New AVCs from Rawhide...

Tom London <selinux@xxxxxxxxxxx> · Thu, 05 Aug 2004 08:13:01 -0700

Running strict/enforcing, and running
Rawhide (selinux-policy-strict-1.15.11-1 and kernel-2.6.7-1.509),
some new AVCs logged.  [Sorry if I'm 'amid updates']

tom

First, early in boot sequence:

Aug  5 06:58:02 fedora autofs: automount startup succeeded

Aug  5 06:58:02 fedora kernel: SELinux: initialized (dev rootfs, type 
rootfs), uses genfs_contexts

Aug  5 06:58:02 fedora kernel: SELinux: initialized (dev sysfs, type 
sysfs), uses genfs_contexts

Aug  5 06:58:02 fedora kernel: audit(1091689038.197:0): avc:  denied  { 
read write } for  pid=1 exe=/sbin/init path=/dev/console dev=rootfs 
ino=5 scontext=system_u:system_r:init_t 
tcontext=system_u:object_r:unlabeled_t tclass=chr_file

Aug  5 06:58:02 fedora last message repeated 2 times

Aug  5 06:58:02 fedora smartd[2124]: smartd version 5.30 Copyright (C) 
2002-4 Bruce Allen

Aug  5 06:58:02 fedora kernel: audit(1091689038.318:0): avc:  denied  { 
read } for  pid=1 exe=/sbin/init path=/init dev=rootfs ino=14 
scontext=system_u:system_r:init_t tcontext=system_u:object_r:unlabeled_t 
tclass=file

then, many, many like these (approx. 64 of them):

Aug  5 06:58:02 fedora kernel: audit(1091689040.452:0): avc:  denied  { 
dac_read_search } for  pid=397 exe=/bin/bash capability=2 
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t 
tclass=capability

Aug  5 06:58:02 fedora smartd[2124]: Configuration file /etc/smartd.conf 
parsed.                                                                                

Aug  5 06:58:02 fedora kernel: audit(1091689040.452:0): avc:  denied  { 
dac_read_search } for  pid=411 exe=/bin/bash capability=2 
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t 
tclass=capability

Aug  5 06:58:02 fedora smartd[2124]: Device: /dev/hda, opened

Aug  5 06:58:02 fedora kernel: audit(1091689040.452:0): avc:  denied  { 
dac_read_search } for  pid=399 exe=/bin/bash capability=2 
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t 
tclass=capability

Aug  5 06:58:03 fedora smartd[2124]: Device: /dev/hda, found in smartd 
database.                                                                                

Aug  5 06:58:03 fedora kernel: audit(1091689040.452:0): avc:  denied  { 
dac_read_search } for  pid=391 exe=/bin/bash capability=2 
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t 
tclass=capability

Aug  5 06:58:03 fedora kernel: audit(1091689040.453:0): avc:  denied  { 
dac_read_search } for  pid=398 exe=/bin/bash capability=2 
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t 
tclass=capability

Aug  5 06:58:03 fedora kernel: audit(1091689040.453:0): avc:  denied  { 
dac_read_search } for  pid=413 exe=/bin/bash capability=2 
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t 
tclass=capability

.....

Repeat of above while bringing up USB:

Aug  5 06:58:07 fedora kernel: hub 1-0:1.0: 6 ports detected

Aug  5 06:58:07 fedora kernel: audit(1091714243.675:0): avc:  denied  { 
dac_read_search } for  pid=775 exe=/bin/bash capability=2 
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t 
tclass=capability

Aug  5 06:58:07 fedora kernel: ACPI: PCI interrupt 0000:00:03.0[A] -> 
GSI 5 (level, low) -> IRQ 5

Aug  5 06:58:07 fedora kernel: ohci_hcd 0000:00:03.0: OHCI Host Controller

Aug  5 06:58:07 fedora kernel: ohci_hcd 0000:00:03.0: irq 5, pci mem 
30848000

Aug  5 06:58:07 fedora kernel: hub 1-0:1.0: over-current change on port 3

Aug  5 06:58:07 fedora kernel: ohci_hcd 0000:00:03.0: new USB bus 
registered, assigned bus number 2

Aug  5 06:58:07 fedora kernel: hub 2-0:1.0: USB hub found

Aug  5 06:58:07 fedora kernel: hub 2-0:1.0: 2 ports detected

Aug  5 06:58:07 fedora kernel: audit(1091714244.021:0): avc:  denied  { 
dac_read_search } for  pid=809 exe=/bin/bash capability=2 
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t 
tclass=capability

Aug  5 06:58:07 fedora kernel: audit(1091714244.036:0): avc:  denied  { 
dac_read_search } for  pid=813 exe=/bin/bash capability=2 
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t 
tclass=capability

Aug  5 06:58:07 fedora kernel: ACPI: PCI interrupt 0000:00:03.1[B] -> 
GSI 11 (level, low) -> IRQ 11

This one also seems new....:

Aug  5 06:58:07 fedora kernel: SELinux: initialized (dev tmpfs, type 
tmpfs), uses transition SIDs

Aug  5 06:58:07 fedora kernel: audit(1091714256.876:0): avc:  denied  { 
search } for  pid=1476 exe=/sbin/pam_console_apply name=console dev=hda2 
ino=4456494 scontext=system_u:system_r:pam_console_t 
tcontext=system_u:object_r:xdm_var_run_t tclass=dir

Finally, some like this

Aug  5 06:59:19 fedora udev[3632]: creating device node '/dev/mixer'

Aug  5 06:59:19 fedora kernel: audit(1091714359.597:0): avc:  denied  { 
dac_read_search } for  pid=3642 exe=/bin/bash capability=2 
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t 
tclass=capability

Aug  5 06:59:19 fedora kernel: audit(1091714359.607:0): avc:  denied  { 
dac_read_search } for  pid=3644 exe=/bin/bash capability=2 
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t 
tclass=capability

Aug  5 06:59:19 fedora kernel: audit(1091714359.611:0): avc:  denied  { 
read write } for  pid=3646 exe=/sbin/restorecon path=socket:[1168] 
dev=sockfs ino=1168 scontext=system_u:system_r:restorecon_t 
tcontext=system_u:system_r:udev_t tclass=unix_dgram_socket

Aug  5 06:59:19 fedora kernel: audit(1091714359.611:0): avc:  denied  { 
read write } for  pid=3646 exe=/sbin/restorecon path=socket:[1225] 
dev=sockfs ino=1225 scontext=system_u:system_r:restorecon_t 
tcontext=system_u:system_r:udev_t tclass=unix_dgram_socket

Aug  5 06:59:19 fedora kernel: audit(1091714359.614:0): avc:  denied  { 
search } for  pid=2754 exe=/usr/bin/dbus-daemon-1 name=console dev=hda2 
ino=4456494 scontext=system_u:system_r:dbusd_t 
tcontext=system_u:object_r:xdm_var_run_t tclass=dir