--- On Wed, 12/10/08, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > From: Daniel J Walsh <dwalsh@xxxxxxxxxx> > Subject: Re: denied avc's on rawhide > To: olivares14031@xxxxxxxxx > Cc: fedora-test-list@xxxxxxxxxx, fedora-selinux-list@xxxxxxxxxx > Date: Wednesday, December 10, 2008, 8:33 AM > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Antonio Olivares wrote: > >> If you update to > selinux-policy-3.6.1-8.fc11.noarch > >> These should be fixed. > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1.4.9 (GNU/Linux) > >> Comment: Using GnuPG with Fedora - > >> http://enigmail.mozdev.org > >> > >> > iEYEARECAAYFAkk+2DIACgkQrlYvE4MpobN1TwCdF5LmqDAhnTEkvYVDYeahBzAW > >> ddsAoLmrjp/0XyRA/5kiNLPqDxJ0xega > >> =euz2 > >> -----END PGP SIGNATURE----- > > > > Yes, they are :), thank you very much. Now selinux is > denying the setroubleshoot daemon from kicking in :(, > selinux denying itself in some ways. I got new avcs: > > > > [olivares@riohigh ~]$ dmesg | grep 'avc' > > type=1400 audit(1228868792.540:4): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > > type=1400 audit(1228868792.546:5): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > > type=1400 audit(1228868792.569:6): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > > type=1400 audit(1228868792.574:7): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > > type=1400 audit(1228868792.582:8): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > > type=1400 audit(1228868792.600:9): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > > type=1400 audit(1228868792.617:10): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868792.647:11): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868792.653:12): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868792.665:13): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868798.247:59): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868798.259:60): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868798.269:61): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868798.277:62): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868798.283:63): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868798.296:64): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868798.304:65): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868798.309:66): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868798.322:67): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868798.354:68): avc: denied { > write } for pid=2038 comm="setroubleshootd" > name="plugins" dev=sda5 ino=142832 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:usr_t:s0 tclass=dir > > type=1400 audit(1228868811.296:89): avc: denied { > read } for pid=2492 comm="gdm-session-wor" > name=".dmrc" dev=sda5 ino=23265 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > > type=1400 audit(1228868811.414:90): avc: denied { > read } for pid=2492 comm="gdm-session-wor" > name=".dmrc" dev=sda5 ino=23265 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > > type=1400 audit(1228868818.290:91): avc: denied { > read } for pid=2502 comm="gdm-session-wor" > name=".dmrc" dev=sda5 ino=18585 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > > type=1400 audit(1228868818.597:92): avc: denied { > read } for pid=2502 comm="gdm-session-wor" > name=".dmrc" dev=sda5 ino=18585 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > > type=1400 audit(1228868932.171:93): avc: denied { > read } for pid=2502 comm="gdm-session-wor" > name=".dmrc" dev=sda5 ino=18585 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > > type=1400 audit(1228868932.997:94): avc: denied { > read write } for pid=2537 comm="gdm-session-wor" > name=".xsession-errors" dev=sda5 ino=298 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > > > type=1400 audit(1228868932.997:95): avc: denied { > read append } for pid=2537 comm="gdm-session-wor" > name=".xsession-errors" dev=sda5 ino=298 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > > > type=1400 audit(1228868978.329:96): avc: denied { > read } for pid=3281 comm="gdm-session-wor" > name=".dmrc" dev=sda5 ino=18585 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > > type=1400 audit(1228868978.569:97): avc: denied { > read } for pid=3281 comm="gdm-session-wor" > name=".dmrc" dev=sda5 ino=18585 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > > type=1400 audit(1228868986.153:98): avc: denied { > read } for pid=3281 comm="gdm-session-wor" > name=".dmrc" dev=sda5 ino=18585 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > type=1400 audit(1228868986.899:99): avc: denied { > read write } for pid=3315 comm="gdm-session-wor" > name=".xsession-errors" dev=sda5 ino=298 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > type=1400 audit(1228868986.899:100): avc: denied { > read append } for pid=3315 comm="gdm-session-wor" > name=".xsession-errors" dev=sda5 ino=298 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > type=1400 audit(1228868986.901:101): avc: denied { > read } for pid=3315 comm="gdm-session-wor" > name=".dmrc" dev=sda5 ino=18585 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > type=1400 audit(1228868986.906:102): avc: denied { > unlink } for pid=3315 comm="gdm-session-wor" > name=".dmrc" dev=sda5 ino=18585 > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:xauth_home_t:s0 tclass=file > > [olivares@riohigh ~]$ rpm -qa selinux-policy > > selinux-policy-3.6.1-8.fc11.noarch > > > > > > Thanks, > > > > Antonio > > > > > > > > > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > restorecon -R -v ~/ > I'll try that. Thanks :) > Also did you edit some files in > /usr/share/setroubleshoot/plugins directory? No, I have not messed with anything manually. > > pychecker /usr/share/setroubleshoot/plugins/*.py > > Should fix > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - > http://enigmail.mozdev.org > > iEYEARECAAYFAkk/708ACgkQrlYvE4MpobPPJACeKiH91oxxXywvIiHKvad0qSnM > U0kAoNpMW3+vCD8lInhtdvAwtgn+nuk5 > =/cQM > -----END PGP SIGNATURE----- Will report back. Thank you for advising. Regards, Antonio -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
