Re: AVCs from cron.daily (F9)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Paul Howarth wrote:
> On Wed, 04 Jun 2008 15:05:55 -0400
> Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> 
>> Paul Howarth wrote:
>>> On my work box, which is an up-to-date F9 install, I get a set of
>>> AVCs from cron.daily every day, which I don't get on my home boxes.
>>> I suspect it's because we use LDAP auth at work. It boils down to
>>> this when passed through audit2allow -R:
>>>
>>> require {
>>>     type logwatch_t;
>>>     type locate_t;
>>>     type tmpreaper_t;
>>>     type logrotate_t;
>>> }
>>>
>>> #============= locate_t ==============
>>> cron_rw_tcp_sockets(locate_t)
>>>
>>> #============= logrotate_t ==============
>>> cron_rw_tcp_sockets(logrotate_t)
>>>
>>> #============= logwatch_t ==============
>>> cron_rw_tcp_sockets(logwatch_t)
>>>
>>> #============= tmpreaper_t ==============
>>> cron_rw_tcp_sockets(tmpreaper_t)
>>>
>>>
>>> Sample AVC:
>>> time->Tue Jun  3 05:05:05 2008
>>> type=SYSCALL msg=audit(1212465905.734:5714): arch=c000003e
>>> syscall=59 success=yes exit=0 a0=25545d0 a1=2551360 a2=25539a0 a3=8
>>> items=0 ppid=12101 pid=12134 auid=0 uid=0 gid=0 euid=0 suid=0
>>> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=605 comm="tmpwatch"
>>> exe="/usr/sbin/tmpwatch"
>>> subj=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023 key=(null)
>>> type=AVC msg=audit(1212465905.734:5714): avc:  denied  { read
>>> write } for  pid=12134 comm="tmpwatch" path="socket:[24785059]"
>>> dev=sockfs ino=24785059
>>> scontext=system_u:system_r:tmpreaper_t:s0-s0:c0.c1023
>>> tcontext=unconfined_u:system_r:crond_t:s0-s0:c0.c1023
>>> tclass=tcp_socket
>>>
>>> Paul.
>>>
>>> -- 
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list@xxxxxxxxxx
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> Leaked file descriptor in nssldap?
> 
> I expect so. The denials don't seem to cause any problems but it would
> be nice if they were dontaudited.
> 
> Paul. 
It would be nicer if the nssldap would be fixed...

I am working it.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux