new avcs from setroubleshoot browser

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear all,

New avcs have appeared:

Summary
    SELinux is preventing /sbin/ip (ifconfig_t) "write" to pipe (unconfined_t).

Detailed Description
    SELinux denied access requested by /sbin/ip. It is not expected that this
    access is required by /sbin/ip and this access may signal an intrusion
    attempt. It is also possible that the specific version or configuration of
    the application is causing it to require additional access.

Allowing Access
    You can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context                system_u:system_r:ifconfig_t
Target Context                system_u:system_r:unconfined_t
Target Objects                pipe [ fifo_file ]
Affected RPM Packages         iproute-2.6.22-2.fc8 [application]
Policy RPM                    selinux-policy-3.0.8-13.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.23-0.202.rc8.fc8
                              #1 SMP Mon Sep 24 22:09:05 EDT 2007 i686 i686
Alert Count                   3
First Seen                    Wed 26 Sep 2007 06:34:54 PM CDT
Last Seen                     Wed 26 Sep 2007 06:34:54 PM CDT
Local ID                      d0527712-8653-4588-9f61-e20604d839bf
Line Numbers                  

Raw Audit Messages            

avc: denied { write } for comm=ip dev=pipefs egid=0 euid=0 exe=/sbin/ip exit=0
fsgid=0 fsuid=0 gid=0 items=0 path=pipe:[11604] pid=3103
scontext=system_u:system_r:ifconfig_t:s0 sgid=0
subj=system_u:system_r:ifconfig_t:s0 suid=0 tclass=fifo_file
tcontext=system_u:system_r:unconfined_t:s0 tty=(none) uid=0

Summary
    SELinux is preventing consoletype (consoletype_t) "read" to pipe
    (unconfined_t).

Detailed Description
    SELinux denied access requested by consoletype. It is not expected that this
    access is required by consoletype and this access may signal an intrusion
    attempt. It is also possible that the specific version or configuration of
    the application is causing it to require additional access.

Allowing Access
    You can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context                system_u:system_r:consoletype_t
Target Context                system_u:system_r:unconfined_t
Target Objects                pipe [ fifo_file ]
Affected RPM Packages         
Policy RPM                    selinux-policy-3.0.8-13.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.23-0.202.rc8.fc8
                              #1 SMP Mon Sep 24 22:09:05 EDT 2007 i686 i686
Alert Count                   2
First Seen                    Wed 26 Sep 2007 06:34:54 PM CDT
Last Seen                     Wed 26 Sep 2007 06:34:54 PM CDT
Local ID                      8b0eaa38-b9e4-4472-9cd0-ddd5b686793e
Line Numbers                  

Raw Audit Messages            

avc: denied { read } for comm=consoletype dev=pipefs path=pipe:[11541] pid=3036
scontext=system_u:system_r:consoletype_t:s0 tclass=fifo_file
tcontext=system_u:system_r:unconfined_t:s0


How do I deal with these.  I am seeing this only on one of the machines.  On the other two are fine.  Crossing my fingers.

Thanks,


Antonio 




       
____________________________________________________________________________________
Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
http://smallbusiness.yahoo.com/webhosting 

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux