Dear selinux experts, I am running rawhide and I have encountered the following denied avc's. Thank you all for your help in anticipation :). Summary: SELinux is preventing kerneloops (kerneloops_t) "read" inotifyfs_t. Detailed Description: SELinux denied access requested by kerneloops. It is not expected that this access is required by kerneloops and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:kerneloops_t:s0-s0:c0.c1023 Target Context system_u:object_r:inotifyfs_t:s0 Target Objects inotify [ dir ] Source kerneloops Source Path /usr/sbin/kerneloops Port <Unknown> Host riohigh Source RPM Packages kerneloops-0.12-3.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.7-2.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name riohigh Platform Linux riohigh 2.6.29-0.203.rc7.fc11.i586 #1 SMP Wed Mar 4 18:03:29 EST 2009 i686 athlon Alert Count 2 First Seen Fri 06 Mar 2009 08:37:41 AM CST Last Seen Fri 06 Mar 2009 04:13:48 PM CST Local ID a255a610-ce27-4ae2-8583-5e79658a0022 Line Numbers Raw Audit Messages node=riohigh type=AVC msg=audit(1236377628.970:206): avc: denied { read } for pid=14322 comm="kerneloops" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:kerneloops_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir node=riohigh type=SYSCALL msg=audit(1236377628.970:206): arch=40000003 syscall=11 success=yes exit=0 a0=987de20 a1=987dde8 a2=987d008 a3=9880368 items=0 ppid=14321 pid=14322 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kerneloops" exe="/usr/sbin/kerneloops" subj=system_u:system_r:kerneloops_t:s0-s0:c0.c1023 key=(null) Summary: SELinux is preventing NetworkManager (NetworkManager_t) "read write" unconfined_t. Detailed Description: SELinux denied access requested by NetworkManager. It is not expected that this access is required by NetworkManager and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:NetworkManager_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects socket [ unix_stream_socket ] Source NetworkManager Source Path /usr/sbin/NetworkManager Port <Unknown> Host riohigh Source RPM Packages NetworkManager-0.7.0.99-1.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.7-2.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name riohigh Platform Linux riohigh 2.6.29-0.203.rc7.fc11.i586 #1 SMP Wed Mar 4 18:03:29 EST 2009 i686 athlon Alert Count 5 First Seen Mon 23 Feb 2009 07:23:54 AM CST Last Seen Fri 06 Mar 2009 04:15:00 PM CST Local ID f192ed25-15af-43fd-aa2e-524cca16b88a Line Numbers Raw Audit Messages node=riohigh type=AVC msg=audit(1236377700.684:236): avc: denied { read write } for pid=14462 comm="NetworkManager" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket node=riohigh type=AVC msg=audit(1236377700.684:236): avc: denied { read write } for pid=14462 comm="NetworkManager" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket node=riohigh type=AVC msg=audit(1236377700.684:236): avc: denied { read write } for pid=14462 comm="NetworkManager" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket node=riohigh type=SYSCALL msg=audit(1236377700.684:236): arch=40000003 syscall=11 success=yes exit=0 a0=84f2ee0 a1=84f2e30 a2=84f2268 a3=84f2e30 items=0 ppid=14461 pid=14462 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=10 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null) Summary: SELinux is preventing consoletype (consoletype_t) "read write" unconfined_t. Detailed Description: SELinux denied access requested by consoletype. It is not expected that this access is required by consoletype and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:consoletype_t:s0 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects socket [ unix_stream_socket ] Source consoletype Source Path /sbin/consoletype Port <Unknown> Host riohigh Source RPM Packages initscripts-8.89-2 Target RPM Packages Policy RPM selinux-policy-3.6.7-2.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name riohigh Platform Linux riohigh 2.6.29-0.203.rc7.fc11.i586 #1 SMP Wed Mar 4 18:03:29 EST 2009 i686 athlon Alert Count 10 First Seen Mon 23 Feb 2009 07:23:51 AM CST Last Seen Fri 06 Mar 2009 04:15:00 PM CST Local ID 2797c459-0038-4c1e-a419-d4bc54691e3a Line Numbers Raw Audit Messages node=riohigh type=AVC msg=audit(1236377700.541:235): avc: denied { read write } for pid=14459 comm="consoletype" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket node=riohigh type=AVC msg=audit(1236377700.541:235): avc: denied { read write } for pid=14459 comm="consoletype" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket node=riohigh type=AVC msg=audit(1236377700.541:235): avc: denied { read write } for pid=14459 comm="consoletype" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket node=riohigh type=SYSCALL msg=audit(1236377700.541:235): arch=40000003 syscall=11 success=yes exit=0 a0=8fe0470 a1=8fe0078 a2=8fe01c8 a3=8fe0078 items=0 ppid=14458 pid=14459 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=10 comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null) Summary: SELinux is preventing dhclient (dhcpc_t) "read write" unconfined_t. Detailed Description: SELinux denied access requested by dhclient. It is not expected that this access is required by dhclient and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects socket [ unix_stream_socket ] Source dhclient Source Path /sbin/dhclient Port <Unknown> Host riohigh Source RPM Packages dhclient-4.1.0-9.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.7-2.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name riohigh Platform Linux riohigh 2.6.29-0.203.rc7.fc11.i586 #1 SMP Wed Mar 4 18:03:29 EST 2009 i686 athlon Alert Count 3 First Seen Fri 06 Mar 2009 04:16:01 PM CST Last Seen Fri 06 Mar 2009 04:16:01 PM CST Local ID a9c1d6de-334d-4f45-99bb-470f0f97e3ff Line Numbers Raw Audit Messages node=riohigh type=AVC msg=audit(1236377761.743:243): avc: denied { read write } for pid=14537 comm="dhclient" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket node=riohigh type=AVC msg=audit(1236377761.743:243): avc: denied { read write } for pid=14537 comm="dhclient" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket node=riohigh type=AVC msg=audit(1236377761.743:243): avc: denied { read write } for pid=14537 comm="dhclient" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket node=riohigh type=SYSCALL msg=audit(1236377761.743:243): arch=40000003 syscall=11 success=yes exit=0 a0=8d98e40 a1=8da51d0 a2=8d891b8 a3=8da51d0 items=0 ppid=14469 pid=14537 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=10 comm="dhclient" exe="/sbin/dhclient" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null) I first started the system, then I saw that there was no connection, so I did a service NetworkManager stop, followed by a start and then the denied avc. I did not get a working internet connection, so I then went to call dhclient, the command worked, but selinux kicked in. Thank you for your help. Will get back to work on Monday :) Regards, Antonio -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
