Re: denied avc's on rawhide

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--- On Wed, 12/10/08, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:

> From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
> Subject: Re: denied avc's on rawhide
> To: olivares14031@xxxxxxxxx
> Cc: fedora-test-list@xxxxxxxxxx, fedora-selinux-list@xxxxxxxxxx
> Date: Wednesday, December 10, 2008, 8:33 AM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Antonio Olivares wrote:
> >> If you update to
> selinux-policy-3.6.1-8.fc11.noarch
> >> These should be fixed.
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.4.9 (GNU/Linux)
> >> Comment: Using GnuPG with Fedora -
> >> http://enigmail.mozdev.org
> >>
> >>
> iEYEARECAAYFAkk+2DIACgkQrlYvE4MpobN1TwCdF5LmqDAhnTEkvYVDYeahBzAW
> >> ddsAoLmrjp/0XyRA/5kiNLPqDxJ0xega
> >> =euz2
> >> -----END PGP SIGNATURE-----
> > 
> > Yes, they are :), thank you very much.  Now selinux is
> denying the setroubleshoot daemon from kicking in :(,
> selinux denying itself in some ways.  I got new avcs:
> > 
> > [olivares@riohigh ~]$ dmesg | grep 'avc'
> > type=1400 audit(1228868792.540:4): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> 
> > type=1400 audit(1228868792.546:5): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> 
> > type=1400 audit(1228868792.569:6): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> 
> > type=1400 audit(1228868792.574:7): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> 
> > type=1400 audit(1228868792.582:8): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> 
> > type=1400 audit(1228868792.600:9): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> 
> > type=1400 audit(1228868792.617:10): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868792.647:11): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868792.653:12): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868792.665:13): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868798.247:59): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868798.259:60): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868798.269:61): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868798.277:62): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868798.283:63): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868798.296:64): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868798.304:65): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868798.309:66): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868798.322:67): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868798.354:68): avc:  denied  {
> write } for  pid=2038 comm="setroubleshootd"
> name="plugins" dev=sda5 ino=142832
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:usr_t:s0 tclass=dir              
> > type=1400 audit(1228868811.296:89): avc:  denied  {
> read } for  pid=2492 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=23265
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file      
>    
> > type=1400 audit(1228868811.414:90): avc:  denied  {
> read } for  pid=2492 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=23265
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file      
>    
> > type=1400 audit(1228868818.290:91): avc:  denied  {
> read } for  pid=2502 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file      
>    
> > type=1400 audit(1228868818.597:92): avc:  denied  {
> read } for  pid=2502 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file      
>    
> > type=1400 audit(1228868932.171:93): avc:  denied  {
> read } for  pid=2502 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file      
>    
> > type=1400 audit(1228868932.997:94): avc:  denied  {
> read write } for  pid=2537 comm="gdm-session-wor"
> name=".xsession-errors" dev=sda5 ino=298
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file      
>                                                             
>        
> > type=1400 audit(1228868932.997:95): avc:  denied  {
> read append } for  pid=2537 comm="gdm-session-wor"
> name=".xsession-errors" dev=sda5 ino=298
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file      
>                                                             
>       
> > type=1400 audit(1228868978.329:96): avc:  denied  {
> read } for  pid=3281 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file      
>    
> > type=1400 audit(1228868978.569:97): avc:  denied  {
> read } for  pid=3281 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file      
>    
> > type=1400 audit(1228868986.153:98): avc:  denied  {
> read } for  pid=3281 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> > type=1400 audit(1228868986.899:99): avc:  denied  {
> read write } for  pid=3315 comm="gdm-session-wor"
> name=".xsession-errors" dev=sda5 ino=298
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> > type=1400 audit(1228868986.899:100): avc:  denied  {
> read append } for  pid=3315 comm="gdm-session-wor"
> name=".xsession-errors" dev=sda5 ino=298
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> > type=1400 audit(1228868986.901:101): avc:  denied  {
> read } for  pid=3315 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> > type=1400 audit(1228868986.906:102): avc:  denied  {
> unlink } for  pid=3315 comm="gdm-session-wor"
> name=".dmrc" dev=sda5 ino=18585
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> > [olivares@riohigh ~]$ rpm -qa selinux-policy
> > selinux-policy-3.6.1-8.fc11.noarch
> > 
> > 
> > Thanks,
> > 
> > Antonio 
> > 
> > 
> >       
> > 
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@xxxxxxxxxx
> >
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> restorecon -R -v ~/
> 
I'll try that.  Thanks :)
> Also did you edit some files in
> /usr/share/setroubleshoot/plugins directory?
No, I have not messed with anything manually.  
> 
> pychecker  /usr/share/setroubleshoot/plugins/*.py
> 
> Should fix
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora -
> http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkk/708ACgkQrlYvE4MpobPPJACeKiH91oxxXywvIiHKvad0qSnM
> U0kAoNpMW3+vCD8lInhtdvAwtgn+nuk5
> =/cQM
> -----END PGP SIGNATURE-----

Will report back.  Thank you for advising.

Regards,

Antonio 


      

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux