Re: Funny AVC from USB CD plugin

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Jan 7, 2008 8:56 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Tom London wrote:
> > Running latest Rawhide, targeted/enforcing.
> >
> > Plugging in an 'old USB CD drive', I got the following audit message:
> >
> > [root@localhost ~]# sealert -l fb77e7e0-3515-4866-9a8f-e1db99f9b4b8
> >
> > Summary:
> >
> > SELinux is preventing ln(/bin/ln) (udev_t) "create" to <Unknown> (etc_t).
> >
> > Detailed Description:
> >
> > SELinux denied access requested by ln(/bin/ln). It is not expected that this
> > access is required by ln(/bin/ln) and this access may signal an intrusion
> > attempt. It is also possible that the specific version or configuration of the
> > application is causing it to require additional access.
> >
> > Allowing Access:
> >
> > Sometimes labeling problems can cause SELinux denials. You could try to restore
> > the default system file context for <Unknown>, restorecon -v <Unknown> If this
> > does not work, there is currently no automatic way to allow this access.
> > Instead, you can generate a local policy module to allow this access - see FAQ
> > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> > SELinux protection altogether. Disabling SELinux protection is not recommended.
> > Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> > against this package.
> >
> > Additional Information:
> >
> > Source Context                system_u:system_r:udev_t:SystemLow-SystemHigh
> > Target Context                system_u:object_r:etc_t
> > Target Objects                None [ lnk_file ]
> > Source                        ln(/bin/ln)
> > Port                          <Unknown>
> > Host                          localhost.localdomain
> > Source RPM Packages
> > Target RPM Packages
> > Policy RPM                    selinux-policy-3.2.5-8.fc9
> > Selinux Enabled               True
> > Policy Type                   targeted
> > MLS Enabled                   True
> > Enforcing Mode                Enforcing
> > Plugin Name                   catchall_file
> > Host Name                     localhost.localdomain
> > Platform                      Linux localhost.localdomain
> >                               2.6.24-0.136.rc6.git12.fc9 #1 SMP Sat Jan 5
> >                               12:46:45 EST 2008 i686 i686
> > Alert Count                   2
> > First Seen                    Sun Jan  6 10:30:15 2008
> > Last Seen                     Sun Jan  6 10:30:15 2008
> > Local ID                      fb77e7e0-3515-4866-9a8f-e1db99f9b4b8
> > Line Numbers
> >
> > Raw Audit Messages
> >
> > host=localhost.localdomain type=AVC msg=audit(1199644215.878:31): avc:
> >  denied  { create } for  pid=6933 comm="ln" name=".is-writeable"
> > scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file
> >
> > host=localhost.localdomain type=SYSCALL msg=audit(1199644215.878:31):
> > arch=40000003 syscall=83 success=no exit=-13 a0=bff3ddc3 a1=bff3ddcd
> > a2=804f77c a3=0 items=0 ppid=6931 pid=6933 auid=4294967295 uid=0 gid=0
> > euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ln"
> > exe="/bin/ln" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
> >
> >
> > Here are the messages from /var/log/messages:
> >
> > Jan  6 10:30:05 localhost kernel: usb 2-2: new full speed USB device
> > using uhci_hcd and address 4
> > Jan  6 10:30:06 localhost kernel: usb 2-2: configuration #1 chosen from 1 choice
> > Jan  6 10:30:06 localhost kernel: scsi8 : SCSI emulation for USB Mass
> > Storage devices
> > Jan  6 10:30:06 localhost kernel: usb-storage: device found at 4
> > Jan  6 10:30:06 localhost kernel: usb-storage: waiting for device to
> > settle before scanning
> > Jan  6 10:30:11 localhost kernel: usb-storage: device scan complete
> > Jan  6 10:30:11 localhost kernel: scsi 8:0:0:0: CD-ROM            IBM
> >     USB CD-ROM       20A4 PQ: 0 ANSI: 0 CCS
> > Jan  6 10:30:11 localhost kernel: sr1: scsi3-mmc drive: 10x/10x cd/rw
> > xa/form2 cdda pop-up
> > Jan  6 10:30:11 localhost kernel: sr 8:0:0:0: Attached scsi CD-ROM sr1
> > Jan  6 10:30:11 localhost kernel: sr 8:0:0:0: Attached scsi generic sg2 type 5
> > Jan  6 10:30:18 localhost setroubleshoot: #012    SELinux is
> > preventing ln(/bin/ln) (udev_t) "create" to &lt;Unknown&gt;
> > (etc_t).#012     For complete SELinux messages. run sealert -l
> > fb77e7e0-3515-4866-9a8f-e1db99f9b4b8
> >
> >
> > Putting system in permissive mode, I get these:
> >
> > type=AVC msg=audit(1199645179.126:34): avc:  denied  { create } for
> > pid=7782 comm="ln" name=".is-writeable"
> > scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file
> > type=SYSCALL msg=audit(1199645179.126:34): arch=40000003 syscall=83
> > success=yes exit=0 a0=bfb56db6 a1=bfb56dc0 a2=804f77c a3=0 items=0
> > ppid=7780 pid=7782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> > egid=0 sgid=0 fsgid=0 tty=(none) comm="ln" exe="/bin/ln"
> > subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
> > type=AVC msg=audit(1199645179.245:35): avc:  denied  { unlink } for
> > pid=7783 comm="rm" name=".is-writeable" dev=dm-0 ino=11076747
> > scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:etc_t:s0 tclass=lnk_file
> > type=SYSCALL msg=audit(1199645179.245:35): arch=40000003 syscall=301
> > success=yes exit=0 a0=ffffff9c a1=bfa17dc0 a2=0 a3=bfa17dc0 items=0
> > ppid=7780 pid=7783 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> > egid=0 sgid=0 fsgid=0 tty=(none) comm="rm" exe="/bin/rm"
> > subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
> > type=AVC msg=audit(1199645179.255:36): avc:  denied  { append } for
> > pid=7780 comm="write_cd_rules" name="70-persistent-cd.rules" dev=dm-0
> > ino=11076866 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:etc_t:s0 tclass=file
> > type=SYSCALL msg=audit(1199645179.255:36): arch=40000003 syscall=5
> > success=yes exit=3 a0=8a98400 a1=8441 a2=1b6 a3=8441 items=0 ppid=7761
> > pid=7780 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> > sgid=0 fsgid=0 tty=(none) comm="write_cd_rules" exe="/bin/bash"
> > subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null)
> >
> > udev issue?
> >
> > tom
> Yes report it as a bug there.  I have a fealing it should be something
> done in the post install script and not by udev.   udev writing its own
> config files is probably a bad idea.

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=427808

-- 
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux