Re: SELinux Attack!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2007-10-13 at 09:42 -0600, Karl Larsen wrote:
> Matthew Saltzman wrote:
> > On Sat, 2007-10-13 at 06:41 -0600, Karl Larsen wrote:
> >   
> >> Vinayak Mahadevan wrote:
> >>     
> >>> On 10/13/07, Karl Larsen <k5di@xxxxxxxxxx> wrote:
> >>>   
> >>>       
> >>>>>       
> >>>>>           
> >>>>     I have had all those problems in the past years. But this problem
> >>>> yesterday was in fact caused by SELinux. I say that because different
> >>>> from your experience when I turned off SELinux all the problems went away.
> >>>>     
> >>>>         
> >>> let the machine  run for some days and then let us know your
> >>> experience with the machine.
> >>>
> >>> Vinayak
> >>>
> >>>   
> >>>       
> >>     So far so good. But I would like to know why SELinux did this. And 
> >> what do I need to do to to make SELinux work on this machine? There seem 
> >> to be others that use it and it works without a problem.
> >>     
> >
> > Karl-
> >
> > As I recall, you said earlier in the thread that you had disabled
> > SELinux for a while when you were experimenting with spinning a custom
> > distribution.  
> >
> > SELinux checks the contexts of files (their SELinux security
> > information) to see if programs are violating their restrictions, but it
> > also updates the contexts when files are created and updated.  If you
> > turn SELinux off, file contexts stop getting updated.  When you turn it
> > back on, the files may suddenly not have contexts that allow their
> > applications to access them.  You'll see the things going wrong
> > in /var/log/messages (grep for AVC and look for "denied" messages) or
> > you'll get that star icon in your notification area when a program.  And
> > of course, the programs that use incorrectly labeled files will not
> > work.
> >
> > You also said at some point that you followed instructions to relabel
> > your filesystem and things started to work.  That is exactly the
> > solution to the problems introduced by turning SELinux off.  So if you
> > turn SELinux back on and relabel one more time, you should be OK after
> > that (as long as you leave SELinux on).
> >
> > Most people don't see (too many) SELinux problems because most people
> > don't ever turn it off.  So it maintains itself.
> >
> >   
> >>
> >>     
>     Well I did get a whole lot of messages like this, every ten seconds 
> or so:
> 
> Oct 11 02:31:08 k5di dbus: Can't send to audit system: USER_AVC avc:  
> received policyload notice (seqno=2) : exe="/bin/dbus-daemon" 
> (sauid=500, hostname=?, addr=?, terminal=?)
> 
> I'm not sure what this means but it seems to mean that /bin/dbus-daemon 
> has a problem with my hostname ect.
> 
> I looked at man dbus-daemon and it is a library that any device can 
> access. It appears it doesn't have what SELinux wants. How do I fix this 
> I wonder?

I found a couple of references to that message by googling.  They seem
to suggest a bug related to dbus.

I have a handful of these in my logs from the last few weeks, but they
aren't frequent and they seem otherwise harmless.  If you are getting
lots and lots, that may be an issue, but it may just be an artifact of
some other problem.

http://www.redhat.com/archives/fedora-selinux-list/2007-June/msg00103.html

-- 
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux