Re: SE alert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/18/2015 07:10 PM, Ed Greshko wrote:

On 07/19/15 09:00, jd1008 wrote:

The sealert below does not tell me exactly which dir
that the shell tried to access.
I have run the suggested commands (below)
but they did not do any good.
The alerts keep popping up.



SELinux is preventing /usr/bin/sh from read access on the directory .

*****  Plugin catchall (100. confidence) suggests **************************

If you believe that sh should be allowed read access on the directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep sa1 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_u:system_r:sysstat_t:s0-s0:c0.c1023
Target Context                system_u:object_r:admin_home_t:s0
Target Objects                 [ dir ]
Source                        sa1
Source Path                   /usr/bin/sh
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           sh-20120801-23.fc20.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-197.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                               3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 14:01:17
                               UTC 2013 x86_64 x86_64
Alert Count                   4
First Seen                    2015-07-18 18:20:02 MDT
Last Seen                     2015-07-18 18:50:01 MDT
Local ID d59f7aa5-d595-46be-8186-412acb6133bf

Raw Audit Messages
type=AVC msg=audit(1437267001.953:644): avc:  denied  { read } for  pid=6476 comm="sa1" name="root" dev="sda3" ino=47972353 scontext=system_u:system_r:sysstat_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir

sudo debugfs -R 'ncheck 47972353' /dev/sda3 2>/dev/null

Should tell you the file being accessed along with the path.


Also, /dev/sda3 has no dir named root:

$ ls /sda3/root
/bin/ls: cannot access /sda3/root: No such file or directory

--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux