Re: SELinux is preventing avahi-daemon (avahi_t) "getcap" to <Unknown> (avahi_t).

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> Dear all,
> 
> I am running rawhide.  I see the following:
> Is avahi-deamon doing something that it shouldn't?
> 
> Thanks,
> 
> Antonio 
> 
> Summary:
> 
> SELinux is preventing avahi-daemon (avahi_t) "getcap"
> to <Unknown> (avahi_t).
> 
> Detailed Description:
> 
> SELinux denied access requested by avahi-daemon. It is
> not expected that this
> access is required by avahi-daemon and this access may
> signal an intrusion
> attempt. It is also possible that the specific version
> or configuration of the
> application is causing it to require additional
> access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this
> access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385)
> Or you can disable
> SELinux protection altogether. Disabling SELinux
> protection is not recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context               
> system_u:system_r:avahi_t
> Target Context               
> system_u:system_r:avahi_t
> Target Objects                None [ process ]
> Source                        avahi-daemon
> Source Path                   /usr/sbin/avahi-daemon
> Port                          <Unknown>
> Host                          localhost
> Source RPM Packages           avahi-0.6.17-1.fc7
> Target RPM Packages           
> Policy RPM                   
> selinux-policy-3.3.0-1.fc9
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     localhost
> Platform                      Linux localhost
> 2.6.25-0.65.rc2.git7.fc9 #1 SMP
>                               Sat Feb 23 23:06:09 EST
> 2008 i686 athlon
> Alert Count                   12
> First Seen                    Sat 23 Feb 2008 01:04:44
> PM CST
> Last Seen                     Mon 25 Feb 2008 07:19:57
> AM CST
> Local ID                     
> e83550c8-f8d8-4109-9f8f-215e82dbb99c
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> host=localhost type=AVC msg=audit(1203945597.443:10):
> avc:  denied  { getcap } for  pid=2159
> comm="avahi-daemon"
> scontext=system_u:system_r:avahi_t:s0
> tcontext=system_u:system_r:avahi_t:s0 tclass=process
> 
> host=localhost type=SYSCALL
> msg=audit(1203945597.443:10): arch=40000003
> syscall=184 success=no exit=-13 a0=8c60e3c a1=0
> a2=9df0f0 a3=8c60e38 items=0 ppid=1 pid=2159
> auid=4294967295 uid=70 gid=70 euid=70 suid=70 fsuid=70
> egid=70 sgid=70 fsgid=70 tty=(none) ses=4294967295
> comm="avahi-daemon" exe="/usr/sbin/avahi-daemon"
> subj=system_u:system_r:avahi_t:s0 key=(null)
> 
> 
> 
> 
> 
>       ____________________________________________________________________________________
> Never miss a thing.  Make Yahoo your home page. 
> http://www.yahoo.com/r/hs
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
No, I am guessing that some library function or kernel change has
happened to cause all apps that use setcap to need getcap.  So I am
making the change in policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfC+ukACgkQrlYvE4MpobPQ9ACgzIKefOCCXipfJJgwGs9VUq/l
yR0Anj6oX/fqRl9QmdW/lAgOwnsKnnQf
=Q/Um
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux