rawhide yum denied for transition bootloader_t, two alerts

Daniel J Walsh dwalsh at redhat.com
Mon Mar 17 14:33:55 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andrew Farris wrote:
> These happen on two machines during updates,  I'm also noticing many
> %post scriptlets failing when these pop up, though I don't know if
> they are related or not.
> 
> Summary:
> 
> SELinux is preventing yum (bootloader_t) "transition" to /sbin/ldconfig
> (rpm_script_t).
> 
> Detailed Description:
> 
> SELinux denied access requested by yum. It is not expected that this access is
> required by yum and this access may signal an intrusion attempt. It is also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context                user_u:system_r:bootloader_t:s0
> Target Context                user_u:system_r:rpm_script_t:s0
> Target Objects                /sbin/ldconfig [ process ]
> Source                        yum
> Source Path                   /usr/bin/python
> Port                          <Unknown>
> Host                          durthangnix
> Source RPM Packages           python-2.5.1-23.fc9
> Target RPM Packages           glibc-2.7.90-9
> Policy RPM                    selinux-policy-3.3.1-14.fc9
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     durthangnix
> Platform                      Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon
>                               Mar 10 20:59:23 EDT 2008 x86_64 x86_64
> Alert Count                   35
> First Seen                    Thu 13 Mar 2008 11:19:15 PM PDT
> Last Seen                     Thu 13 Mar 2008 11:32:48 PM PDT
> Local ID                      36d70abc-d12d-42f2-96bf-ab7250e29da1
> Line Numbers
> 
> Raw Audit Messages
> 
> host=durthangnix type=AVC msg=audit(1205476368.460:1339): avc:  denied
>  { transition } for  pid=28100 comm="yum" path="/sbin/ldconfig"
> dev=sda3 ino=858775 scontext=user_u:system_r:bootloader_t:s0
> tcontext=user_u:system_r:rpm_script_t:s0 tclass=process
> 
> host=durthangnix type=SYSCALL msg=audit(1205476368.460:1339):
> arch=c000003e syscall=59 success=no exit=-13 a0=7ff2034c2aca
> a1=7fff1bd22350 a2=7ff20aa927d0 a3=3b8896c9f0 items=0 ppid=27144
> pid=28100 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=pts1 ses=4 comm="yum" exe="/usr/bin/python"
> subj=user_u:system_r:bootloader_t:s0 key=(null)
> 
> 
> 
> Summary:
> 
> SELinux is preventing yum (bootloader_t) "transition" to /bin/bash
> (rpm_script_t).
> 
> Detailed Description:
> 
> SELinux denied access requested by yum. It is not expected that this access is
> required by yum and this access may signal an intrusion attempt. It is also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context                user_u:system_r:bootloader_t:s0
> Target Context                user_u:system_r:rpm_script_t:s0
> Target Objects                /bin/bash [ process ]
> Source                        rpm
> Source Path                   /bin/rpm
> Port                          <Unknown>
> Host                          durthangnix
> Source RPM Packages           python-2.5.1-23.fc9
> Target RPM Packages           bash-3.2-21.fc9
> Policy RPM                    selinux-policy-3.3.1-14.fc9
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     durthangnix
> Platform                      Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon
>                               Mar 10 20:59:23 EDT 2008 x86_64 x86_64
> Alert Count                   48
> First Seen                    Thu 13 Mar 2008 10:00:05 AM PDT
> Last Seen                     Thu 13 Mar 2008 11:32:48 PM PDT
> Local ID                      75a34bf7-d467-444b-bfb4-9a931b3af238
> Line Numbers
> 
> Raw Audit Messages
> 
> host=durthangnix type=AVC msg=audit(1205476368.64:1338): avc:  denied
> { transition } for  pid=28099 comm="yum" path="/bin/bash" dev=sda3
> ino=835647 scontext=user_u:system_r:bootloader_t:s0
> tcontext=user_u:system_r:rpm_script_t:s0 tclass=process
> 
> host=durthangnix type=SYSCALL msg=audit(1205476368.64:1338):
> arch=c000003e syscall=59 success=no exit=-13 a0=7ff20063e90d
> a1=7fff1bd22350 a2=7ff20aa927d0 a3=3b8896c9f0 items=0 ppid=27144
> pid=28099 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=pts1 ses=4 comm="yum" exe="/usr/bin/python"
> subj=user_u:system_r:bootloader_t:s0 key=(null)
> 
> 
> 
THis looks like you are logged in as bootloader_t?  Something is very
wrong with your system.

What does
id -Z

Show?

You might need to relabel.  Are you using a different login program?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfegVMACgkQrlYvE4MpobMQ+ACeKCK06xKkMvhWR+QV640XbWtL
+FMAoJrZ27X844vVZyPsk0s/w0ElCkHO
=Nmcm
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list