Stephen Croll wrote: > Note: Originally posted to fedora-list. > > The "setroubleshoot browser" is reporting the following issues on Fedora 9: > > SELinux is preventing kerneloops (kerneloops_t) "signal" to <Unknown> > (kerneloops_t). > SELinux is preventing dhclient (dhcpc_t) "read write" to socket > (unconfined_t). > > The first issue occurred on boot, but no longer seems to be happening. > The second > issue occurs when I bring up eth0. > > Should I file a bug report, or might there be something more sinister > going on? > > For reference, the complete reports are as follows: > > Summary: > > SELinux is preventing kerneloops (kerneloops_t) "signal" to <Unknown> > (kerneloops_t). > > Detailed Description: > > SELinux denied access requested by kerneloops. It is not expected that this > access is required by kerneloops and this access may signal an intrusion > attempt. It is also possible that the specific version or configuration > of the > application is causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can > disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context system_u:system_r:kerneloops_t:s0 > Target Context system_u:system_r:kerneloops_t:s0 > Target Objects None [ process ] > Source kerneloops > Source Path /usr/sbin/kerneloops > Port <Unknown> > Host gerbil > Source RPM Packages kerneloops-0.11-1.fc9 > Target RPM Packages Policy RPM > selinux-policy-3.3.1-84.fc9 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name catchall > Host Name gerbil > Platform Linux gerbil 2.6.25.14-108.fc9.x86_64 #1 > SMP Mon > Aug 4 13:46:35 EDT 2008 x86_64 x86_64 > Alert Count 2 > First Seen Sun 07 Sep 2008 03:21:55 AM CDT > Last Seen Sun 07 Sep 2008 03:21:55 AM CDT > Local ID fa4c1bd0-faf1-48ba-ba55-74285538ef90 > Line Numbers Raw Audit Messages > host=gerbil type=AVC msg=audit(1220775715.59:8): avc: denied { signal > } for pid=2363 comm="kerneloops" > scontext=system_u:system_r:kerneloops_t:s0 > tcontext=system_u:system_r:kerneloops_t:s0 tclass=process > > host=gerbil type=SYSCALL msg=audit(1220775715.59:8): arch=c000003e > syscall=234 success=no exit=-13 a0=93b a1=93b a2=6 a3=8 items=0 ppid=1 > pid=2363 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 > fsgid=0 tty=(none) ses=4294967295 comm="kerneloops" > exe="/usr/sbin/kerneloops" subj=system_u:system_r:kerneloops_t:s0 > key=(null) > > -and- > > Summary: > > SELinux is preventing dhclient (dhcpc_t) "read write" to socket > (unconfined_t). > > Detailed Description: > > SELinux denied access requested by dhclient. It is not expected that > this access > is required by dhclient and this access may signal an intrusion attempt. > It is > also possible that the specific version or configuration of the > application is > causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can > disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 > Target Context > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 > Target Objects socket [ unix_stream_socket ] > Source dhclient > Source Path /sbin/dhclient > Port <Unknown> > Host gerbil > Source RPM Packages dhclient-4.0.0-14.fc9 > Target RPM Packages Policy RPM > selinux-policy-3.3.1-84.fc9 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name catchall > Host Name gerbil > Platform Linux gerbil 2.6.25.14-108.fc9.x86_64 #1 > SMP Mon > Aug 4 13:46:35 EDT 2008 x86_64 x86_64 > Alert Count 16 > First Seen Sun 07 Sep 2008 12:56:48 AM CDT > Last Seen Sun 07 Sep 2008 03:23:07 AM CDT > Local ID a3b5492a-0ef2-4cc3-bdd0-4c06696bae70 > Line Numbers Raw Audit Messages > host=gerbil type=AVC msg=audit(1220775787.407:21): avc: denied { read > write } for pid=3069 comm="dhclient" path="socket:[68728]" dev=sockfs > ino=68728 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tclass=unix_stream_socket > > host=gerbil type=SYSCALL msg=audit(1220775787.407:21): arch=c000003e > syscall=59 success=yes exit=0 a0=948530 a1=94ad90 a2=8f0d70 > a3=3f48f67a70 items=0 ppid=2970 pid=3069 auid=500 uid=0 gid=0 euid=0 > suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="dhclient" > exe="/sbin/dhclient" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 > key=(null) > kerneloops needing signal is a bug in selinux-policy. You can allow this for now. # audit2allow -M mypol -l -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.3.1-89.fc9.noarch The dhcp_t (/sbin/dhclient) trying to read/write an unconfined_t unix_stream_socket, is a leaked file descriptor. So it is a bug in some application that you are using to bring up your network. What app are you using for this? -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list