setroubleshoot, xdm AVCs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Just noticed the following.  I'm running 'mostly Rawhide' (except for
f8 gdm, mesa-*--7.1-0.4.fc9 and selinux-policy-3.0.8-56.fc8).

Got them booting in permissive mode:

[root@localhost ~]# audit2allow -i log


#============= setroubleshootd_t ==============
allow setroubleshootd_t self:capability sys_nice;
allow setroubleshootd_t self:process setsched;
allow setroubleshootd_t sysctl_net_t:dir search;
allow setroubleshootd_t tmp_t:dir read;

#============= xdm_xserver_t ==============
allow xdm_xserver_t hwdata_t:dir search;
allow xdm_xserver_t hwdata_t:file { read getattr };
[root@localhost ~]#

I attach the complete /var/log/audit/audit.log.

tom
-- 
Tom London
type=DAEMON_START msg=audit(1195224906.598:2370): auditd start, ver=1.6.2, format=raw, auid=4294967295 pid=2105 res=success, auditd pid=2105
type=CONFIG_CHANGE msg=audit(1195224906.726:4): audit_enabled=1 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0 res=1
type=CONFIG_CHANGE msg=audit(1195224906.726:5): audit_enabled=1 old=0 by auid=4294967295 res=1
type=CONFIG_CHANGE msg=audit(1195224906.767:6): audit_backlog_limit=320 old=64 by auid=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1
type=CONFIG_CHANGE msg=audit(1195224906.767:7): audit_backlog_limit=320 old=64 by auid=4294967295 res=1
type=LABEL_LEVEL_CHANGE msg=audit(1195224918.243:8): user pid=2366 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=HP4250 uri=hp:/net/hp_LaserJet_4250?ip=10.10.2.42 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)'
type=LABEL_LEVEL_CHANGE msg=audit(1195224918.393:9): user pid=2366 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=HP5MP uri=hp:/par/HP_LaserJet_5MP?device=/dev/parport0 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)'
type=LABEL_LEVEL_CHANGE msg=audit(1195224918.456:10): user pid=2366 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=hp_laserjet_1300 uri=hp:/usb/hp_LaserJet_1300?serial=00CNCB954325 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)'
type=LABEL_LEVEL_CHANGE msg=audit(1195224918.484:11): user pid=2366 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=hp_LaserJet_1300_USB_1 uri=usb://HP/LaserJet%201300 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)'
type=LABEL_LEVEL_CHANGE msg=audit(1195224918.516:12): user pid=2366 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=Kyocera_FS-C5030N_on_dc1 uri=socket://10.10.3.49:9100 banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)'
type=LABEL_LEVEL_CHANGE msg=audit(1195224918.552:13): user pid=2366 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=SavinColor uri=ipp://10.10.3.47/ipp/ banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)'
type=LABEL_LEVEL_CHANGE msg=audit(1195224918.628:14): user pid=2366 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=Innopath uri=file:/dev/null banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)'
type=LABEL_LEVEL_CHANGE msg=audit(1195224918.628:15): user pid=2366 uid=0 auid=4294967295 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 msg='printer=Local uri=file:/dev/null banners=none,none range=unknown: exe="/usr/sbin/cupsd" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=? res=success)'
type=AVC msg=audit(1195224931.124:16): avc:  denied  { search } for  pid=2721 comm="X" name="hwdata" dev=dm-0 ino=5767245 scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hwdata_t:s0 tclass=dir
type=AVC msg=audit(1195224931.124:16): avc:  denied  { read } for  pid=2721 comm="X" name="pci.ids" dev=dm-0 ino=5772627 scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hwdata_t:s0 tclass=file
type=SYSCALL msg=audit(1195224931.124:16): arch=40000003 syscall=5 success=yes exit=7 a0=6eb7bd a1=0 a2=1b6 a3=8d16330 items=0 ppid=2718 pid=2721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty7 comm="X" exe="/usr/bin/Xorg" subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1195224931.125:17): avc:  denied  { getattr } for  pid=2721 comm="X" path="/usr/share/hwdata/pci.ids" dev=dm-0 ino=5772627 scontext=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hwdata_t:s0 tclass=file
type=SYSCALL msg=audit(1195224931.125:17): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=bf99c938 a2=bdcff4 a3=8d16330 items=0 ppid=2718 pid=2721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty7 comm="X" exe="/usr/bin/Xorg" subj=system_u:system_r:xdm_xserver_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1195224933.310:18): avc:  denied  { sys_nice } for  pid=2367 comm="setroubleshootd" capability=23 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0 tclass=capability
type=AVC msg=audit(1195224933.310:18): avc:  denied  { setsched } for  pid=2367 comm="setroubleshootd" scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:system_r:setroubleshootd_t:s0 tclass=process
type=SYSCALL msg=audit(1195224933.310:18): arch=40000003 syscall=156 success=yes exit=0 a0=93f a1=0 a2=b7c0be34 a3=b7c1db90 items=0 ppid=1 pid=2367 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null)
type=AVC msg=audit(1195224933.314:19): avc:  denied  { read } for  pid=2367 comm="setroubleshootd" name="tmp" dev=dm-0 ino=2686977 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
type=SYSCALL msg=audit(1195224933.314:19): arch=40000003 syscall=5 success=yes exit=12 a0=5f8dd1 a1=0 a2=1b6 a3=9e5c658 items=0 ppid=1 pid=2367 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 key=(null)
type=AVC msg=audit(1195224933.317:20): avc:  denied  { search } for  pid=2743 comm="netstat" scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
type=SYSCALL msg=audit(1195224933.317:20): arch=40000003 syscall=33 success=no exit=-2 a0=805f47c a1=4 a2=80646c0 a3=8 items=0 ppid=2173 pid=2743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="netstat" exe="/bin/netstat" subj=system_u:system_r:setroubleshootd_t:s0 key=(null)
type=USER_AUTH msg=audit(1195224955.161:21): user pid=2718 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
type=USER_ACCT msg=audit(1195224955.196:22): user pid=2718 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
type=CRED_ACQ msg=audit(1195224955.197:23): user pid=2718 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
type=LOGIN msg=audit(1195224955.213:24): login pid=2718 uid=0 old auid=4294967295 new auid=500
type=USER_ROLE_CHANGE msg=audit(1195224955.244:25): user pid=2718 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=system_u:system_r:unconfined_t:s0 selected-context=system_u:system_r:unconfined_t:s0: exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=? res=success)'
type=USER_START msg=audit(1195224955.311:26): user pid=2718 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct=tbl exe="/usr/sbin/gdm-binary" (hostname=?, addr=?, terminal=:0 res=success)'
type=USER_LOGIN msg=audit(1195224955.312:27): user pid=2718 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='uid=500: exe="/usr/sbin/gdm-binary" (hostname=localhost.localdomain, addr=127.0.0.1, terminal=:0 res=success)'
type=USER_AUTH msg=audit(1195225003.584:28): user pid=3193 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:authentication acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)'
type=USER_ACCT msg=audit(1195225003.587:29): user pid=3193 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:accounting acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)'
type=USER_START msg=audit(1195225004.454:30): user pid=3193 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:session_open acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)'
type=CRED_ACQ msg=audit(1195225004.454:31): user pid=3193 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:setcred acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/0 res=success)'
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux