Re: new flood of avc's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> Dear fellow Selinux experts,
> 
> Now setroubleshoot(er) is working fine and I see a great flood of avc's, some are repeating offenders :( ***.kde*** one especially :(
> 
> 
> Summary:
> 
> SELinux prevented kde4-config from writing .kde.
> 
> Detailed Description:
> 
> SELinux prevented kde4-config from writing .kde. If .kde is a core file, you may
> want to allow this. If .kde is not a core file, this could signal a intrusion
> attempt.
> 
> Allowing Access:
> 
> Changing the "allow_daemons_dump_core" boolean to true will allow this access:
> "setsebool -P allow_daemons_dump_core=1."
> 
> Fix Command:
> 
> setsebool -P allow_daemons_dump_core=1
> 
> Additional Information:
> 
> Source Context                system_u:system_r:xdm_t:SystemLow-SystemHigh
> Target Context                system_u:object_r:root_t
> Target Objects                .kde [ dir ]
> Source                        kde4-config
> Source Path                   /usr/bin/kde4-config
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           kdelibs-4.2.0-10.fc11
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.6.5-3.fc11
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   allow_daemons_dump_core
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
>                               2.6.29-0.110.rc4.git3.fc11.i586 #1 SMP Wed Feb 11
>                               16:25:38 EST 2009 i686 i686
> Alert Count                   1
> First Seen                    Thu 12 Feb 2009 08:38:30 AM CST
> Last Seen                     Thu 12 Feb 2009 08:38:30 AM CST
> Local ID                      d108c183-459e-4b03-a811-e45ea3323dad
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1234449510.598:8): avc:  denied  { create } for  pid=2607 comm="kde4-config" name=".kde" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1234449510.598:8): arch=40000003 syscall=39 success=no exit=-13 a0=8794358 a1=1c0 a2=749e38c a3=1 items=0 ppid=2606 pid=2607 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kde4-config" exe="/usr/bin/kde4-config" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
> 
> 
> Summary:
> 
> SELinux is preventing the gdm-session-wor from using potentially mislabeled
> files (.xsession-errors).
> 
> Detailed Description:
> 
> SELinux has denied gdm-session-wor access to potentially mislabeled file(s)
> (.xsession-errors). This means that SELinux will not allow gdm-session-wor to
> use these files. It is common for users to edit files in their home directory or
> tmp directories and then move (mv) them to system directories. The problem is
> that the files end up with the wrong file context which confined applications
> are not allowed to access.
> 
> Allowing Access:
> 
> If you want gdm-session-wor to access this files, you need to relabel them using
> restorecon -v '.xsession-errors'. You might want to relabel the entire directory
> using restorecon -R -v ''.
> 
> Additional Information:
> 
> Source Context                system_u:system_r:xdm_t:SystemLow-SystemHigh
> Target Context                system_u:object_r:xauth_home_t
> Target Objects                .xsession-errors [ file ]
> Source                        gdm-session-wor
> Source Path                   /usr/libexec/gdm-session-worker
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           gdm-2.25.2-3.fc11
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.6.5-3.fc11
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   home_tmp_bad_labels
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
>                               2.6.29-0.110.rc4.git3.fc11.i586 #1 SMP Wed Feb 11
>                               16:25:38 EST 2009 i686 i686
> Alert Count                   1
> First Seen                    Thu 12 Feb 2009 08:38:37 AM CST
> Last Seen                     Thu 12 Feb 2009 08:38:37 AM CST
> Local ID                      c26924ad-8d28-4294-b100-a403fb00932b
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1234449517.666:18): avc:  denied  { read write } for  pid=2665 comm="gdm-session-wor" name=".xsession-errors" dev=dm-0 ino=426067 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1234449517.666:18): arch=40000003 syscall=33 success=no exit=-13 a0=82088a8 a1=6 a2=c4225c a3=ad69bc items=0 ppid=2660 pid=2665 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
> 
> 
> Summary:
> 
> SELinux is preventing the gdm-session-wor from using potentially mislabeled
> files (.dmrc).
> 
> Detailed Description:
> 
> SELinux has denied gdm-session-wor access to potentially mislabeled file(s)
> (.dmrc). This means that SELinux will not allow gdm-session-wor to use these
> files. It is common for users to edit files in their home directory or tmp
> directories and then move (mv) them to system directories. The problem is that
> the files end up with the wrong file context which confined applications are not
> allowed to access.
> 
> Allowing Access:
> 
> If you want gdm-session-wor to access this files, you need to relabel them using
> restorecon -v '.dmrc'. You might want to relabel the entire directory using
> restorecon -R -v ''.
> 
> Additional Information:
> 
> Source Context                system_u:system_r:xdm_t:SystemLow-SystemHigh
> Target Context                system_u:object_r:xauth_home_t
> Target Objects                .dmrc [ file ]
> Source                        gdm-session-wor
> Source Path                   /usr/libexec/gdm-session-worker
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           gdm-2.25.2-3.fc11
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.6.5-3.fc11
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   home_tmp_bad_labels
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
>                               2.6.29-0.110.rc4.git3.fc11.i586 #1 SMP Wed Feb 11
>                               16:25:38 EST 2009 i686 i686
> Alert Count                   2
> First Seen                    Thu 12 Feb 2009 08:38:37 AM CST
> Last Seen                     Thu 12 Feb 2009 08:38:37 AM CST
> Local ID                      33f693b3-35dc-4b77-be00-95cf19cefdc8
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1234449517.325:11): avc:  denied  { read } for  pid=2660 comm="gdm-session-wor" name=".dmrc" dev=dm-0 ino=426068 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1234449517.325:11): arch=40000003 syscall=5 success=no exit=-13 a0=81a9868 a1=8000 a2=0 a3=8000 items=0 ppid=2626 pid=2660 auid=4294967295 uid=0 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none) ses=4294967295 comm="gdm-session-wor" exe="/usr/libexec/gdm-session-worker" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
> 
> 
> 
> Summary:
> 
> SELinux is preventing 0logwatch (logwatch_t) "read" to /root (user_home_dir_t).
> 
> Detailed Description:
> 
> SELinux denied access requested by 0logwatch. /root may be a mislabeled. /root
> default SELinux type is admin_home_t, but its current type is user_home_dir_t.
> Changing this file back to the default type, may fix your problem.
> 
> File contexts can be assigned to a file in the following ways.
> 
>   * Files created in a directory receive the file context of the parent
>     directory by default.
>   * The SELinux policy might override the default label inherited from the
>     parent directory by specifying a process running in context A which creates
>     a file in a directory labeled B will instead create the file with label C.
>     An example of this would be the dhcp client running with the dhclient_t type
>     and creates a file in the directory /etc. This file would normally receive
>     the etc_t type due to parental inheritance but instead the file is labeled
>     with the net_conf_t type because the SELinux policy specifies this.
>   * Users can change the file context on a file using tools such as chcon, or
>     restorecon.
> 
> This file could have been mislabeled either by user error, or if an normally
> confined application was run under the wrong domain.
> 
> However, this might also indicate a bug in SELinux because the file should not
> have been labeled with this type.
> 
> If you believe this is a bug, please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
> 
> Allowing Access:
> 
> You can restore the default system context to this file by executing the
> restorecon command. restorecon '/root', if this file is a directory, you can
> recursively restore using restorecon -R '/root'.
> 
> Fix Command:
> 
> restorecon '/root'
> 
> Additional Information:
> 
> Source Context                system_u:system_r:logwatch_t:SystemLow-SystemHigh
> Target Context                system_u:object_r:user_home_dir_t
> Target Objects                /root [ dir ]
> Source                        0logwatch
> Source Path                   /usr/bin/perl
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           perl-5.10.0-56.fc11
> Target RPM Packages           filesystem-2.4.19-1.fc10
> Policy RPM                    selinux-policy-3.6.5-3.fc11
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   restorecon
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
>                               2.6.29-0.110.rc4.git3.fc11.i586 #1 SMP Wed Feb 11
>                               16:25:38 EST 2009 i686 i686
> Alert Count                   1
> First Seen                    Thu 12 Feb 2009 09:15:02 AM CST
> Last Seen                     Thu 12 Feb 2009 09:15:02 AM CST
> Local ID                      f4899a3b-7541-45fa-826e-a0b28973be00
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1234451702.307:33): avc:  denied  { read } for  pid=3199 comm="0logwatch" path="/root" dev=dm-0 ino=32769 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=dir
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1234451702.307:33): arch=40000003 syscall=11 success=yes exit=0 a0=9174c20 a1=91744f8 a2=91728a8 a3=91744f8 items=0 ppid=3195 pid=3199 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2 comm="0logwatch" exe="/usr/bin/perl" subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null)
> 
> 
> Summary:
> 
> SELinux is preventing sendmail (system_mail_t) "read" to /root
> (user_home_dir_t).
> 
> Detailed Description:
> 
> SELinux denied access requested by sendmail. /root may be a mislabeled. /root
> default SELinux type is admin_home_t, but its current type is user_home_dir_t.
> Changing this file back to the default type, may fix your problem.
> 
> File contexts can be assigned to a file in the following ways.
> 
>   * Files created in a directory receive the file context of the parent
>     directory by default.
>   * The SELinux policy might override the default label inherited from the
>     parent directory by specifying a process running in context A which creates
>     a file in a directory labeled B will instead create the file with label C.
>     An example of this would be the dhcp client running with the dhclient_t type
>     and creates a file in the directory /etc. This file would normally receive
>     the etc_t type due to parental inheritance but instead the file is labeled
>     with the net_conf_t type because the SELinux policy specifies this.
>   * Users can change the file context on a file using tools such as chcon, or
>     restorecon.
> 
> This file could have been mislabeled either by user error, or if an normally
> confined application was run under the wrong domain.
> 
> However, this might also indicate a bug in SELinux because the file should not
> have been labeled with this type.
> 
> If you believe this is a bug, please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
> 
> Allowing Access:
> 
> You can restore the default system context to this file by executing the
> restorecon command. restorecon '/root', if this file is a directory, you can
> recursively restore using restorecon -R '/root'.
> 
> Fix Command:
> 
> restorecon '/root'
> 
> Additional Information:
> 
> Source Context                system_u:system_r:system_mail_t:SystemLow-
>                               SystemHigh
> Target Context                system_u:object_r:user_home_dir_t
> Target Objects                /root [ dir ]
> Source                        sendmail
> Source Path                   /usr/sbin/sendmail.sendmail
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           sendmail-8.14.3-4.fc11
> Target RPM Packages           filesystem-2.4.19-1.fc10
> Policy RPM                    selinux-policy-3.6.5-3.fc11
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   restorecon
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
>                               2.6.29-0.110.rc4.git3.fc11.i586 #1 SMP Wed Feb 11
>                               16:25:38 EST 2009 i686 i686
> Alert Count                   1
> First Seen                    Thu 12 Feb 2009 09:30:33 AM CST
> Last Seen                     Thu 12 Feb 2009 09:30:33 AM CST
> Local ID                      748a8584-58e2-4487-afba-48a6e2951d7d
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1234452633.639:34): avc:  denied  { read } for  pid=11298 comm="sendmail" path="/root" dev=dm-0 ino=32769 scontext=system_u:system_r:system_mail_t:s0-s0:c0.c1023 tcontext=system_u:object_r:user_home_dir_t:s0 tclass=dir
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1234452633.639:34): arch=40000003 syscall=11 success=yes exit=0 a0=804d6f0 a1=bfb3981c a2=82320a0 a3=4 items=0 ppid=3162 pid=11298 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) ses=2 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:system_mail_t:s0-s0:c0.c1023 key=(null)
> 
> 
> I will be patient here, but the .kde one, I don't understand what is wrong, is it with KDe or with selinux.  I keep seeing it over and over.  It goes away and then it comes back :(
> 
> Thanks,
> 
> Antonio 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>       
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
kde login thinks that it's homedir is /  and wants to create files under /

Then need to start it in a real homedir or have it put this directory
under /var/lib/kde?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmUmEIACgkQrlYvE4MpobMq/gCeJPvsvZPGic6I5pYhsWFcq7nk
ouMAoIpuSyd/p3L6NaC0hnRROaVby80L
=wr2p
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux