Today's avcs....(readahead, hald)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Running today's rawhide(selinux-policy-targeted-2.1.7-3),
targeted/enforcing, got some avcs in messages and audit.log.

I rebooted in permissive mode and:

Get this in /var/log/messages (before auditd starts, I guess):
----
type=PATH msg=audit(01/07/2006 11:44:46.028:12) : item=0 name=/media/
flags=follow,directory,open inode=2289281 dev=fd:00 mode=dir,755
ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/07/2006 11:44:46.028:12) :  cwd=/
type=SYSCALL msg=audit(01/07/2006 11:44:46.028:12) : arch=i386
syscall=open success=yes exit=3 a0=9233228 a1=18800 a2=261158
a3=92331e8 items=1 pid=2532 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=hal-system-stor exe=/bin/bash
type=AVC msg=audit(01/07/2006 11:44:46.028:12) : avc:  denied  { read
} for  pid=2532 comm=hal-system-stor name=media dev=dm-0 ino=2289281
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
----
type=PATH msg=audit(01/07/2006 11:44:50.152:13) : item=0 name=/boot
flags=follow inode=2 dev=03:02 mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/07/2006 11:44:50.152:13) :  cwd=/
type=AVC_PATH msg=audit(01/07/2006 11:44:50.152:13) :  path=/boot
type=SYSCALL msg=audit(01/07/2006 11:44:50.152:13) : arch=i386
syscall=stat64 success=yes exit=0 a0=bfd80ede a1=bfd80e5c a2=359ff4
a3=303 items=1 pid=2527 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/07/2006 11:44:50.152:13) : avc:  denied  {
getattr } for pid=2527 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
type=PATH msg=audit(01/07/2006 11:44:50.152:14) : item=0
name=/proc/sys/fs/binfmt_misc flags=follow inode=4808 dev=00:13
mode=dir,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/07/2006 11:44:50.152:14) :  cwd=/
type=SYSCALL msg=audit(01/07/2006 11:44:50.152:14) : arch=i386
syscall=stat64 success=yes exit=0 a0=bfd80ed9 a1=bfd80e5c a2=359ff4
a3=303 items=1 pid=2527 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/07/2006 11:44:50.152:14) : avc:  denied  {
search } for  pid=2527 comm=hald name=fs dev=proc ino=-268435429
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
----
type=PATH msg=audit(01/07/2006 11:44:50.152:15) : item=0
name=/var/lib/nfs/rpc_pipefs flags=follow inode=5930 dev=00:14
mode=dir,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/07/2006 11:44:50.152:15) :  cwd=/
type=SYSCALL msg=audit(01/07/2006 11:44:50.152:15) : arch=i386
syscall=stat64 success=yes exit=0 a0=bfd80edb a1=bfd80e5c a2=359ff4
a3=303 items=1 pid=2527 auid=unknown(4294967295) uid=root gid=root
euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/07/2006 11:44:50.152:15) : avc:  denied  {
search } for  pid=2527 comm=hald name=nfs dev=dm-0 ino=2142222
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=dir
----
type=PATH msg=audit(01/07/2006 11:45:00.837:17) : item=0
name=/var/lib/nfs/rpc_pipefs flags=follow inode=5930 dev=00:14
mode=dir,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/07/2006 11:45:00.837:17) :  cwd=/
type=SYSCALL msg=audit(01/07/2006 11:45:00.837:17) : arch=i386
syscall=stat64 success=yes exit=0 a0=bfd8105b a1=bfd80fdc a2=359ff4
a3=bfd8105e items=1 pid=2527 auid=unknown(4294967295) uid=root
gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/07/2006 11:45:00.837:17) : avc:  denied  {
search } for  pid=2527 comm=hald name=nfs dev=dm-0 ino=2142222
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=dir
----
type=PATH msg=audit(01/07/2006 11:45:40.036:25) : item=1
flags=follow,open inode=327257 dev=fd:00 mode=file,755 ouid=root
ogid=root rdev=00:00
type=PATH msg=audit(01/07/2006 11:45:40.036:25) : item=0
name=/usr/bin/skype flags=follow,open inode=145693 dev=fd:00
mode=file,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/07/2006 11:45:40.036:25) :  cwd=/home/tbl
type=SYSCALL msg=audit(01/07/2006 11:45:40.036:25) : arch=i386
syscall=execve success=yes exit=0 a0=9126db0 a1=bffa9740 a2=9114078
a3=0 items=2 pid=2857 auid=unknown(4294967295) uid=tbl gid=tbl
euid=tbl suid=tbl fsuid=tbl egid=tbl sgid=tbl fsgid=tbl comm=skype
exe=/usr/bin/skype
type=AVC msg=audit(01/07/2006 11:45:40.036:25) : avc:  granted  {
execmem } for  pid=2857 comm=skype
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
type=AVC msg=audit(01/07/2006 11:45:40.036:25) : avc:  granted  {
execmem } for  pid=2857 comm=skype
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process
----
type=PATH msg=audit(01/07/2006 11:45:41.792:26) : item=0
name=/media/disk flags=parent inode=2289281 dev=fd:00 mode=dir,755
ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/07/2006 11:45:41.792:26) :  cwd=/
type=SYSCALL msg=audit(01/07/2006 11:45:41.792:26) : arch=i386
syscall=mkdir success=yes exit=0 a0=bfa31919 a1=1ff a2=804e1b8
a3=bfa31919 items=1 pid=2871 auid=unknown(4294967295) uid=root
gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root
comm=mkdir exe=/bin/mkdir
type=AVC msg=audit(01/07/2006 11:45:41.792:26) : avc:  denied  {
create } for  pid=2871 comm=mkdir name=disk
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
type=AVC msg=audit(01/07/2006 11:45:41.792:26) : avc:  denied  {
add_name } for  pid=2871 comm=mkdir name=disk
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
type=AVC msg=audit(01/07/2006 11:45:41.792:26) : avc:  denied  { write
} for  pid=2871 comm=mkdir name=media dev=dm-0 ino=2289281
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
----
type=PATH msg=audit(01/07/2006 11:45:41.868:27) : item=0
name=/media/disk/.created-by-hal flags=parent,open,create
inode=2289299 dev=fd:00 mode=dir,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/07/2006 11:45:41.868:27) :  cwd=/
type=SYSCALL msg=audit(01/07/2006 11:45:41.868:27) : arch=i386
syscall=open success=yes exit=0 a0=bff77909 a1=8941 a2=1b6 a3=8941
items=1 pid=2872 auid=unknown(4294967295) uid=root gid=root euid=root
suid=root fsuid=root egid=root sgid=root fsgid=root comm=touch
exe=/bin/touch
type=AVC msg=audit(01/07/2006 11:45:41.868:27) : avc:  denied  {
create } for  pid=2872 comm=touch name=.created-by-hal
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/07/2006 11:45:41.868:28) : item=0
name=/proc/self/fd/0 flags=follow inode=2289300 dev=fd:00
mode=file,644 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/07/2006 11:45:41.868:28) :  cwd=/
type=SYSCALL msg=audit(01/07/2006 11:45:41.868:28) : arch=i386
syscall=utimes success=yes exit=0 a0=bff772c0 a1=0 a2=8ecff4 a3=0
items=1 pid=2872 auid=unknown(4294967295) uid=root gid=root euid=root
suid=root fsuid=root egid=root sgid=root fsgid=root comm=touch
exe=/bin/touch
type=AVC msg=audit(01/07/2006 11:45:41.868:28) : avc:  denied  { write
} for  pid=2872 comm=touch name=.created-by-hal dev=dm-0 ino=2289300
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/07/2006 11:45:42.136:29) : item=0
name=/media/disk flags=parent inode=2289281 dev=fd:00 mode=dir,755
ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/07/2006 11:45:42.136:29) :  cwd=/
type=SYSCALL msg=audit(01/07/2006 11:45:42.136:29) : arch=i386
syscall=rmdir success=no exit=-39(Directory not empty) a0=bffe1919
a1=0 a2=804c80c a3=bffe1919 items=1 pid=2877 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=rmdir exe=/bin/rmdir
type=AVC msg=audit(01/07/2006 11:45:42.136:29) : avc:  denied  { rmdir
} for  pid=2877 comm=rmdir name=disk dev=dm-0 ino=2289299
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
type=AVC msg=audit(01/07/2006 11:45:42.136:29) : avc:  denied  {
remove_name } for  pid=2877 comm=rmdir name=disk dev=dm-0 ino=2289299
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
----
type=SYSCALL msg=audit(01/07/2006 11:45:46.992:30) : arch=i386
syscall=mprotect success=yes exit=0 a0=bfcd5000 a1=1000 a2=1000007
a3=fffff000 items=0 pid=2862 auid=unknown(4294967295) uid=tbl gid=tbl
euid=tbl suid=tbl fsuid=tbl egid=tbl sgid=tbl fsgid=tbl comm=gaim
exe=/usr/bin/gaim
type=AVC msg=audit(01/07/2006 11:45:46.992:30) : avc:  granted  {
execmem } for  pid=2862 comm=gaim
scontext=user_u:system_r:unconfined_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=process

tom
--
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux