F8 updates kill setroubleshootd?

Daniel J Walsh dwalsh at redhat.com
Fri Feb 29 14:05:39 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Howarth wrote:
> Paul Howarth wrote:
>> Having installed the latest bunch of Fedora 8 updates this morning,
>> which included selinux-policy and setroubleshoot, I'm getting these
>> denials:
>>
>> type=AVC msg=audit(1204275163.032:209): avc:  denied  { connectto }
>> for  pid=26345 comm="setroubleshootd" path="/var/run/audispd_events"
>> scontext=unconfined_u:system_r:setroubleshootd_t:s0
>> tcontext=system_u:system_r:auditd_t:s0 tclass=unix_stream_socket
>>
>> type=AVC msg=audit(1204275171.133:210): avc:  denied  { read } for
>> pid=26379 comm="setroubleshootd" name=".rpmmacros" dev=0:15
>> ino=6331637 scontext=unconfined_u:system_r:setroubleshootd_t:s0
>> tcontext=system_u:object_r:nfs_t:s0 tclass=file
>>
>> The first one looks like a policy issue but I can't fathom why
>> setroubleshootd would be trying access ~/.rpmmacros for the second one.
> 
> Following a reboot, the socket /var/run/audispd_events changed from
> auditd_t to audisp_var_run_t and there are no more AVCs for this. I
> tried a restorecon before the reboot but that didn't do anything, which
> is strange given that policy does indeed specify context:
> 
> # semanage fcontext -l | grep audisp
> /sbin/audispd                                      regular file
> system_u:object_r:audisp_exec_t:s0
> /sbin/audisp-prelude                               regular file
> system_u:object_r:audisp_prelude_exec_t:s0
> /var/run/audispd_events                            socket
> system_u:object_r:audisp_var_run_t:s0
> 
> Perhaps that was finger trouble?
You needed to restart the audit daemon to get the proper context.
I probably should have left the policy for both.


setroubleshoot loads the rpm python bindings, which tries to read the
.rpmmacros file in $HOME.  So if you do a service setoubleshoot restart
after su or sudo then you can see this avc.  It is supposed to be
dontaudited, but It must be missing the nfs_t one.
> 
> Paul.
> 
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfIETMACgkQrlYvE4MpobNA8QCgj1QDgxtMSRMcKl7QvJIwBIMs
/V4AoJpoHeRtUQukFHZ/t0wSdPopfuB8
=ELeU
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list