Re: denied avc's for hald, hpiod and mplayer plugin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


--- Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:

> Antonio Olivares wrote:
> > SELinux: initialized (dev autofs, type autofs),
> uses genfs_contexts
> > SELinux: initialized (dev autofs, type autofs),
> uses genfs_contexts
> > audit(1161244617.541:4): avc:  denied  { name_bind
> } for  pid=2074 comm="hpiod" src=2208
> scontext=system_u:system_r:hplip_t:s0
> tcontext=system_u:object_r:port_t:s0
> tclass=tcp_socket
> > eth0: no IPv6 routers present
> > audit(1161244622.801:5): avc:  denied  { search }
> for  pid=2232 comm="hald" name="irq" dev=proc
> ino=-268435212 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:sysctl_irq_t:s0
> tclass=dir
> > audit(1161244622.801:6): avc:  denied  { search }
> for  pid=2232 comm="hald" name="irq" dev=proc
> ino=-268435212 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:sysctl_irq_t:s0
> tclass=dir
> > audit(1161244622.801:7): avc:  denied  { search }
> for  pid=2232 comm="hald" name="irq" dev=proc
> ino=-268435212 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:sysctl_irq_t:s0
> tclass=dir
> > audit(1161244622.801:8): avc:  denied  { search }
> for  pid=2232 comm="hald" name="irq" dev=proc
> ino=-268435212 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:sysctl_irq_t:s0
> tclass=dir
> > audit(1161244622.801:9): avc:  denied  { search }
> for  pid=2232 comm="hald" name="irq" dev=proc
> ino=-268435212 scontext=system_u:system_r:hald_t:s0
> tcontext=system_u:object_r:sysctl_irq_t:s0
> tclass=dir
> > audit(1161246948.355:10): avc:  denied  { execmem
> } for  pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.355:11): avc:  denied  { execmem
> } for  pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.391:12): avc:  denied  { execmem
> } for  pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.391:13): avc:  denied  { execmem
> } for  pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.403:14): avc:  denied  { execmem
> } for  pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.403:15): avc:  denied  { execmem
> } for  pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.415:16): avc:  denied  { execmem
> } for  pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246948.415:17): avc:  denied  { execmem
> } for  pid=5945 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:18): avc:  denied  { execmem
> } for  pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:19): avc:  denied  { execmem
> } for  pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:20): avc:  denied  { execmem
> } for  pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:21): avc:  denied  { execmem
> } for  pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:22): avc:  denied  { execmem
> } for  pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:23): avc:  denied  { execmem
> } for  pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:24): avc:  denied  { execmem
> } for  pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161246981.941:25): avc:  denied  { execmem
> } for  pid=5950 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.070:26): avc:  denied  { execmem
> } for  pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.070:27): avc:  denied  { execmem
> } for  pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:28): avc:  denied  { execmem
> } for  pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:29): avc:  denied  { execmem
> } for  pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:30): avc:  denied  { execmem
> } for  pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:31): avc:  denied  { execmem
> } for  pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:32): avc:  denied  { execmem
> } for  pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247003.074:33): avc:  denied  { execmem
> } for  pid=5953 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:34): avc:  denied  { execmem
> } for  pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:35): avc:  denied  { execmem
> } for  pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:36): avc:  denied  { execmem
> } for  pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:37): avc:  denied  { execmem
> } for  pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:38): avc:  denied  { execmem
> } for  pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:39): avc:  denied  { execmem
> } for  pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:40): avc:  denied  { execmem
> } for  pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> > audit(1161247021.299:41): avc:  denied  { execmem
> } for  pid=5956 comm="mplayer"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0
> tclass=process
> >
> > I have tried audit2allow but returns the following
> 
> >
> > [olivares@localhost ~]$ grep avc
> /var/log/audit/audit.log 
=== message truncated ===

Thanks for helping.  Now mplayer plugin works!!

[root@localhost ~]# chcon -t unconfined_execmem_exec_t
MPLAYERBINARY
chcon: MPLAYERBINARY: No such file or directory
[root@localhost ~]# ls -lZ /usr/bin/mplayer
ls: /usr/bin/mplayer: No such file or directory
[root@localhost ~]# which mplayer
/usr/local/bin/mplayer
[root@localhost ~]# ls -lZ /usr/local/bin/mplayer 
-rwxr-xr-x  root root system_u:object_r:bin_t         
/usr/local/bin/mplayer
[root@localhost ~]# chcon -t unconfined_execmem_exec_t
/usr/local/bin/mplayer 
[root@localhost ~]# ls -lZ /usr/local/bin/mplayer 
-rwxr-xr-x  root root
system_u:object_r:unconfined_execmem_exec_t
/usr/local/bin/mplayer

However, hald still shows up in dmesg

[olivares@localhost ~]$ dmesg
Linux version 2.6.18-1.2798.fc6
(brewbuilder@xxxxxxxxxxxxxxxxxxxxxxxxxxx) (gcc version
4.1.1 20061011 (Red Hat 4.1.1-30)) #1 SMP Mon Oct 16
14:37:32 EDT 2006
BIOS-provided physical RAM map:
 BIOS-e820: 0000000000000000 - 000000000009fc00
(usable)
 BIOS-e820: 000000000009fc00 - 00000000000a0000
(reserved)
 BIOS-e820: 00000000000e0000 - 0000000000100000
(reserved)
 BIOS-e820: 0000000000100000 - 000000001dfd0000
(usable)
 BIOS-e820: 000000001dfd0000 - 000000001dfdf000 (ACPI
data)
 BIOS-e820: 000000001dfdf000 - 000000001e000000 (ACPI
NVS)
 BIOS-e820: 00000000fec00000 - 00000000fec01000
(reserved)
 BIOS-e820: 00000000fee00000 - 00000000fee01000
(reserved)
 BIOS-e820: 00000000ff7c0000 - 0000000100000000
(reserved)
0MB HIGHMEM available.
479MB LOWMEM available.
.......

SELinux: initialized (dev autofs, type autofs), uses
genfs_contexts
SELinux: initialized (dev autofs, type autofs), uses
genfs_contexts
audit(1161274398.870:4): avc:  denied  { name_bind }
for  pid=2076 comm="hpiod" src=2208
scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
eth0: no IPv6 routers present
audit(1161274403.915:5): avc:  denied  { search } for 
pid=2234 comm="hald" name="irq" dev=proc
ino=-268435212 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
audit(1161274403.915:6): avc:  denied  { search } for 
pid=2234 comm="hald" name="irq" dev=proc
ino=-268435212 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
audit(1161274403.915:7): avc:  denied  { search } for 
pid=2234 comm="hald" name="irq" dev=proc
ino=-268435212 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
audit(1161274403.915:8): avc:  denied  { search } for 
pid=2234 comm="hald" name="irq" dev=proc
ino=-268435212 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
audit(1161274403.915:9): avc:  denied  { search } for 
pid=2234 comm="hald" name="irq" dev=proc
ino=-268435212 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir

how can I make it go away, or it is just a friendly
feature that won't hurt the computer.  

Best Regards,

Antonio

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux