-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Antonio Olivares wrote: > > > > Summary: > > SELinux is preventing crontab (admin_crontab_t) "read write" unconfined_t. > > Detailed Description: > > SELinux denied access requested by crontab. It is not expected that this access > is required by crontab and this access may signal an intrusion attempt. It is > also possible that the specific version or configuration of the application is > causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable > SELinux protection altogether. Disabling SELinux protection is not recommended. > Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0 > .c1023 > Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 > Target Objects socket [ unix_stream_socket ] > Source crontab > Source Path /usr/bin/crontab > Port <Unknown> > Host riohigh > Source RPM Packages cronie-1.2-6.fc11 > Target RPM Packages > Policy RPM selinux-policy-3.6.6-8.fc11 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name catchall > Host Name riohigh > Platform Linux riohigh 2.6.29-0.176.rc6.git5.fc11.i586 #1 > SMP Sat Feb 28 20:51:15 EST 2009 i686 athlon > Alert Count 16 > First Seen Mon 02 Mar 2009 07:11:37 PM CST > Last Seen Mon 02 Mar 2009 07:11:39 PM CST > Local ID 3883b140-4d39-40f5-9262-ce2c4c4e2e16 > Line Numbers > > Raw Audit Messages > > node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15740]" dev=sockfs ino=15740 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket > > node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket > > node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket > > node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket > > node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket > > node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket > > node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket > > node=riohigh type=AVC msg=audit(1236042699.560:325): avc: denied { read write } for pid=7023 comm="crontab" path="socket:[15509]" dev=sockfs ino=15509 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket > > node=riohigh type=SYSCALL msg=audit(1236042699.560:325): arch=40000003 syscall=11 success=yes exit=0 a0=9756cc8 a1=9765140 a2=9750a18 a3=9765140 items=0 ppid=6988 pid=7023 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts4 ses=1 comm="crontab" exe="/usr/bin/crontab" subj=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 key=(null) > > > > Summary: > > SELinux prevented kde4-config from writing .kde. > > Detailed Description: > > SELinux prevented kde4-config from writing .kde. If .kde is a core file, you may > want to allow this. If .kde is not a core file, this could signal a intrusion > attempt. > > Allowing Access: > > Changing the "allow_daemons_dump_core" boolean to true will allow this access: > "setsebool -P allow_daemons_dump_core=1." > > Fix Command: > > setsebool -P allow_daemons_dump_core=1 > > Additional Information: > > Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023 > Target Context system_u:object_r:root_t:s0 > Target Objects .kde [ dir ] > Source kde4-config > Source Path /usr/bin/kde4-config > Port <Unknown> > Host riohigh > Source RPM Packages kdelibs-4.2.1-1.fc11 > Target RPM Packages > Policy RPM selinux-policy-3.6.6-8.fc11 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name allow_daemons_dump_core > Host Name riohigh > Platform Linux riohigh 2.6.29-0.176.rc6.git5.fc11.i586 #1 > SMP Sat Feb 28 20:51:15 EST 2009 i686 athlon > Alert Count 16 > First Seen Tue 17 Feb 2009 08:36:03 AM CST > Last Seen Mon 02 Mar 2009 03:49:11 PM CST > Local ID 6d47417b-4b4b-4c4f-9c12-6210059fc418 > Line Numbers > > Raw Audit Messages > > node=riohigh type=AVC msg=audit(1236030551.278:7): avc: denied { create } for pid=2361 comm="kde4-config" name=".kde" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir > > node=riohigh type=SYSCALL msg=audit(1236030551.278:7): arch=40000003 syscall=39 success=no exit=-13 a0=9e843f8 a1=1c0 a2=60cf8c a3=0 items=0 ppid=2360 pid=2361 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kde4-config" exe="/usr/bin/kde4-config" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null) > > > > > Thanks, > > Antonio > > > > > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list THe .kde problem has been reported, to kdebase. THe crontab trying to talk to unconfined_t unix stream socket, I think is a leaked file descriptor caused by restarting cron, perhaps from a konsole? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkmtQuIACgkQrlYvE4MpobNRvgCg0/AgI5iDOwBlv7t9QO4kIAMj FNEAoNuT68US7f92FwgxqFGoQ0Kt9p/n =K84y -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
