rpc.statd, ntpdate/ntpd avcs..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Running targeted/enforcing, latest rawhide.

Noticed the following in /var/log/audit/audit.log:


type=AVC msg=audit(1151339261.011:8): avc:  denied  { send } for
pid=2087 comm="rpc.statd" saddr=127.0.0.1 src=32770 daddr=127.0.0.1
dest=111 netif=lo scontext=system_u:system_r:rpcd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
type=SYSCALL msg=audit(1151339261.011:8): arch=40000003 syscall=102
success=no exit=-1 a0=b a1=bfc68f34 a2=fefff4 a3=fad8c0 items=0
ppid=2086 pid=2087 auid=4294967295 uid=29 gid=29 euid=29 suid=29
fsuid=29 egid=29 sgid=29 fsgid=29 tty=(none) comm="rpc.statd"
exe="/sbin/rpc.statd" subj=system_u:system_r:rpcd_t:s0
type=SOCKADDR msg=audit(1151339261.011:8):
saddr=0200006F7F0000010000000000000000
type=SOCKETCALL msg=audit(1151339261.011:8): nargs=6 a0=7 a1=96281f8
a2=38 a3=0 a4=9628010 a5=10
type=AVC msg=audit(1151339261.123:9): avc:  denied  { send } for
pid=2087 comm="rpc.statd" saddr=127.0.0.1 src=32770 daddr=127.0.0.1
dest=111 netif=lo scontext=system_u:system_r:rpcd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet

type=AVC msg=audit(1151339277.372:11): avc:  denied  { send } for
pid=2290 comm="ntpdate" saddr=10.10.4.52 src=32771 daddr=10.10.2.102
dest=53 netif=eth0 scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
type=SYSCALL msg=audit(1151339277.372:11): arch=40000003 syscall=102
success=no exit=-1 a0=9 a1=bfd21190 a2=3d1ff4 a3=5 items=0 ppid=2281
pid=2290 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate"
subj=system_u:system_r:ntpd_t:s0
type=SOCKETCALL msg=audit(1151339277.372:11): nargs=4 a0=4 a1=bfd214f0
a2=20 a3=4000
type=AVC msg=audit(1151339277.372:12): avc:  denied  { send } for
pid=2290 comm="ntpdate" saddr=10.10.4.52 src=32771 daddr=10.10.2.11
dest=53 netif=eth0 scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
type=SYSCALL msg=audit(1151339277.372:12): arch=40000003 syscall=102
success=no exit=-1 a0=9 a1=bfd21190 a2=3d1ff4 a3=3 items=0 ppid=2281
pid=2290 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="ntpdate" exe="/usr/sbin/ntpdate"
subj=system_u:system_r:ntpd_t:s0
type=SOCKETCALL msg=audit(1151339277.372:12): nargs=4 a0=4 a1=bfd214f0
a2=20 a3=4000
<<<< similar for ntpd >>>>>

type=SYSCALL msg=audit(1151339261.123:9): arch=40000003 syscall=102
success=no exit=-1 a0=b a1=bfc68ee4 a2=fefff4 a3=fad8c0 items=0 ppid=1
pid=2087 auid=4294967295 uid=29 gid=29 euid=29 suid=29 fsuid=29
egid=29 sgid=29 fsgid=29 tty=(none) comm="rpc.statd"
exe="/sbin/rpc.statd" subj=system_u:system_r:rpcd_t:s0
type=SOCKADDR msg=audit(1151339261.123:9):
saddr=0200006F7F0000010000000000000000
type=SOCKETCALL msg=audit(1151339261.123:9): nargs=6 a0=3 a1=9628f40
a2=38 a3=0 a4=9628d58 a5=10
type=AVC msg=audit(1151339261.163:10): avc:  denied  { send } for
pid=2087 comm="rpc.statd" saddr=127.0.0.1 src=32771 daddr=127.0.0.1
dest=111 netif=lo scontext=system_u:system_r:rpcd_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
type=SYSCALL msg=audit(1151339261.163:10): arch=40000003 syscall=102
success=no exit=-1 a0=b a1=bfc68ec0 a2=fefff4 a3=fad8c0 items=0 ppid=1
pid=2087 auid=4294967295 uid=29 gid=29 euid=29 suid=29 fsuid=29
egid=29 sgid=29 fsgid=29 tty=(none) comm="rpc.statd"
exe="/sbin/rpc.statd" subj=system_u:system_r:rpcd_t:s0
type=SOCKADDR msg=audit(1151339261.163:10):
saddr=0200006F7F0000010000000000000000
type=SOCKETCALL msg=audit(1151339261.163:10): nargs=6 a0=7 a1=962cb38
a2=38 a3=0 a4=962c950 a5=10


tom
--
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux