-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Antonio Olivares wrote: > Dear all, > > I am running rawhide. I see the following: > Is avahi-deamon doing something that it shouldn't? > > Thanks, > > Antonio > > Summary: > > SELinux is preventing avahi-daemon (avahi_t) "getcap" > to <Unknown> (avahi_t). > > Detailed Description: > > SELinux denied access requested by avahi-daemon. It is > not expected that this > access is required by avahi-daemon and this access may > signal an intrusion > attempt. It is also possible that the specific version > or configuration of the > application is causing it to require additional > access. > > Allowing Access: > > You can generate a local policy module to allow this > access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) > Or you can disable > SELinux protection altogether. Disabling SELinux > protection is not recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context > system_u:system_r:avahi_t > Target Context > system_u:system_r:avahi_t > Target Objects None [ process ] > Source avahi-daemon > Source Path /usr/sbin/avahi-daemon > Port <Unknown> > Host localhost > Source RPM Packages avahi-0.6.17-1.fc7 > Target RPM Packages > Policy RPM > selinux-policy-3.3.0-1.fc9 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name catchall > Host Name localhost > Platform Linux localhost > 2.6.25-0.65.rc2.git7.fc9 #1 SMP > Sat Feb 23 23:06:09 EST > 2008 i686 athlon > Alert Count 12 > First Seen Sat 23 Feb 2008 01:04:44 > PM CST > Last Seen Mon 25 Feb 2008 07:19:57 > AM CST > Local ID > e83550c8-f8d8-4109-9f8f-215e82dbb99c > Line Numbers > > Raw Audit Messages > > host=localhost type=AVC msg=audit(1203945597.443:10): > avc: denied { getcap } for pid=2159 > comm="avahi-daemon" > scontext=system_u:system_r:avahi_t:s0 > tcontext=system_u:system_r:avahi_t:s0 tclass=process > > host=localhost type=SYSCALL > msg=audit(1203945597.443:10): arch=40000003 > syscall=184 success=no exit=-13 a0=8c60e3c a1=0 > a2=9df0f0 a3=8c60e38 items=0 ppid=1 pid=2159 > auid=4294967295 uid=70 gid=70 euid=70 suid=70 fsuid=70 > egid=70 sgid=70 fsgid=70 tty=(none) ses=4294967295 > comm="avahi-daemon" exe="/usr/sbin/avahi-daemon" > subj=system_u:system_r:avahi_t:s0 key=(null) > > > > > > ____________________________________________________________________________________ > Never miss a thing. Make Yahoo your home page. > http://www.yahoo.com/r/hs > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list No, I am guessing that some library function or kernel change has happened to cause all apps that use setcap to need getcap. So I am making the change in policy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfC+ukACgkQrlYvE4MpobPQ9ACgzIKefOCCXipfJJgwGs9VUq/l yR0Anj6oX/fqRl9QmdW/lAgOwnsKnnQf =Q/Um -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
