuse-0.2.3-1.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Wed 09 Apr 2008 07:03:21 PM CDT
Last Seen                     Wed 09 Apr 2008 07:03:21 PM CDT
Local ID                      f714cec5-eca8-4de6-a60b-d07f6e690250
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785801.751:90): avc:  denied  { sys_admin } for  pid=5256 comm="gvfs-fuse-daemo" capability=21 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=SYSCALL msg=audit(1207785801.751:90): arch=40000003 syscall=21 success=no exit=-1 a0=90654d0 a1=9064940 a2=9065510 a3=6 items=0 ppid=1 pid=5256 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="gvfs-fuse-daemo" exe="/usr/libexec/gvfs-fuse-daemon" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing firefox (staff_t) "setuid" to <Unknown> (staff_t).

Detailed Description:

SELinux denied access requested by firefox. It is not expected that this access
is required by firefox and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Objects                None [ capability ]
Source                        firefox
Source Path                   /usr/lib/firefox-3.0b5/firefox
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           firefox-3.0-0.53.beta5.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   14
First Seen                    Wed 09 Apr 2008 07:04:12 PM CDT
Last Seen                     Wed 09 Apr 2008 07:04:12 PM CDT
Local ID                      728a632a-191d-449d-b1a1-aa9cff7a16f1
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785852.141:144): avc:  denied  { setuid } for  pid=5422 comm="firefox" capability=7 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=SYSCALL msg=audit(1207785852.141:144): arch=40000003 syscall=208 success=yes exit=0 a0=ffffffff a1=0 a2=ffffffff a3=bfee4c1c items=0 ppid=5408 pid=5422 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="firefox" exe="/usr/lib/firefox-3.0b5/firefox" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)




Summary:

SELinux is preventing firefox (staff_t) "write" to ./firefox-3.0b5 (lib_t).

Detailed Description:

SELinux denied access requested by firefox. It is not expected that this access
is required by firefox and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./firefox-3.0b5,

restorecon -v './firefox-3.0b5'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Context                system_u:object_r:lib_t
Target Objects                ./firefox-3.0b5 [ dir ]
Source                        firefox
Source Path                   /usr/lib/firefox-3.0b5/firefox
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           firefox-3.0-0.53.beta5.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Wed 09 Apr 2008 07:03:48 PM CDT
Last Seen                     Wed 09 Apr 2008 07:03:52 PM CDT
Local ID                      ba8ecec3-9fce-4945-92ed-d9640d5a0ea7
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785832.379:129): avc:  denied  { write } for  pid=5422 comm="firefox" name="firefox-3.0b5" dev=dm-0 ino=4287001 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=dir

host=localhost.localdomain type=SYSCALL msg=audit(1207785832.379:129): arch=40000003 syscall=5 success=no exit=-13 a0=85ec4f0 a1=82c1 a2=1a4 a3=82c1 items=0 ppid=5408 pid=5422 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="firefox" exe="/usr/lib/firefox-3.0b5/firefox" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)




Summary:

SELinux is preventing pulseaudio (staff_t) "sys_resource" to <Unknown>
(staff_t).

Detailed Description:

SELinux denied access requested by pulseaudio. It is not expected that this
access is required by pulseaudio and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Objects                None [ capability ]
Source                        pulseaudio
Source Path                   /usr/bin/pulseaudio
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           pulseaudio-0.9.10-1.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   2
First Seen                    Wed 09 Apr 2008 07:03:20 PM CDT
Last Seen                     Wed 09 Apr 2008 07:03:20 PM CDT
Local ID                      40e0b7ff-cb5f-42de-8f1d-8302ea0c173f
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785800.594:72): avc:  denied  { sys_resource } for  pid=5217 comm="pulseaudio" capability=24 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=SYSCALL msg=audit(1207785800.594:72): arch=40000003 syscall=75 success=no exit=-1 a0=e a1=bfa8cd1c a2=d14ff4 a3=e items=0 ppid=5214 pid=5217 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing bash (staff_t) "write" to ./ccache (var_t).

Detailed Description:

SELinux denied access requested by bash. It is not expected that this access is
required by bash and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./ccache,

restorecon -v './ccache'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Context                system_u:object_r:var_t
Target Objects                ./ccache [ dir ]
Source                        bash
Source Path                   /bin/bash
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           bash-3.2-22.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Wed 09 Apr 2008 07:03:18 PM CDT
Last Seen                     Wed 09 Apr 2008 07:03:18 PM CDT
Local ID                      8b8507ac-7e45-4ce0-b52f-b25b6c69c03f
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785798.523:69): avc:  denied  { write } for  pid=5092 comm="bash" name="ccache" dev=dm-0 ino=2485510 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir

host=localhost.localdomain type=SYSCALL msg=audit(1207785798.523:69): arch=40000003 syscall=33 success=no exit=-13 a0=9eaad78 a1=2 a2=d14ff4 a3=0 items=0 ppid=4990 pid=5092 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="bash" exe="/bin/bash" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing gnome-session (staff_t) "write" to ./fontconfig (fonts_t).

Detailed Description:

SELinux denied access requested by gnome-session. It is not expected that this
access is required by gnome-session and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./fontconfig,

restorecon -v './fontconfig'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                root:staff_r:staff_t:SystemLow-SystemHigh
Target Context                system_u:object_r:fonts_t
Target Objects                ./fontconfig [ dir ]
Source                        gnome-session
Source Path                   /usr/bin/gnome-session
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           gnome-session-2.22.1-1.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Wed 09 Apr 2008 07:03:18 PM CDT
Last Seen                     Wed 09 Apr 2008 07:03:18 PM CDT
Local ID                      fddf24c2-0902-4a50-8909-4bd30c0839b6
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785798.732:70): avc:  denied  { write } for  pid=5092 comm="gnome-session" name="fontconfig" dev=dm-0 ino=2387443 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fonts_t:s0 tclass=dir

host=localhost.localdomain type=SYSCALL msg=audit(1207785798.732:70): arch=40000003 syscall=33 success=no exit=-13 a0=8536358 a1=2 a2=a85694 a3=852daa8 items=0 ppid=4990 pid=5092 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="gnome-session" exe="/usr/bin/gnome-session" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)


Summary:

SELinux is preventing escd (user_t) "write" to ./coolkey (auth_cache_t).

Detailed Description:

SELinux denied access requested by escd. It is not expected that this access is
required by escd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./coolkey,

restorecon -v './coolkey'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                user_u:user_r:user_t
Target Context                system_u:object_r:auth_cache_t
Target Objects                ./coolkey [ dir ]
Source                        escd
Source Path                   /usr/lib/esc-1.0.1/escd
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           esc-1.0.1-9.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   4
First Seen                    Wed 09 Apr 2008 06:34:01 PM CDT
Last Seen                     Wed 09 Apr 2008 07:02:51 PM CDT
Local ID                      08e479ee-11d3-4d0c-892c-e8ce4f8beb7b
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785771.193:60): avc:  denied  { write } for  pid=4321 comm="escd" name="coolkey" dev=dm-0 ino=2485506 scontext=user_u:user_r:user_t:s0 tcontext=system_u:object_r:auth_cache_t:s0 tclass=dir

host=localhost.localdomain type=SYSCALL msg=audit(1207785771.193:60): arch=40000003 syscall=5 success=no exit=-13 a0=88b4ba0 a1=4c2 a2=180 a3=88b3508 items=0 ppid=1 pid=4321 auid=502 uid=502 gid=502 euid=502 suid=502 fsuid=502 egid=502 sgid=502 fsgid=502 tty=(none) ses=3 comm="escd" exe="/usr/lib/esc-1.0.1/escd" subj=user_u:user_r:user_t:s0 key=(null)



Summary:

SELinux is preventing userhelper (user_t) "read write" to ./eject
(userhelper_conf_t).

Detailed Description:

SELinux denied access requested by userhelper. It is not expected that this
access is required by userhelper and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./eject,

restorecon -v './eject'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                user_u:user_r:user_t
Target Context                system_u:object_r:userhelper_conf_t
Target Objects                ./eject [ file ]
Source                        userhelper
Source Path                   /usr/sbin/userhelper
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           usermode-1.96-1
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   3
First Seen                    Wed 09 Apr 2008 06:34:03 PM CDT
Last Seen                     Wed 09 Apr 2008 06:54:10 PM CDT
Local ID                      971298b0-6bc0-4ee0-a08e-efb07076dd3d
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785250.626:49): avc:  denied  { read write } for  pid=4559 comm="userhelper" name="eject" dev=dm-0 ino=4055485 scontext=user_u:user_r:user_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1207785250.626:49): arch=40000003 syscall=5 success=no exit=-13 a0=82e3508 a1=2 a2=b809cee0 a3=82e3530 items=0 ppid=4558 pid=4559 auid=502 uid=502 gid=502 euid=0 suid=0 fsuid=0 egid=502 sgid=502 fsgid=502 tty=(none) ses=3 comm="userhelper" exe="/usr/sbin/userhelper" subj=user_u:user_r:user_t:s0 key=(null)



Summary:

SELinux is preventing userhelper (user_t) "read" to ./eject (userhelper_conf_t).

Detailed Description:

SELinux denied access requested by userhelper. It is not expected that this
access is required by userhelper and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./eject,

restorecon -v './eject'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                user_u:user_r:user_t
Target Context                system_u:object_r:userhelper_conf_t
Target Objects                ./eject [ file ]
Source                        userhelper
Source Path                   /usr/sbin/userhelper
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           usermode-1.96-1
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   3
First Seen                    Wed 09 Apr 2008 06:34:03 PM CDT
Last Seen                     Wed 09 Apr 2008 06:54:10 PM CDT
Local ID                      fe10c9ad-5af2-4402-b68e-8d6951329af6
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785250.628:50): avc:  denied  { read } for  pid=4559 comm="userhelper" name="eject" dev=dm-0 ino=4055485 scontext=user_u:user_r:user_t:s0 tcontext=system_u:object_r:userhelper_conf_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1207785250.628:50): arch=40000003 syscall=5 success=no exit=-13 a0=82e3508 a1=0 a2=b809cee0 a3=82e3530 items=0 ppid=4558 pid=4559 auid=502 uid=502 gid=502 euid=0 suid=0 fsuid=0 egid=502 sgid=502 fsgid=502 tty=(none) ses=3 comm="userhelper" exe="/usr/sbin/userhelper" subj=user_u:user_r:user_t:s0 key=(null)


Summary:

SELinux is preventing escd (user_t) "read write" to
./636F6F6C6B6579706B313173452D47617465203020302D353031 (auth_cache_t).

Detailed Description:

SELinux denied access requested by escd. It is not expected that this access is
required by escd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for
./636F6F6C6B6579706B313173452D47617465203020302D353031,

restorecon -v './636F6F6C6B6579706B313173452D47617465203020302D353031'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                user_u:user_r:user_t
Target Context                system_u:object_r:auth_cache_t
Target Objects                ./636F6F6C6B6579706B313173452D47617465203020302D35
                              3031 [ file ]
Source                        escd
Source Path                   /usr/lib/esc-1.0.1/escd
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           esc-1.0.1-9.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   2
First Seen                    Wed 09 Apr 2008 06:49:21 PM CDT
Last Seen                     Wed 09 Apr 2008 06:51:48 PM CDT
Local ID                      655d0a34-ec8a-4327-ae0c-a21175fccec7
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785108.494:39): avc:  denied  { read write } for  pid=3737 comm="escd" name=636F6F6C6B6579706B313173452D47617465203020302D353031 dev=dm-0 ino=2485541 scontext=user_u:user_r:user_t:s0 tcontext=system_u:object_r:auth_cache_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1207785108.494:39): arch=40000003 syscall=5 success=no exit=-13 a0=880aba0 a1=20002 a2=180 a3=0 items=0 ppid=1 pid=3737 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=2 comm="escd" exe="/usr/lib/esc-1.0.1/escd" subj=user_u:user_r:user_t:s0 key=(null)





Summary:

SELinux is preventing wine-preloader (user_t) "mmap_zero" to <Unknown> (user_t).

Detailed Description:

SELinux denied access requested by wine-preloader. It is not expected that this
access is required by wine-preloader and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                user_u:user_r:user_t
Target Context                user_u:user_r:user_t
Target Objects                None [ memprotect ]
Source                        wine-preloader
Source Path                   /usr/bin/wine-preloader
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           wine-core-0.9.58-1.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-29.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
                              11:33:46 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Wed 09 Apr 2008 06:50:02 PM CDT
Last Seen                     Wed 09 Apr 2008 06:50:02 PM CDT
Local ID                      6f6e94e5-fbf2-43ea-b941-dba1d1da982b
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207785002.401:35): avc:  denied  { mmap_zero } for  pid=3847 comm="wine-preloader" scontext=user_u:user_r:user_t:s0 tcontext=user_u:user_r:user_t:s0 tclass=memprotect

host=localhost.localdomain type=SYSCALL msg=audit(1207785002.401:35): arch=40000003 syscall=90 success=no exit=-13 a0=bfed76dc a1=bfed76dc a2=60000000 a3=bfed76dc items=0 ppid=1 pid=3847 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=2 comm="wine-preloader" exe="/usr/bin/wine-preloader" subj=user_u:user_r:user_t:s0 key=(null)





Summary:

SELinux prevented X from using the terminal tty0.

Detailed Description:

SELinux prevented X from using the terminal tty0. In most cases daemons do not
need to interact with the terminal, usually these avc messages can be ignored.
All of the confined daemons should have dontaudit rules around using the
terminal. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy.
If you would like to allow all daemons to interact with the terminal, you can
turn on the allow_daemons_use_tty boolean.

Allowing Access:

Changing the "allow_daemons_use_tty" boolean to true will allow this access:
"setsebool -P allow_daemons_use_tty=1."

Fix Command:

setsebool -P allow_daemons_use_tty=1

Additional Information:

Source Context                user_u:user_r:user_t
Target Context                system_u:object_r:tty_device_t
Target Objects                tty0 [ chr_file ]
Source                        X
Source Path                   /usr/bin/Xorg
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           xorg-x11-server-Xorg-1.4.99.901-17.20080401.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-28.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_daemons_use_tty
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.201.rc8.git4.fc9.i686 #1 SMP Sun Apr 6
                              21:55:27 EDT 2008 i686 i686
Alert Count                   8
First Seen                    Fri 04 Apr 2008 06:52:01 PM CDT
Last Seen                     Mon 07 Apr 2008 08:13:50 PM CDT
Local ID                      4c3eddb6-6a5d-420f-a3de-1649183f872c
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207617230.297:90): avc:  denied  { setattr } for  pid=5319 comm="X" name="tty0" dev=tmpfs ino=255 scontext=user_u:user_r:user_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file

host=localhost.localdomain type=SYSCALL msg=audit(1207617230.297:90): arch=40000003 syscall=212 success=no exit=-13 a0=81bc13b a1=0 a2=0 a3=bfbd70b4 items=0 ppid=5318 pid=5319 auid=502 uid=502 gid=502 euid=0 suid=0 fsuid=0 egid=502 sgid=502 fsgid=502 tty=tty1 ses=8 comm="X" exe="/usr/bin/Xorg" subj=user_u:user_r:user_t:s0 key=(null)





Summary:

SELinux is preventing gdb (xdm_t) "write" to ./rpm (rpm_var_lib_t).

Detailed Description:

SELinux denied access requested by gdb. It is not expected that this access is
required by gdb and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./rpm,

restorecon -v './rpm'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:xdm_t:SystemLow-SystemHigh
Target Context                system_u:object_r:rpm_var_lib_t
Target Objects                ./rpm [ dir ]
Source                        gdb
Source Path                   /usr/bin/gdb
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           gdb-6.8-1.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-26.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.195.rc8.git1.fc9.i686 #1 SMP Thu Apr 3
                              09:42:34 EDT 2008 i686 i686
Alert Count                   196
First Seen                    Fri 04 Apr 2008 06:48:42 PM CDT
Last Seen                     Fri 04 Apr 2008 07:56:14 PM CDT
Local ID                      bf5f7ea8-f1a0-46bb-ade6-45dc659e7c1f
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207356974.98:206): avc:  denied  { write } for  pid=2534 comm="gdb" name="rpm" dev=dm-0 ino=2387395 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir

host=localhost.localdomain type=SYSCALL msg=audit(1207356974.98:206): arch=40000003 syscall=33 success=no exit=-13 a0=a3ddfb8 a1=2 a2=3547a4 a3=a3dde80 items=0 ppid=2533 pid=2534 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gdb" exe="/usr/bin/gdb" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)





Summary:

SELinux is preventing gdb (xdm_t) "getattr" to /var/lib/rpm/Packages
(rpm_var_lib_t).

Detailed Description:

SELinux denied access requested by gdb. It is not expected that this access is
required by gdb and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /var/lib/rpm/Packages,

restorecon -v '/var/lib/rpm/Packages'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:xdm_t:SystemLow-SystemHigh
Target Context                system_u:object_r:rpm_var_lib_t
Target Objects                /var/lib/rpm/Packages [ file ]
Source                        gdb
Source Path                   /usr/bin/gdb
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           gdb-6.8-1.fc9
Target RPM Packages           rpm-4.4.2.3-1.fc9
Policy RPM                    selinux-policy-3.3.1-26.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                              2.6.25-0.195.rc8.git1.fc9.i686 #1 SMP Thu Apr 3
                              09:42:34 EDT 2008 i686 i686
Alert Count                   196
First Seen                    Fri 04 Apr 2008 06:48:42 PM CDT
Last Seen                     Fri 04 Apr 2008 07:56:14 PM CDT
Local ID                      adc70120-316b-494e-a25a-1a9f014c0282
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1207356974.99:207): avc:  denied  { getattr } for  pid=2534 comm="gdb" path="/var/lib/rpm/Packages" dev=dm-0 ino=2387402 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1207356974.99:207): arch=40000003 syscall=195 success=no exit=-13 a0=a3ddf98 a1=bf9e3e9c a2=d14ff4 a3=64 items=0 ppid=2533 pid=2534 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gdb" exe="/usr/bin/gdb" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)


























__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]