too many selinux alerts, after touch ./ autorelabel reboot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear all,

selinux on rawhide is cranking out many denials. . These do not show up on dmesg.  What is happening?  I do not know enough to help myself fix them.  

Here's one of them  

Summary
    SELinux is preventing dhclient-script (dhcpc_t) "getattr" to /sbin/setfiles
    (setfiles_exec_t).

Detailed Description
    SELinux denied access requested by dhclient-script. It is not expected that
    this access is required by dhclient-script and this access may signal an
    intrusion attempt. It is also possible that the specific version or
    configuration of the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for /sbin/setfiles, restorecon -v
    /sbin/setfiles If this does not work, there is currently no automatic way to
    allow this access. Instead,  you can generate a local policy module to allow
    this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether. Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information        

Source Context                user_u:system_r:dhcpc_t
Target Context                system_u:object_r:setfiles_exec_t
Target Objects                /sbin/setfiles [ file ]
Affected RPM Packages         policycoreutils-2.0.19-1.fc8 [target]
Policy RPM                    selinux-policy-2.6.5-2.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     localhost
Platform                      Linux localhost 2.6.21-1.3194.fc7 #1 SMP Wed May
                              23 22:35:01 EDT 2007 i686 athlon
Alert Count                   1
First Seen                    Tue 21 Aug 2007 07:41:12 AM CDT
Last Seen                     Tue 21 Aug 2007 07:41:12 AM CDT
Local ID                      73dc2e0c-fc2c-496f-8f0e-87e72cfd3ce5
Line Numbers                  

Raw Audit Messages            

avc: denied { getattr } for comm="dhclient-script" dev=dm-0 egid=0 euid=0
exe="/bin/bash" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="setfiles"
path="/sbin/setfiles" pid=3563 scontext=user_u:system_r:dhcpc_t:s0 sgid=0
subj=user_u:system_r:dhcpc_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:setfiles_exec_t:s0 tty=(none) uid=0


SELinux is preventing /usr/bin/uptime (logwatch_t) "read write" to utmp (initrc_var_run_t).
SELinux is preventing /usr/bin/uptime (logwatch_t) "read" to utmp (initrc_var_run_t).
SELinux is preventing /usr/sbin/useradd (useradd_t) "read write" to faillog (var_log_t).
SELinux is preventing /sbin/rpc.statd (rpcd_t) "search" to sbin (bin_t).

This one is a major one:  
SELinux prevented /sbin/ldconfig from using the terminal /dev/pts/0.

Changing the "allow_daemons_use_tty" boolean to true will allow this access: "setsebool -P allow_daemons_use_tty=1."The following command will allow this access:setsebool -P allow_daemons_use_tty=1


There are some more, but in reality.  I cannot understand why they do not show up on a regular dmesg.  How can I cure all these selinux denials.  This is reminiscent on the installation of Fedora 7, with too many problems with selinux.  

Sorry to complain, but I need some help.  I hope that I am not the only one with these kind of errors.

Regards,

Antonio 




      ____________________________________________________________________________________
Luggage? GPS? Comic books? 
Check out fitting gifts for grads at Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux