SE alert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The sealert below does not tell me exactly which dir
that the shell tried to access.
I have run the suggested commands (below)
but they did not do any good.
The alerts keep popping up.



SELinux is preventing /usr/bin/sh from read access on the directory .

*****  Plugin catchall (100. confidence) suggests **************************
If you believe that sh should be allowed read access on the directory by default. 
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep sa1 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_u:system_r:sysstat_t:s0-s0:c0.c1023
Target Context                system_u:object_r:admin_home_t:s0
Target Objects                 [ dir ]
Source                        sa1
Source Path                   /usr/bin/sh
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           sh-20120801-23.fc20.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-197.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 14:01:17 
                              UTC 2013 x86_64 x86_64
Alert Count                   4
First Seen                    2015-07-18 18:20:02 MDT
Last Seen                     2015-07-18 18:50:01 MDT
Local ID d59f7aa5-d595-46be-8186-412acb6133bf

Raw Audit Messages
type=AVC msg=audit(1437267001.953:644): avc: denied { read } for pid=6476 comm="sa1" name="root" dev="sda3" ino=47972353 scontext=system_u:system_r:sysstat_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1437267001.953:644): arch=x86_64 syscall=openat success=no exit=EACCES a0=ffffffffffffff9c a1=4fcb93 a2=80800 a3=0 items=0 ppid=6474 pid=6476 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=22 tty=(none) comm=sa1 exe=/usr/bin/sh subj=system_u:system_r:sysstat_t:s0-s0:c0.c1023 key=(null) 

Hash: sa1,sysstat_t,admin_home_t,dir,read

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux