Selinux warning -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm not sure what this means or how to react to it. I noticed it for the 
first time after an update a little while ago although it also refers to 
an earlier episode. This is the first time I saw it though.

Advise appreciated.

Bob


    Summary:

    SELinux is preventing /usr/sbin/abrtd (deleted) "write" access on
    /etc/abrt.

    Detailed Description:

    [abrtd has a permissive type (abrt_t). This access was not denied.]

    SELinux denied access requested by abrtd. It is not expected that
    this access is
    required by abrtd and this access may signal an intrusion attempt.
    It is also
    possible that the specific version or configuration of the
    application is
    causing it to require additional access.

    Allowing Access:

    You can generate a local policy module to allow this access - see FAQ
    (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please
    file a bug
    report.

    Additional Information:

    Source Context                system_u:system_r:abrt_t:s0-s0:c0.c1023
    Target Context                system_u:object_r:abrt_etc_t:s0
    Target Objects                /etc/abrt [ dir ]
    Source                        abrtd
    Source Path                   /usr/sbin/abrtd (deleted)
    Port <Unknown>
    Host                          box6
    Source RPM Packages
    Target RPM Packages           abrt-1.0.3-1.fc12
    Policy RPM                    selinux-policy-3.6.32-66.fc12
    Selinux Enabled               True
    Policy Type                   targeted
    Enforcing Mode                Enforcing
    Plugin Name                   catchall
    Host Name                     box6
    Platform                      Linux box6 2.6.31.9-174.fc12.x86_64 #1
    SMP Mon Dec
                                   21 05:33:33 UTC 2009 x86_64 x86_64
    Alert Count                   3
    First Seen                    Wed 13 Jan 2010 10:04:23 AM EST
    Last Seen                     Wed 13 Jan 2010 10:04:23 AM EST
    Local ID                      5b2d146c-4a5b-4d4b-bd2b-17df8e2837a5
    Line Numbers

    Raw Audit Messages

    node=box6 type=AVC msg=audit(1263395063.649:71): avc:  denied  {
    write } for  pid=1458 comm="abrtd" name="abrt" dev=dm-2 ino=24239
    scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023
    tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir

    node=box6 type=AVC msg=audit(1263395063.649:71): avc:  denied  {
    add_name } for  pid=1458 comm="abrtd" name="pyhook.conf"
    scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023
    tcontext=system_u:object_r:abrt_etc_t:s0 tclass=dir

    node=box6 type=AVC msg=audit(1263395063.649:71): avc:  denied  {
    create } for  pid=1458 comm="abrtd" name="pyhook.conf"
    scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023
    tcontext=system_u:object_r:abrt_etc_t:s0 tclass=file

    node=box6 type=SYSCALL msg=audit(1263395063.649:71): arch=c000003e
    syscall=2 success=yes exit=9 a0=7f7549437625 a1=241 a2=1b6 a3=0
    items=0 ppid=1 pid=1458 auid=4294967295 uid=0 gid=0 euid=0 suid=0
    fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="abrtd"
    exe=2F7573722F7362696E2F6162727464202864656C6574656429
    subj=system_u:system_r:abrt_t:s0-s0:c0.c1023 key=(null)




    .

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux