Re: Troubleshootng the Selunix troubleshooter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Richard Chapman wrote:
> Hi.. When I first installed Centos 5.0 - I disabled SELinux at the first
> sign of trouble. I have now seen the light - and have enabled SELinux
> on  the system which is now updated to Centos 5.2 with Kernel Linux
> 2.6.18-92.1.22.el5 on x86_64. I initially enabled Selinux in permissive
> mode - and tried looking at the GUI SELinux Troubleshooter - but it
> shows no problems. This may be OK - because there are no "type=avc"
> messages in the audit.log file. However there are thousands of "type=
> user_avc". Here are the last 20 while in permissive mode:
> 
> type=USER_AVC msg=audit(1231052785.984:833): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=AddMatch dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.984:834): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=GetNameOwner dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.985:835): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device
> member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.986:836): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820
> scontext=system_u:system_r:init_t:s0
> tcontext=user_u:system_r:initrc_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.987:837): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=RemoveMatch dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.987:838): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=AddMatch dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.987:839): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=GetNameOwner dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.988:840): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device
> member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.989:841): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820
> scontext=system_u:system_r:init_t:s0
> tcontext=user_u:system_r:initrc_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.990:842): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=RemoveMatch dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.990:843): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=AddMatch dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.990:844): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=GetNameOwner dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.991:845): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device
> member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.991:846): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820
> scontext=system_u:system_r:init_t:s0
> tcontext=user_u:system_r:initrc_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.992:847): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=RemoveMatch dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.992:848): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=AddMatch dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.992:849): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=GetNameOwner dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.992:850): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device
> member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.993:851): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820
> scontext=system_u:system_r:init_t:s0
> tcontext=user_u:system_r:initrc_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> type=USER_AVC msg=audit(1231052785.994:852): user pid=2489 uid=81
> auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  denied  {
> send_msg } for msgtype=method_call interface=org.freedesktop.DBus
> member=RemoveMatch dest=org.freedesktop.DBus spid=7820
> scontext=user_u:system_r:initrc_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=dbus :
> exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
> 
> 
> If I set the system to Enforcing mode - and log out and log back in -
> the login seems to run very slowly. If I try to run the gui SELinux
> Troubleshooter - the application window doesn't come up - but I see the
> following errors in the boot.log file.
> 
> Jan 3 16:55:54 C5 dbus: avc: received setenforce notice (enforcing=1)
> Jan 3 16:56:23 C5 userhelper[24703]: running
> '/usr/share/system-config-securitylevel/system-config-securitylevel.py'
> with system_u:system_r:unconfined_t context Jan 3 16:56:23 C5
> userhelper[24703]: running
> '/usr/share/system-config-securitylevel/system-config-securitylevel.py'
> with root privileges on behalf of 'root'
> Jan 3 16:58:02 C5 gconfd (root-21790): Exiting
> Jan 3 16:58:02 C5 sshd[21044]: pam_unix(sshd:session): session closed
> for user nx
> Jan 3 16:58:02 C5 su: pam_unix(su-l:session): session closed for user root
> Jan 3 16:58:23 C5 sshd[24747]: Accepted publickey for nx from
> 192.168.0.2 port 33869 ssh2
> Jan 3 16:58:23 C5 sshd[24747]: pam_unix(sshd:session): session opened
> for user nx by (uid=0)
> Jan 3 16:58:25 C5 su: pam_unix(su-l:session): session opened for user
> root by (uid=102)
> Jan 3 16:58:28 C5 dovecot: IMAP(tim): Disconnected: Logged out
> Jan 3 16:58:30 C5 gconfd (root-25493): starting (version 2.14.0), pid
> 25493 user 'root'
> Jan 3 16:58:30 C5 gconfd (root-25493): Resolved address
> "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only
> configuration source at position 0
> Jan 3 16:58:30 C5 gconfd (root-25493): Resolved address
> "xml:readwrite:/root/.gconf" to a writable configuration source at
> position 1
> Jan 3 16:58:30 C5 gconfd (root-25493): Resolved address
> "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only
> configuration source at position 2
> Jan 3 16:58:33 C5 pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0
> Not Found
> Jan 3 16:58:33 C5 last message repeated 4 times
> Jan 3 16:58:33 C5 gconfd (root-25493): Resolved address
> "xml:readwrite:/root/.gconf" to a writable configuration source at
> position 0
> Jan 3 16:59:46 C5 gdm[4045]: pam_unix(gdm:session): session opened for
> user root by (uid=0)
> Jan 3 16:59:59 C5 pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0
> Not Found
> Jan 3 16:59:59 C5 last message repeated 4 times
> Jan 3 17:00:01 C5 crond[25738]: (root) CMD (/var/www/sarg/sarg.cron >
> /dev/null 2>&1)
> Jan 3 17:00:01 C5 crond[25740]: (root) CMD
> (/etc/webmin/webalizer/webalizer.pl /var/log/squid/access.log)
> Jan 3 17:00:01 C5 crond[25742]: (root) CMD (/etc/webmin/status/monitor.pl)
> Jan 3 17:00:01 C5 crond[25743]: (root) CMD
> (/etc/webmin/fetchmail/check.pl --mail rchapman\@aardvark\.com\.au
> --errors)
> Jan 3 17:00:01 C5 su: pam_unix(su:session): session opened for user
> richard by (uid=0)
> Jan 3 17:00:04 C5 su: pam_unix(su:session): session opened for user
> postgres by (uid=0)
> Jan 3 17:00:04 C5 su: pam_unix(su:session): session closed for user
> postgres
> Jan 3 17:00:13 C5 su: pam_unix(su:session): session closed for user richard
> Jan 3 17:01:01 C5 crond[25911]: (root) CMD (run-parts /etc/cron.hourly)
> Jan 3 17:01:15 C5 userhelper[25928]: running
> '/usr/share/system-config-securitylevel/system-config-securitylevel.py'
> with system_u:system_r:unconfined_t context Jan 3 17:01:15 C5
> userhelper[25928]: running
> '/usr/share/system-config-securitylevel/system-config-securitylevel.py'
> with root privileges on behalf of 'root'
> Jan 3 17:02:18 C5 setroubleshoot: [dbus.ERROR] could not start dbus: Did
> not receive a reply. Possible causes include: the remote application did
> not send a reply, the message bus security policy blocked the reply, the
> reply timeout expired, or the network connection was broken.
> Jan 3 17:03:06 C5 dovecot: imap-login: Login: user=<tim>, method=PLAIN,
> rip=192.168.0.199, lip=192.168.0.201
> Jan 3 17:03:37 C5 dovecot: IMAP(tim): Disconnected: Logged out
> Jan 3 17:04:14 C5 setroubleshoot: [dbus.ERROR] could not start dbus: Did
> not receive a reply. Possible causes include: the remote application did
> not send a reply, the message bus security policy blocked the reply, the
> reply timeout expired, or the network connection was broken.
> 
> I have also tried the comand line sealert application - which runs fine
> - but shows no problems:
> 
> [root@C5 <mailto:root@C5> ~]# sealert -a /var/log/audit/audit.log
> 100% donefound 0 alerts in /var/log/audit/audit.log
> [root@C5 <mailto:root@C5> ~]#
> It looks to me as if there is some problem (possibly a policy issue)
> with my dbus connection. and this is preventing the selinux
> troubleshooter operating in enforcing mode - and also probably causing
> some other problems in enforcing mode - though no "type-avc" problems
> show up int eh audit logs.
> 
> Can anyone explain to me what "type=user_avc" messages are - and why
> they are not reported by teh gui SELinux troubleshooter or sealert? How
> should I debug the remainig issues in theis system?
> 
> All adice appreciated.
> 
> Richard.
> 
> 
> 
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Please make sure your labeling is correct.

touch /.autorelabel; reboot

Looks like the entire system is running with a signal context which is
causing you your problems.

You might also want to grab the 5.3 policy, a preview is currently
available on

http://people.redhat.com/dwalsh/SELinux/RHEL5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAklhET0ACgkQrlYvE4MpobN/xQCfbPlG+JiHqdeE4hlT74XlRLmR
IUQAoJu/VriYRDC2S+89oBxm7DcTN84u
=k22P
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux