[redhat-lspp] run_init dying with SIGHUP when called from pexpect as sysadm

Eduardo Madeira Fleury efleury at br.ibm.com
Tue Nov 14 17:44:21 UTC 2006 

On Monday 13 November 2006 19:08, Daniel J Walsh wrote:
> AVC Messages.
>

Running in enforcing mode (it fails) I get these records:

type=AVC msg=audit(1163511803.779:579): avc:  denied  { read write } for  
pid=2324 comm="unix_chkpwd" name="3" dev=devpts ino=5 
scontext=staff_u:sysadm_r:system_chkpwd_t:s0-s15:c0.c1023 
tcontext=staff_u:object_r:sysadm_devpts_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1163511803.779:579): arch=40000003 syscall=11 
success=yes exit=0 a0=48e4f8 a1=bf874d5c a2=49cd04 a3=9531948 items=0 
ppid=2323 pid=2324 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=(none) comm="unix_chkpwd" exe="/sbin/unix_chkpwd" 
subj=staff_u:sysadm_r:system_chkpwd_t:s0-s15:c0.c1023 key=(null)
type=USER_AUTH msg=audit(1163511803.783:580): user pid=2323 uid=0 auid=500 
subj=staff_u:sysadm_r:run_init_t:s0-s15:c0.c1023 msg='PAM: authentication 
acct=tux : exe="/usr/sbin/run_init" (hostname=?, addr=?, terminal=? 
res=success)'
type=AVC msg=audit(1163511803.787:581): avc:  granted  { setexec } for  
pid=2323 comm="run_init" scontext=staff_u:sysadm_r:run_init_t:s0-s15:c0.c1023 
tcontext=staff_u:sysadm_r:run_init_t:s0-s15:c0.c1023 tclass=process
type=SYSCALL msg=audit(1163511803.787:581): arch=40000003 syscall=4 
success=yes exit=43 a0=3 a1=9538db8 a2=2b a3=48afe689 items=0 ppid=2322 
pid=2323 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=pts3 comm="run_init" exe="/usr/sbin/run_init" 
subj=staff_u:sysadm_r:run_init_t:s0-s15:c0.c1023 key=(null)
type=AVC msg=audit(1163511803.787:582): avc:  denied  { use } for  pid=2323 
comm="open_init_pty" name="3" dev=devpts ino=5 
scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 
tcontext=staff_u:sysadm_r:sysadm_t:s0-s15:c0.c1023 tclass=fd
type=AVC msg=audit(1163511803.787:582): avc:  denied  { use } for  pid=2323 
comm="open_init_pty" name="3" dev=devpts ino=5 
scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 
tcontext=staff_u:sysadm_r:sysadm_t:s0-s15:c0.c1023 tclass=fd
type=AVC msg=audit(1163511803.787:582): avc:  denied  { use } for  pid=2323 
comm="open_init_pty" name="3" dev=devpts ino=5 
scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 
tcontext=staff_u:sysadm_r:sysadm_t:s0-s15:c0.c1023 tclass=fd
type=SYSCALL msg=audit(1163511803.787:582): arch=40000003 syscall=11 
success=yes exit=0 a0=80491ad a1=bf874fa4 a2=bf874fb0 a3=bf874fa4 items=0 
ppid=2322 pid=2323 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=(none) comm="open_init_pty" exe="/usr/sbin/open_init_pty" 
subj=system_u:system_r:initrc_t:s0-s15:c0.c1023 key=(null)
type=AVC_PATH msg=audit(1163511803.787:582):  
path=2F6465762F7074732F33202864656C6574656429
type=AVC_PATH msg=audit(1163511803.787:582):  
path=2F6465762F7074732F33202864656C6574656429
type=AVC_PATH msg=audit(1163511803.787:582):  
path=2F6465762F7074732F33202864656C6574656429


While when running in Permissive (it works) I get these:

type=USER_AUTH msg=audit(1163512027.221:593): user pid=2347 uid=0 auid=500 
subj=staff_u:sysadm_r:run_init_t:s0-s15:c0.c1023 msg='PAM: authentication 
acct=tux : exe="/usr/sbin/run_init" (hostname=?, addr=?, terminal=pts/3 
res=success)'
type=AVC msg=audit(1163512027.221:594): avc:  granted  { setexec } for  
pid=2347 comm="run_init" scontext=staff_u:sysadm_r:run_init_t:s0-s15:c0.c1023 
tcontext=staff_u:sysadm_r:run_init_t:s0-s15:c0.c1023 tclass=process
type=SYSCALL msg=audit(1163512027.221:594): arch=40000003 syscall=4 
success=yes exit=43 a0=3 a1=992ffc8 a2=2b a3=48afe689 items=0 ppid=2346 
pid=2347 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=pts3 comm="run_init" exe="/usr/sbin/run_init" 
subj=staff_u:sysadm_r:run_init_t:s0-s15:c0.c1023 key=(null)
type=AVC msg=audit(1163512027.221:595): avc:  denied  { use } for  pid=2347 
comm="open_init_pty" name="3" dev=devpts ino=5 
scontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 
tcontext=staff_u:sysadm_r:sysadm_t:s0-s15:c0.c1023 tclass=fd
type=SYSCALL msg=audit(1163512027.221:595): arch=40000003 syscall=11 
success=yes exit=0 a0=80491ad a1=bf9f3cb4 a2=bf9f3cc0 a3=bf9f3cb4 items=0 
ppid=2346 pid=2347 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=pts3 comm="open_init_pty" exe="/usr/sbin/open_init_pty" 
subj=system_u:system_r:initrc_t:s0-s15:c0.c1023 key=(null)
type=AVC_PATH msg=audit(1163512027.221:595):  path="/dev/pts/3"


Regards,
-- 
Eduardo M. Fleury
IBM Linux Technology Center Brazil
Mobile: +55-19-81224410
email: fleury at br.ibm.com

More information about the redhat-lspp mailing list