What severity would this SELinux denial have for the latest kernel?

Antonio Olivares olivares14031 at yahoo.com
Thu Jan 3 23:37:00 UTC 2008


--- Jim Cornette <fct-cornette at insight.rr.com> wrote:

> I updated the kernel after installing the latest
> mkinitrd package and 
> some errors were reported when pup finished. I also
> got the attsched 
> SELinux error.
> The other SELinux error with xdm_var_lib_t was
> already mentioned in an 
> earlier post.
> 
> Jim
> 
> 
> kernel - 2.6.24-0.133.rc6.git8.fc9.i686
> WARNING: Couldn't open directory 
>
/tmp/initrd.dY3159/lib/modules/2.6.24-0.133.rc6.git8.fc9:
> Permission denied
> FATAL: Could not open 
>
/tmp/initrd.dY3159/lib/modules/2.6.24-0.133.rc6.git8.fc9/modules.dep.temp
> 
> for writing: Permission denied
> 
> -- 
> If life is a stage, I want some better lighting.
> > 
> Summary
> 
> SELinux is preventing the depmod(/sbin/depmod) from
> using potentially mislabeled
> files ().
> Detailed Description
> 
> SELinux has denied depmod(/sbin/depmod) access to
> potentially mislabeled file(s)
> (<Unknown>). This means that SELinux will not allow
> depmod(/sbin/depmod) to use
> these files. It is common for users to edit files in
> their home directory or tmp
> directories and then move (mv) them to system
> directories. The problem is that
> the files end up with the wrong file context which
> confined applications are not
> allowed to access.
> Allowing Access
> 
> If you want depmod(/sbin/depmod) to access this
> files, you need to relabel them
> using restorecon -v <Unknown>. You might want to
> relabel the entire directory
> using restorecon -R -v <Unknown>.Additional
> Information        
> 
> Source Context               
> system_u:system_r:depmod_t
> Target Context               
> system_u:object_r:tmp_t
> Target Objects                None [ dir ]
> Source                        depmod(/sbin/depmod)
> Port                          <Unknown>
> Host                          HP-JCF7
> Source RPM Packages           
> Target RPM Packages           
> Policy RPM                   
> selinux-policy-3.2.5-7.fc9
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   home_tmp_bad_labels
> Host Name                     HP-JCF7
> Platform                      Linux HP-JCF7
> 2.6.23.8-63.fc8 #1 SMP Wed Nov 21
>                               18:51:08 EST 2007 i686
> athlon
> Alert Count                   2
> First Seen                    Thu 03 Jan 2008
> 05:47:20 PM EST
> Last Seen                     Thu 03 Jan 2008
> 05:47:20 PM EST
> Local ID                     
> bf1d6609-37f4-42b1-bd2c-75c64deca263
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> host=HP-JCF7 type=AVC msg=audit(1199400440.555:34):
> avc:  denied  { search } for  pid=5198 comm="depmod"
> name="tmp" dev=sda6 ino=260097
> scontext=system_u:system_r:depmod_t:s0
> tcontext=system_u:object_r:tmp_t:s0 tclass=dir
> 
> host=HP-JCF7 type=SYSCALL
> msg=audit(1199400440.555:34): arch=40000003
> syscall=5 success=no exit=-13 a0=bf866ab0 a1=241
> a2=1b6 a3=9c68480 items=0 ppid=2957 pid=5198
> auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) comm="depmod"
> exe="/sbin/depmod"
> subj=system_u:system_r:depmod_t:s0 key=(null)
> 
> 
> > -- 
> fedora-test-list mailing list
> fedora-test-list at redhat.com
> To unsubscribe: 
>
https://www.redhat.com/mailman/listinfo/fedora-test-list

Jim, 

at least you have it installed, on my machine it
failed :(

/sbin/new-kernel-pkg: line 254: /sbin/depmod:
Permission denied

nash received SIGSEGV!  Backtrace (11):

/sbin/nash[0x805315a]

[0x130440]

/lib/libglib-2.0.so.0[0x1991a3]

/usr/lib/libbdevid.so.6.0.24(bdevid_module_unload_all+0x31)[0x5cee37]

/usr/lib/libbdevid.so.6.0.24(bdevid_destroy+0x2d)[0x5ce57c]

/usr/lib/libnash.so.6.0.24[0x5ac198]

/usr/lib/libnash.so.6.0.24(nash_vitals_destroy_probes+0x3f)[0x5ac810]

/usr/lib/libnash.so.6.0.24(_nashFreeContext+0x1c)[0x59cfd6]

/sbin/nash[0x80536f4]

/lib/libc.so.6(__libc_start_main+0xe0)[0x33f4a0]

/sbin/nash[0x804ae71]

^[[B      error:
%post(kernel-2.6.24-0.133.rc6.git8.fc9.i686) scriptlet
failed, signal 2

Selinux upon rebooting caused other errors with
firefox3beta, previously submitted to this list and
selinux-list as well.  I will also forward this to
fedora-selinux-list as well so that they can recommend
us what to do :)

Regards,

Antonio 


      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping




More information about the fedora-test-list mailing list