-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan Thurman wrote: > Again, more issues. Suggested fix? > ============================ > Summary: > > SELinux is preventing gam_server (gamin_t) "dac_override" to <Unknown> > (gamin_t). > > Detailed Description: > > SELinux denied access requested by gam_server. It is not expected that this > access is required by gam_server and this access may signal an intrusion > attempt. It is also possible that the specific version or configuration > of the > application is causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can > disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context system_u:system_r:gamin_t:s0 > Target Context system_u:system_r:gamin_t:s0 > Target Objects None [ capability ] > Source gam_server > Source Path /usr/libexec/gam_server > Port <Unknown> > Host bronze.cdkkt.com > Source RPM Packages gamin-0.1.9-5.fc9 > Target RPM Packages Policy RPM > selinux-policy-3.3.1-74.fc9 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name catchall > Host Name bronze.cdkkt.com > Platform Linux bronze.cdkkt.com > 2.6.25.9-76.fc9.i686 #1 SMP > Fri Jun 27 16:14:35 EDT 2008 i686 i686 > Alert Count 20 > First Seen Thu 10 Jul 2008 10:35:43 AM PDT > Last Seen Thu 10 Jul 2008 11:11:40 AM PDT > Local ID 5eb1bf77-5c10-4071-9892-bac42ca11adb > Line Numbers > Raw Audit Messages > host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc: > denied { dac_override } for pid=11637 comm="gam_server" capability=1 > scontext=system_u:system_r:gamin_t:s0 > tcontext=system_u:system_r:gamin_t:s0 tclass=capability > > host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc: > denied { dac_read_search } for pid=11637 comm="gam_server" > capability=2 scontext=system_u:system_r:gamin_t:s0 > tcontext=system_u:system_r:gamin_t:s0 tclass=capability > > host=bronze.cdkkt.com type=SYSCALL msg=audit(1215713500.169:272): > arch=40000003 syscall=33 success=no exit=-13 a0=96ca580 a1=0 a2=4b9264 > a3=10 items=0 ppid=1 pid=11637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 > fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 > comm="gam_server" exe="/usr/libexec/gam_server" > subj=system_u:system_r:gamin_t:s0 key=(null) > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list This is a bad domain and will be fixed in the next update. For now it is probably best to just relabel the gamin_exec_t to bin_t and stop the transition. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkh7TxYACgkQrlYvE4MpobMZoACgxpQqu7e/wSNBUJ6eNtmmR/yG 28cAoLpvykovrTIrThMTTGWdNMVWLAiR =ArZ/ -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
