rawhide yum denied for transition bootloader_t, two alerts
Daniel J Walsh
dwalsh at redhat.com
Mon Mar 17 14:33:55 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Farris wrote:
> These happen on two machines during updates, I'm also noticing many
> %post scriptlets failing when these pop up, though I don't know if
> they are related or not.
>
> Summary:
>
> SELinux is preventing yum (bootloader_t) "transition" to /sbin/ldconfig
> (rpm_script_t).
>
> Detailed Description:
>
> SELinux denied access requested by yum. It is not expected that this access is
> required by yum and this access may signal an intrusion attempt. It is also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context user_u:system_r:bootloader_t:s0
> Target Context user_u:system_r:rpm_script_t:s0
> Target Objects /sbin/ldconfig [ process ]
> Source yum
> Source Path /usr/bin/python
> Port <Unknown>
> Host durthangnix
> Source RPM Packages python-2.5.1-23.fc9
> Target RPM Packages glibc-2.7.90-9
> Policy RPM selinux-policy-3.3.1-14.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name durthangnix
> Platform Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon
> Mar 10 20:59:23 EDT 2008 x86_64 x86_64
> Alert Count 35
> First Seen Thu 13 Mar 2008 11:19:15 PM PDT
> Last Seen Thu 13 Mar 2008 11:32:48 PM PDT
> Local ID 36d70abc-d12d-42f2-96bf-ab7250e29da1
> Line Numbers
>
> Raw Audit Messages
>
> host=durthangnix type=AVC msg=audit(1205476368.460:1339): avc: denied
> { transition } for pid=28100 comm="yum" path="/sbin/ldconfig"
> dev=sda3 ino=858775 scontext=user_u:system_r:bootloader_t:s0
> tcontext=user_u:system_r:rpm_script_t:s0 tclass=process
>
> host=durthangnix type=SYSCALL msg=audit(1205476368.460:1339):
> arch=c000003e syscall=59 success=no exit=-13 a0=7ff2034c2aca
> a1=7fff1bd22350 a2=7ff20aa927d0 a3=3b8896c9f0 items=0 ppid=27144
> pid=28100 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=pts1 ses=4 comm="yum" exe="/usr/bin/python"
> subj=user_u:system_r:bootloader_t:s0 key=(null)
>
>
>
> Summary:
>
> SELinux is preventing yum (bootloader_t) "transition" to /bin/bash
> (rpm_script_t).
>
> Detailed Description:
>
> SELinux denied access requested by yum. It is not expected that this access is
> required by yum and this access may signal an intrusion attempt. It is also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context user_u:system_r:bootloader_t:s0
> Target Context user_u:system_r:rpm_script_t:s0
> Target Objects /bin/bash [ process ]
> Source rpm
> Source Path /bin/rpm
> Port <Unknown>
> Host durthangnix
> Source RPM Packages python-2.5.1-23.fc9
> Target RPM Packages bash-3.2-21.fc9
> Policy RPM selinux-policy-3.3.1-14.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name durthangnix
> Platform Linux durthangnix 2.6.25-0.105.rc5.fc9 #1 SMP Mon
> Mar 10 20:59:23 EDT 2008 x86_64 x86_64
> Alert Count 48
> First Seen Thu 13 Mar 2008 10:00:05 AM PDT
> Last Seen Thu 13 Mar 2008 11:32:48 PM PDT
> Local ID 75a34bf7-d467-444b-bfb4-9a931b3af238
> Line Numbers
>
> Raw Audit Messages
>
> host=durthangnix type=AVC msg=audit(1205476368.64:1338): avc: denied
> { transition } for pid=28099 comm="yum" path="/bin/bash" dev=sda3
> ino=835647 scontext=user_u:system_r:bootloader_t:s0
> tcontext=user_u:system_r:rpm_script_t:s0 tclass=process
>
> host=durthangnix type=SYSCALL msg=audit(1205476368.64:1338):
> arch=c000003e syscall=59 success=no exit=-13 a0=7ff20063e90d
> a1=7fff1bd22350 a2=7ff20aa927d0 a3=3b8896c9f0 items=0 ppid=27144
> pid=28099 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=pts1 ses=4 comm="yum" exe="/usr/bin/python"
> subj=user_u:system_r:bootloader_t:s0 key=(null)
>
>
>
THis looks like you are logged in as bootloader_t? Something is very
wrong with your system.
What does
id -Z
Show?
You might need to relabel. Are you using a different login program?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfegVMACgkQrlYvE4MpobMQ+ACeKCK06xKkMvhWR+QV640XbWtL
+FMAoJrZ27X844vVZyPsk0s/w0ElCkHO
=Nmcm
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list