Re: another selinux issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Valent Turkovic wrote:
> On Tue, Feb 12, 2008 at 3:52 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>>  Hash: SHA1
>>
>>  Valent Turkovic wrote:
>>
>>> On Feb 9, 2008 6:36 PM, Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> wrote:
>>  >> Valent Turkovic wrote:
>>  >>
>>  >>> Ok, so my system is still protected but I can't see the issues what
>>  >>> happen becuase sel troubleshooter service crashes?
>>  >>> To be honesti I prefer it this way :)
>>  >> You can still see the issues in the logs. SELinux troubleshooter parses
>>  >> the AVC denied messages from the logs that are usually cryptic and
>>  >> attempts to convert them into a language that end users can more easily
>>  >> understand while attempting to also provide suggestions on actions to
>>  >> take. If you don't want that, you might as well as just remove the package.
>>  >>
>>  >>
>>  >> Rahul
>>  >
>>  > I was joking a bit :) I like selinux-troubleshooter features.
>>  >
>>  > I was thinking of danger googles from Hitchikers guide to galaxy which
>>  > in case od danger close their lids so you can't see the danges and are
>>  > there for protected from it :) I draw a paralel to sel trobleshooter
>>  > crashing :)
>>  >
>>  > Valent.
>>  >
>>
>>  grep setroubleshoot /var/log/audit/audit.log
>>
>>  The setroubleshooter has nothing to do with SELinux protections.  It job
>>  is to watch for SELinux errors (avc's in /var/log/audit/audit.log), and
>>  then to try to translate them into actions that the user can execute.
>>
>>  The problem is if it sees an AVC about itself, it can try to act on it,
>>  which might generate an AVC on itself, which it can act on, which might
>>  generate and AVC on itself ...
>>
>>  So we have it commit suicide when it sees avc's on itself.
>>
>>
>>
>>  -----BEGIN PGP SIGNATURE-----
>>  Version: GnuPG v1.4.8 (GNU/Linux)
>>  Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>>
>>  iEYEARECAAYFAkexssgACgkQrlYvE4MpobNrgACgpdr7Bjll9OhfkOLK0IbYdgiK
>>  /BcAnj14frbBSAbCeQleBVUuo+s0k497
>>  =Wv0t
>>  -----END PGP SIGNATURE-----
>>
>>
>>
>>  --
>>  fedora-list mailing list
>>  fedora-list@xxxxxxxxxx
>>  To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>
> 
> # grep setroubleshoot /var/log/audit/audit.log
> type=AVC msg=audit(1201571149.355:42): avc:  denied  { getattr } for
> pid=2274 comm="setroubleshootd"
> name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2"
> dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> type=SYSCALL msg=audit(1201571149.355:42): arch=40000003 syscall=229
> success=yes exit=33 a0=97802b4 a1=ae3723 a2=96b8730 a3=ff items=0
> ppid=1 pid=2274 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1201684153.540:51): avc:  denied  { getattr } for
> pid=2154 comm="setroubleshootd"
> name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2"
> dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> type=SYSCALL msg=audit(1201684153.540:51): arch=40000003 syscall=229
> success=yes exit=33 a0=953a2b4 a1=ae3723 a2=9478498 a3=ff items=0
> ppid=1 pid=2154 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1201769937.821:56): avc:  denied  { getattr } for
> pid=2171 comm="setroubleshootd"
> name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2"
> dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> type=SYSCALL msg=audit(1201769937.821:56): arch=40000003 syscall=229
> success=yes exit=33 a0=9dce2b4 a1=ae3723 a2=9d052f0 a3=ff items=0
> ppid=1 pid=2171 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1201950125.291:41): avc:  denied  { getattr } for
> pid=2155 comm="setroubleshootd"
> name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2"
> dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> type=SYSCALL msg=audit(1201950125.291:41): arch=40000003 syscall=229
> success=yes exit=33 a0=9b3f2b4 a1=ae3723 a2=99e4d18 a3=ff items=0
> ppid=1 pid=2155 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202037784.731:45): avc:  denied  { getattr } for
> pid=2241 comm="setroubleshootd"
> name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2"
> dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> type=SYSCALL msg=audit(1202037784.731:45): arch=40000003 syscall=229
> success=yes exit=33 a0=a3012b4 a1=ae3723 a2=a2332b8 a3=ff items=0
> ppid=1 pid=2241 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202147108.451:56): avc:  denied  { getattr } for
> pid=3725 comm="setroubleshootd"
> name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2"
> dev=sda6 ino=608020
> scontext=unconfined_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> type=SYSCALL msg=audit(1202147108.451:56): arch=40000003 syscall=229
> success=yes exit=33 a0=8ad22b4 a1=ae3723 a2=8a10a60 a3=ff items=0
> ppid=1 pid=3725 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python"
> subj=unconfined_u:system_r:setroubleshootd_t:s0 key=(null)
> type=AVC msg=audit(1202232271.895:45): avc:  denied  { read } for
> pid=2089 comm="setroubleshootd" name="depcomp" dev=sda12 ino=367
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1202232271.895:45): arch=40000003 syscall=229
> success=yes exit=27 a0=88d18f4 a1=ae3723 a2=87ec208 a3=ff items=0
> ppid=1 pid=2089 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202232271.932:46): avc:  denied  { getattr } for
> pid=2089 comm="setroubleshootd"
> path=2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70
> dev=sda12 ino=367 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1202232271.932:46): arch=40000003 syscall=196
> success=yes exit=0 a0=87c5548 a1=b7a79748 a2=d33ff4 a3=873bbd0 items=0
> ppid=1 pid=2089 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202342788.922:91): avc:  denied  { read } for
> pid=2106 comm="setroubleshootd" name="depcomp" dev=sda12 ino=367
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1202342788.922:91): arch=40000003 syscall=229
> success=yes exit=27 a0=946b8f4 a1=ae3723 a2=937b5e8 a3=ff items=0
> ppid=1 pid=2106 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202342788.937:92): avc:  denied  { getattr } for
> pid=2106 comm="setroubleshootd"
> path=2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70
> dev=sda12 ino=367 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1202342788.937:92): arch=40000003 syscall=196
> success=yes exit=0 a0=92e01f0 a1=b79de748 a2=d33ff4 a3=92d5bd0 items=0
> ppid=1 pid=2106 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202378035.603:44): avc:  denied  { getattr } for
> pid=2177 comm="setroubleshootd"
> name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2"
> dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> type=SYSCALL msg=audit(1202378035.603:44): arch=40000003 syscall=229
> success=yes exit=33 a0=a01b2b4 a1=ae3723 a2=9f4d2b8 a3=ff items=0
> ppid=1 pid=2177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202462227.385:51): avc:  denied  { read } for
> pid=2195 comm="setroubleshootd" name="depcomp" dev=sda12 ino=367
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1202462227.385:51): arch=40000003 syscall=229
> success=yes exit=27 a0=b7a46974 a1=ae3723 a2=b650c270 a3=ff items=0
> ppid=1 pid=2195 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202462227.439:52): avc:  denied  { getattr } for
> pid=2195 comm="setroubleshootd"
> path=2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70
> dev=sda12 ino=367 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1202462227.439:52): arch=40000003 syscall=196
> success=yes exit=0 a0=b6505120 a1=b7a1d748 a2=d33ff4 a3=9e6d360
> items=0 ppid=1 pid=2195 auid=4294967295 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202556462.177:81): avc:  denied  { getattr } for
> pid=2127 comm="setroubleshootd"
> name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2"
> dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> type=SYSCALL msg=audit(1202556462.177:81): arch=40000003 syscall=229
> success=yes exit=33 a0=b7a06cb4 a1=ae3723 a2=95475a8 a3=ff items=0
> ppid=1 pid=2127 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202721977.249:48): avc:  denied  { read } for
> pid=2110 comm="setroubleshootd" name="depcomp" dev=sda12 ino=367
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1202721977.249:48): arch=40000003 syscall=229
> success=yes exit=27 a0=8ac9974 a1=ae3723 a2=8b179d0 a3=ff items=0
> ppid=1 pid=2110 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202721977.303:49): avc:  denied  { getattr } for
> pid=2110 comm="setroubleshootd"
> path=2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70
> dev=sda12 ino=367 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1202721977.303:49): arch=40000003 syscall=196
> success=yes exit=0 a0=8afb840 a1=b7a53748 a2=d33ff4 a3=8a808f0 items=0
> ppid=1 pid=2110 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202809095.070:50): avc:  denied  { getattr } for
> pid=2068 comm="setroubleshootd"
> name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2"
> dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> type=SYSCALL msg=audit(1202809095.070:50): arch=40000003 syscall=229
> success=yes exit=33 a0=8d9ccb4 a1=ae3723 a2=8e97d70 a3=ff items=0
> ppid=1 pid=2068 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1202894992.290:50): avc:  denied  { getattr } for
> pid=2029 comm="setroubleshootd"
> name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2"
> dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> type=SYSCALL msg=audit(1202894992.290:50): arch=40000003 syscall=229
> success=yes exit=33 a0=9891cb4 a1=ae3723 a2=99795a0 a3=ff items=0
> ppid=1 pid=2029 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> type=AVC msg=audit(1203067253.246:63): avc:  denied  { getattr } for
> pid=2026 comm="setroubleshootd"
> name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2"
> dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> type=SYSCALL msg=audit(1203067253.246:63): arch=40000003 syscall=229
> success=yes exit=33 a0=8e34cb4 a1=ae3723 a2=8f2ff18 a3=ff items=0
> ppid=1 pid=2026 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd"
> exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0
> key=(null)
> 
> 
Ok this looks like setroubleshoot is trying to read a symbolic link on a
fusefs,  which should be allowed.  I will update rawhide.  But it is
also trying to read an unlabeled file

static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2

What file system is this file on?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAke1oAYACgkQrlYvE4MpobO2cQCeP0QFtdcnE6uN7ANTsmGFnlTp
7GIAoL6LMQJxbwbxVxB8L9i4qRaCxH1j
=mFdm
-----END PGP SIGNATURE-----

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux