AVCs from pup(let) on kernel package installs

"Tom London" <selinux@xxxxxxxxx> · Wed, 11 Oct 2006 06:40:10 -0700

Running yesterday's rawhide, targeted/permissive.

Installing today's rawhide updates using the pup system tray icon
(e.g., selecting 'Apply updates' from the icon):

[root@localhost ~]# audit2allow -i log
allow bootloader_t xdm_t:fifo_file { getattr write };
allow depmod_t xdm_t:fifo_file write;
allow lvm_t xdm_t:fifo_file write;
[root@localhost ~]#

Appears to be a problem (missing transition?) when installing kernel
packages. In today's updates, I updated kernel, kernel-PAE and
kernel-xen packages and got the following.  I tried to associate the
AVC's with the packages (not 100% sure on the associations):

kernel:
type=AVC msg=audit(1160573358.763:32): avc:  denied  { write } for
pid=3714 comm="depmod" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:depmod_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573358.763:32): arch=40000003 syscall=11
success=yes exit=0 a0=9d1c318 a1=9d0e4d8 a2=9d11ce0 a3=9d1c648 items=0
ppid=3706 pid=3714 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="depmod" exe="/sbin/depmod"
subj=system_u:system_r:depmod_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573358.763:32):  path="pipe:[12557]"
type=AVC msg=audit(1160573359.115:33): avc:  denied  { write } for
pid=3715 comm="mkinitrd" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573359.115:33): arch=40000003 syscall=11
success=yes exit=0 a0=9d1be40 a1=9d0e4d8 a2=9d11ce0 a3=9d1c358 items=0
ppid=3706 pid=3715 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="mkinitrd" exe="/bin/bash"
subj=system_u:system_r:bootloader_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573359.115:33):  path="pipe:[12557]"
type=AVC msg=audit(1160573359.159:34): avc:  denied  { getattr } for
pid=3722 comm="awk" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573359.159:34): arch=40000003 syscall=197
success=yes exit=0 a0=2 a1=bf999684 a2=4765cff4 a3=bf999684 items=0
ppid=3720 pid=3722 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="awk" exe="/bin/gawk"
subj=system_u:system_r:bootloader_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573359.159:34):  path="pipe:[12557]"
type=AVC msg=audit(1160573362.655:35): avc:  denied  { write } for
pid=4181 comm="dmsetup" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:lvm_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573362.655:35): arch=40000003 syscall=11
success=yes exit=0 a0=870f468 a1=873e160 a2=8736d88 a3=873dec8 items=0
ppid=4180 pid=4181 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="dmsetup" exe="/sbin/dmsetup"
subj=system_u:system_r:lvm_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573362.655:35):  path="pipe:[12557]"

kernel-PAE
type=AVC msg=audit(1160573388.537:36): avc:  denied  { getattr } for
pid=5609 comm="awk" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573388.537:36): arch=40000003 syscall=197
success=yes exit=0 a0=2 a1=bff0dc04 a2=4765cff4 a3=bff0dc04 items=0
ppid=5606 pid=5609 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="awk" exe="/bin/gawk"
subj=system_u:system_r:bootloader_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573388.537:36):  path="pipe:[12557]"
type=AVC msg=audit(1160573389.721:37): avc:  denied  { write } for
pid=5905 comm="dmsetup" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:lvm_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573389.721:37): arch=40000003 syscall=11
success=yes exit=0 a0=8c961c0 a1=8ca0818 a2=8c97da0 a3=8c6bae0 items=0
ppid=5904 pid=5905 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="dmsetup" exe="/sbin/dmsetup"
subj=system_u:system_r:lvm_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573389.721:37):  path="pipe:[12557]"

kernel-xen
type=AVC msg=audit(1160573388.537:36): avc:  denied  { getattr } for
pid=5609 comm="awk" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573388.537:36): arch=40000003 syscall=197
success=yes exit=0 a0=2 a1=bff0dc04 a2=4765cff4 a3=bff0dc04 items=0
ppid=5606 pid=5609 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="awk" exe="/bin/gawk"
subj=system_u:system_r:bootloader_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573388.537:36):  path="pipe:[12557]"
type=AVC msg=audit(1160573389.721:37): avc:  denied  { write } for
pid=5905 comm="dmsetup" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:lvm_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573389.721:37): arch=40000003 syscall=11
success=yes exit=0 a0=8c961c0 a1=8ca0818 a2=8c97da0 a3=8c6bae0 items=0
ppid=5904 pid=5905 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="dmsetup" exe="/sbin/dmsetup"
subj=system_u:system_r:lvm_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573389.721:37):  path="pipe:[12557]"
type=AVC msg=audit(1160573445.578:38): avc:  denied  { write } for
pid=7354 comm="depmod" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:depmod_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573445.578:38): arch=40000003 syscall=11
success=yes exit=0 a0=842e460 a1=84204d8 a2=8423d78 a3=842e6c8 items=0
ppid=7341 pid=7354 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="depmod" exe="/sbin/depmod"
subj=system_u:system_r:depmod_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573445.578:38):  path="pipe:[12557]"
type=AVC msg=audit(1160573445.854:39): avc:  denied  { write } for
pid=7355 comm="mkinitrd" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573445.854:39): arch=40000003 syscall=11
success=yes exit=0 a0=842dfb0 a1=84204d8 a2=8423d78 a3=842e2f0 items=0
ppid=7341 pid=7355 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="mkinitrd" exe="/bin/bash"
subj=system_u:system_r:bootloader_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573445.854:39):  path="pipe:[12557]"
type=AVC msg=audit(1160573449.574:40): avc:  denied  { getattr } for
pid=7523 comm="awk" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573449.574:40): arch=40000003 syscall=197
success=yes exit=0 a0=2 a1=bfd34a34 a2=4765cff4 a3=bfd34a34 items=0
ppid=7520 pid=7523 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="awk" exe="/bin/gawk"
subj=system_u:system_r:bootloader_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573449.574:40):  path="pipe:[12557]"
type=AVC msg=audit(1160573450.622:41): avc:  denied  { write } for
pid=7819 comm="dmsetup" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:lvm_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573450.622:41): arch=40000003 syscall=11
success=yes exit=0 a0=9f6d1c0 a1=9f77818 a2=9f6eda0 a3=9f42ae0 items=0
ppid=7818 pid=7819 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="dmsetup" exe="/sbin/dmsetup"
subj=system_u:system_r:lvm_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573450.622:41):  path="pipe:[12557]"

couldn't tell which one:
type=AVC msg=audit(1160573388.537:36): avc:  denied  { getattr } for
pid=5609 comm="awk" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573388.537:36): arch=40000003 syscall=197
success=yes exit=0 a0=2 a1=bff0dc04 a2=4765cff4 a3=bff0dc04 items=0
ppid=5606 pid=5609 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="awk" exe="/bin/gawk"
subj=system_u:system_r:bootloader_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573388.537:36):  path="pipe:[12557]"
type=AVC msg=audit(1160573389.721:37): avc:  denied  { write } for
pid=5905 comm="dmsetup" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:lvm_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573389.721:37): arch=40000003 syscall=11
success=yes exit=0 a0=8c961c0 a1=8ca0818 a2=8c97da0 a3=8c6bae0 items=0
ppid=5904 pid=5905 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="dmsetup" exe="/sbin/dmsetup"
subj=system_u:system_r:lvm_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573389.721:37):  path="pipe:[12557]"
type=AVC msg=audit(1160573445.578:38): avc:  denied  { write } for
pid=7354 comm="depmod" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:depmod_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573445.578:38): arch=40000003 syscall=11
success=yes exit=0 a0=842e460 a1=84204d8 a2=8423d78 a3=842e6c8 items=0
ppid=7341 pid=7354 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="depmod" exe="/sbin/depmod"
subj=system_u:system_r:depmod_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573445.578:38):  path="pipe:[12557]"
type=AVC msg=audit(1160573445.854:39): avc:  denied  { write } for
pid=7355 comm="mkinitrd" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573445.854:39): arch=40000003 syscall=11
success=yes exit=0 a0=842dfb0 a1=84204d8 a2=8423d78 a3=842e2f0 items=0
ppid=7341 pid=7355 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="mkinitrd" exe="/bin/bash"
subj=system_u:system_r:bootloader_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573445.854:39):  path="pipe:[12557]"
type=AVC msg=audit(1160573449.574:40): avc:  denied  { getattr } for
pid=7523 comm="awk" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:bootloader_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573449.574:40): arch=40000003 syscall=197
success=yes exit=0 a0=2 a1=bfd34a34 a2=4765cff4 a3=bfd34a34 items=0
ppid=7520 pid=7523 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="awk" exe="/bin/gawk"
subj=system_u:system_r:bootloader_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573449.574:40):  path="pipe:[12557]"
type=AVC msg=audit(1160573450.622:41): avc:  denied  { write } for
pid=7819 comm="dmsetup" name="[12557]" dev=pipefs ino=12557
scontext=system_u:system_r:lvm_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=fifo_file
type=SYSCALL msg=audit(1160573450.622:41): arch=40000003 syscall=11
success=yes exit=0 a0=9f6d1c0 a1=9f77818 a2=9f6eda0 a3=9f42ae0 items=0
ppid=7818 pid=7819 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="dmsetup" exe="/sbin/dmsetup"
subj=system_u:system_r:lvm_t:s0 key=(null)
type=AVC_PATH msg=audit(1160573450.622:41):  path="pipe:[12557]"

tom
--
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list