Here are few issues I have in my selinux troubleshooter. I have tested wicd wireless manager instead of NM and that got selinux in a full alert mode... please check out fedora devel mailing for links to wich packages because they aren't still in fedora repositories. Valent. -- http://kernelreloaded.blog385.com/ linux, blog, anime, spirituality, windsurf, wireless registered as user #367004 with the Linux Counter, http://counter.li.org. ICQ: 2125241, Skype: valent.turkovic
Sažetak: SELinux is preventing updatedb (locate_t) "getattr" to 2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70 (fusefs_t). Detaljan opis: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by updatedb. It is not expected that this access is required by updatedb and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. DopuÅ¡tanje pristupa: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for 2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70, restorecon -v '2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Dodatni podaci: Izvorni kontekst system_u:system_r:locate_t:s0 Ciljani kontekst system_u:object_r:fusefs_t:s0 Ciljani objekti 2F766964656F2F305F72656D6F76652064726D2F467265654D 65322F646570636F6D70 [ lnk_file ] Source updatedb Source Path /usr/bin/updatedb Port <Nepoznato> Host valent.oswireless Source RPM Packages mlocate-0.18-1 Target RPM Packages RPM pravila selinux-policy-3.0.8-87.fc8 Selinux je omoguÄ?en True Vrsta pravila targeted MLS je omoguÄ?en True NaÄ?in prisile Permissive Naziv dodatka catchall_file Naziv raÄ?unala valent.oswireless Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686 Broj uzbuna 2 First Seen Sub 08 Ožu 2008 16:56:40 Last Seen Ned 09 Ožu 2008 14:22:33 Local ID 271deaf2-371a-4144-8b9b-88e86312a17a Brojevi redaka Sirova poruke revizije host=valent.oswireless type=AVC msg=audit(1205068953.548:40): avc: denied { getattr } for pid=10059 comm="updatedb" path=2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70 dev=sda12 ino=367 scontext=system_u:system_r:locate_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file host=valent.oswireless type=SYSCALL msg=audit(1205068953.548:40): arch=40000003 syscall=196 success=yes exit=0 a0=97f67c9 a1=bf8a92d8 a2=d33ff4 a3=97f67c9 items=0 ppid=10053 pid=10059 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0 key=(null)
Sažetak: SELinux is preventing updatedb (locate_t) "getattr" to /vista/Windows/ServiceProfiles/LocalService/AppData/LocalLow/Microsoft/CryptnetUrlCache/Content/94308059B57B3142E455B38A6EB92015 (fusefs_t). Detaljan opis: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by updatedb. It is not expected that this access is required by updatedb and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. DopuÅ¡tanje pristupa: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Dodatni podaci: Izvorni kontekst system_u:system_r:locate_t:s0 Ciljani kontekst system_u:object_r:fusefs_t:s0 Ciljani objekti /vista/Windows/ServiceProfiles/LocalService/AppDat a/LocalLow/Microsoft/CryptnetUrlCache/Content/9430 8059B57B3142E455B38A6EB92015 [ fifo_file ] Source updatedb Source Path /usr/bin/updatedb Port <Nepoznato> Host valent.oswireless Source RPM Packages mlocate-0.18-1 Target RPM Packages RPM pravila selinux-policy-3.0.8-87.fc8 Selinux je omoguÄ?en True Vrsta pravila targeted MLS je omoguÄ?en True NaÄ?in prisile Permissive Naziv dodatka catchall Naziv raÄ?unala valent.oswireless Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686 Broj uzbuna 2 First Seen Sub 08 Ožu 2008 16:57:36 Last Seen Ned 09 Ožu 2008 14:23:29 Local ID 4634d5ad-499c-4e7d-bc3a-af746945a64a Brojevi redaka Sirova poruke revizije host=valent.oswireless type=AVC msg=audit(1205069009.760:41): avc: denied { getattr } for pid=10059 comm="updatedb" path="/vista/Windows/ServiceProfiles/LocalService/AppData/LocalLow/Microsoft/CryptnetUrlCache/Content/94308059B57B3142E455B38A6EB92015" dev=sda1 ino=144151 scontext=system_u:system_r:locate_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=fifo_file host=valent.oswireless type=SYSCALL msg=audit(1205069009.760:41): arch=40000003 syscall=196 success=yes exit=0 a0=97f6941 a1=bf8a89d8 a2=d33ff4 a3=97f6941 items=0 ppid=10053 pid=10059 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="updatedb" exe="/usr/bin/updatedb" subj=system_u:system_r:locate_t:s0 key=(null)
Sažetak: SELinux is preventing restorecon (setfiles_t) "write" to /opt/wicd/data/wicd.log (usr_t). Detaljan opis: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by restorecon. It is not expected that this access is required by restorecon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. DopuÅ¡tanje pristupa: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /opt/wicd/data/wicd.log, restorecon -v '/opt/wicd/data/wicd.log' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Dodatni podaci: Izvorni kontekst unconfined_u:system_r:setfiles_t:s0 Ciljani kontekst unconfined_u:object_r:usr_t:s0 Ciljani objekti /opt/wicd/data/wicd.log [ file ] Source restorecon Source Path /sbin/setfiles Port <Nepoznato> Host valent.oswireless Source RPM Packages policycoreutils-2.0.33-3.fc8 Target RPM Packages RPM pravila selinux-policy-3.0.8-87.fc8 Selinux je omoguÄ?en True Vrsta pravila targeted MLS je omoguÄ?en True NaÄ?in prisile Permissive Naziv dodatka catchall_file Naziv raÄ?unala valent.oswireless Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686 Broj uzbuna 2 First Seen Pon 10 Ožu 2008 14:23:50 Last Seen Pon 10 Ožu 2008 14:25:53 Local ID ffbd9047-3b96-4140-adcb-1217a7d07dfb Brojevi redaka Sirova poruke revizije host=valent.oswireless type=AVC msg=audit(1205155553.123:86): avc: denied { write } for pid=17305 comm="restorecon" path="/opt/wicd/data/wicd.log" dev=sda6 ino=721040 scontext=unconfined_u:system_r:setfiles_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file host=valent.oswireless type=SYSCALL msg=audit(1205155553.123:86): arch=40000003 syscall=11 success=yes exit=0 a0=853bbd8 a1=853b138 a2=8519d10 a3=0 items=0 ppid=17257 pid=17305 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="restorecon" exe="/sbin/setfiles" subj=unconfined_u:system_r:setfiles_t:s0 key=(null)
Sažetak: SELinux is preventing wpa_supplicant (NetworkManager_t) "write" to /opt/wicd/data/wicd.log (usr_t). Detaljan opis: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by wpa_supplicant. It is not expected that this access is required by wpa_supplicant and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. DopuÅ¡tanje pristupa: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /opt/wicd/data/wicd.log, restorecon -v '/opt/wicd/data/wicd.log' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Dodatni podaci: Izvorni kontekst unconfined_u:system_r:NetworkManager_t:s0 Ciljani kontekst unconfined_u:object_r:usr_t:s0 Ciljani objekti /opt/wicd/data/wicd.log [ file ] Source wpa_supplicant Source Path /usr/sbin/wpa_supplicant Port <Nepoznato> Host valent.oswireless Source RPM Packages wpa_supplicant-0.5.7-21.fc8 Target RPM Packages RPM pravila selinux-policy-3.0.8-87.fc8 Selinux je omoguÄ?en True Vrsta pravila targeted MLS je omoguÄ?en True NaÄ?in prisile Permissive Naziv dodatka catchall_file Naziv raÄ?unala valent.oswireless Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686 Broj uzbuna 1 First Seen Pon 10 Ožu 2008 14:25:43 Last Seen Pon 10 Ožu 2008 14:25:43 Local ID 7b6a21b2-e462-4d73-a5fc-7d73825e94b2 Brojevi redaka Sirova poruke revizije host=valent.oswireless type=AVC msg=audit(1205155543.278:85): avc: denied { write } for pid=17145 comm="wpa_supplicant" path="/opt/wicd/data/wicd.log" dev=sda6 ino=721040 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file host=valent.oswireless type=SYSCALL msg=audit(1205155543.278:85): arch=40000003 syscall=11 success=yes exit=0 a0=97519b0 a1=9751988 a2=9750410 a3=40 items=0 ppid=15567 pid=17145 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="wpa_supplicant" exe="/usr/sbin/wpa_supplicant" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
Sažetak: SELinux is preventing consoletype (consoletype_t) "write" to /opt/wicd/data/wicd.log (usr_t). Detaljan opis: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by consoletype. It is not expected that this access is required by consoletype and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. DopuÅ¡tanje pristupa: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /opt/wicd/data/wicd.log, restorecon -v '/opt/wicd/data/wicd.log' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Dodatni podaci: Izvorni kontekst unconfined_u:system_r:consoletype_t:s0 Ciljani kontekst unconfined_u:object_r:usr_t:s0 Ciljani objekti /opt/wicd/data/wicd.log [ file ] Source consoletype Source Path /sbin/consoletype Port <Nepoznato> Host valent.oswireless Source RPM Packages initscripts-8.60-1 Target RPM Packages RPM pravila selinux-policy-3.0.8-87.fc8 Selinux je omoguÄ?en True Vrsta pravila targeted MLS je omoguÄ?en True NaÄ?in prisile Permissive Naziv dodatka catchall_file Naziv raÄ?unala valent.oswireless Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686 Broj uzbuna 2 First Seen Pon 10 Ožu 2008 14:23:49 Last Seen Pon 10 Ožu 2008 14:24:31 Local ID eaf022d1-da82-4ce5-9b17-396516adbca3 Brojevi redaka Sirova poruke revizije host=valent.oswireless type=AVC msg=audit(1205155471.339:84): avc: denied { write } for pid=16569 comm="consoletype" path="/opt/wicd/data/wicd.log" dev=sda6 ino=721040 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file host=valent.oswireless type=SYSCALL msg=audit(1205155471.339:84): arch=40000003 syscall=11 success=yes exit=0 a0=90ebc90 a1=90eb6e0 a2=90eb900 a3=0 items=0 ppid=16568 pid=16569 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null)
Sažetak: SELinux is preventing dhclient (dhcpc_t) "write" to /opt/wicd/data/wicd.log (usr_t). Detaljan opis: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by dhclient. It is not expected that this access is required by dhclient and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. DopuÅ¡tanje pristupa: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /opt/wicd/data/wicd.log, restorecon -v '/opt/wicd/data/wicd.log' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Dodatni podaci: Izvorni kontekst unconfined_u:system_r:dhcpc_t:s0 Ciljani kontekst unconfined_u:object_r:usr_t:s0 Ciljani objekti /opt/wicd/data/wicd.log [ file ] Source dhclient Source Path /sbin/dhclient Port <Nepoznato> Host valent.oswireless Source RPM Packages dhclient-3.0.6-12.fc8 Target RPM Packages RPM pravila selinux-policy-3.0.8-87.fc8 Selinux je omoguÄ?en True Vrsta pravila targeted MLS je omoguÄ?en True NaÄ?in prisile Permissive Naziv dodatka catchall_file Naziv raÄ?unala valent.oswireless Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686 Broj uzbuna 2 First Seen Pon 10 Ožu 2008 14:23:49 Last Seen Pon 10 Ožu 2008 14:24:31 Local ID f810b287-2750-4dd5-a813-84124c1aeca7 Brojevi redaka Sirova poruke revizije host=valent.oswireless type=AVC msg=audit(1205155471.332:83): avc: denied { write } for pid=16566 comm="dhclient" path="/opt/wicd/data/wicd.log" dev=sda6 ino=721040 scontext=unconfined_u:system_r:dhcpc_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file host=valent.oswireless type=SYSCALL msg=audit(1205155471.332:83): arch=40000003 syscall=11 success=yes exit=0 a0=9d66360 a1=9d66558 a2=9d653d0 a3=40 items=0 ppid=15567 pid=16566 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="dhclient" exe="/sbin/dhclient" subj=unconfined_u:system_r:dhcpc_t:s0 key=(null)
Sažetak: SELinux is preventing consoletype (consoletype_t) "write" to /opt/wicd/data/wicd.log (usr_t). Detaljan opis: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by consoletype. It is not expected that this access is required by consoletype and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. DopuÅ¡tanje pristupa: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /opt/wicd/data/wicd.log, restorecon -v '/opt/wicd/data/wicd.log' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Dodatni podaci: Izvorni kontekst unconfined_u:system_r:consoletype_t:s0 Ciljani kontekst unconfined_u:object_r:usr_t:s0 Ciljani objekti /opt/wicd/data/wicd.log [ file ] Source consoletype Source Path /sbin/consoletype Port <Nepoznato> Host valent.oswireless Source RPM Packages initscripts-8.60-1 Target RPM Packages RPM pravila selinux-policy-3.0.8-87.fc8 Selinux je omoguÄ?en True Vrsta pravila targeted MLS je omoguÄ?en True NaÄ?in prisile Permissive Naziv dodatka catchall_file Naziv raÄ?unala valent.oswireless Platforma Linux valent.oswireless 2.6.24.3-12.fc8 #1 SMP Tue Feb 26 14:58:29 EST 2008 i686 i686 Broj uzbuna 2 First Seen Pon 10 Ožu 2008 14:23:49 Last Seen Pon 10 Ožu 2008 14:24:31 Local ID eaf022d1-da82-4ce5-9b17-396516adbca3 Brojevi redaka Sirova poruke revizije host=valent.oswireless type=AVC msg=audit(1205155471.339:84): avc: denied { write } for pid=16569 comm="consoletype" path="/opt/wicd/data/wicd.log" dev=sda6 ino=721040 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file host=valent.oswireless type=SYSCALL msg=audit(1205155471.339:84): arch=40000003 syscall=11 success=yes exit=0 a0=90ebc90 a1=90eb6e0 a2=90eb900 a3=0 items=0 ppid=16568 pid=16569 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null)
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
