[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: mrtg selinux denials in default configuration

David Timms wrote:
Should there be selinux denials on a default install of a package ?
audit item attached.


SELinux is preventing mrtg (mrtg_t) "read" to ./root (user_home_dir_t).

Detailed Description:

SELinux denied access requested by mrtg. It is not expected that this access is
required by mrtg and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./root,

restorecon -v './root'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:mrtg_t:SystemLow-SystemHigh
Target Context                system_u:object_r:user_home_dir_t
Target Objects                ./root [ dir ]
Source                        mrtg
Source Path                   /usr/bin/perl
Port                          <Unknown>
Host                          poweredge
Source RPM Packages           perl-5.10.0-20.fc9
Target RPM Packages           filesystem-2.4.13-1.fc9
Policy RPM                    selinux-policy-3.3.1-31.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file
Host Name                     poweredge
Platform                      Linux poweredge 2.6.25-0.195.rc8.git1.fc9.i686 #1
                              SMP Thu Apr 3 09:42:34 EDT 2008 i686 i686
Alert Count                   332
First Seen                    Thu 10 Apr 2008 09:05:01 EST
Last Seen                     Thu 10 Apr 2008 22:50:01 EST
Local ID                      a045e8a5-d15b-43b2-8254-d957bc0f286d
Line Numbers                  

Raw Audit Messages            

host=poweredge type=AVC msg=audit(1207831801.359:1488): avc:  denied  { read } for  pid=17588 comm="mrtg" name="root" dev=sda3 ino=960961 scontext=system_u:system_r:mrtg_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=dir

host=poweredge type=SYSCALL msg=audit(1207831801.359:1488): arch=40000003 syscall=5 success=no exit=-13 a0=113427 a1=8000 a2=0 a3=8000 items=0 ppid=17586 pid=17588 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=185 comm="mrtg" exe="/usr/bin/perl" subj=system_u:system_r:mrtg_t:s0-s0:c0.c1023 key=(null)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]