kernel oops, dhclient, NetworkManager denials

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear selinux experts,

I am running rawhide and I have encountered the following denied avc's.  Thank you all for your help in anticipation :).  


Summary:

SELinux is preventing kerneloops (kerneloops_t) "read" inotifyfs_t.

Detailed Description:

SELinux denied access requested by kerneloops. It is not expected that this
access is required by kerneloops and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:kerneloops_t:s0-s0:c0.c1023
Target Context                system_u:object_r:inotifyfs_t:s0
Target Objects                inotify [ dir ]
Source                        kerneloops
Source Path                   /usr/sbin/kerneloops
Port                          <Unknown>
Host                          riohigh
Source RPM Packages           kerneloops-0.12-3.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.7-2.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     riohigh
Platform                      Linux riohigh 2.6.29-0.203.rc7.fc11.i586 #1 SMP
                              Wed Mar 4 18:03:29 EST 2009 i686 athlon
Alert Count                   2
First Seen                    Fri 06 Mar 2009 08:37:41 AM CST
Last Seen                     Fri 06 Mar 2009 04:13:48 PM CST
Local ID                      a255a610-ce27-4ae2-8583-5e79658a0022
Line Numbers                  

Raw Audit Messages            

node=riohigh type=AVC msg=audit(1236377628.970:206): avc:  denied  { read } for  pid=14322 comm="kerneloops" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:kerneloops_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

node=riohigh type=SYSCALL msg=audit(1236377628.970:206): arch=40000003 syscall=11 success=yes exit=0 a0=987de20 a1=987dde8 a2=987d008 a3=9880368 items=0 ppid=14321 pid=14322 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kerneloops" exe="/usr/sbin/kerneloops" subj=system_u:system_r:kerneloops_t:s0-s0:c0.c1023 key=(null)




Summary:

SELinux is preventing NetworkManager (NetworkManager_t) "read write"
unconfined_t.

Detailed Description:

SELinux denied access requested by NetworkManager. It is not expected that this
access is required by NetworkManager and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:NetworkManager_t:s0
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                socket [ unix_stream_socket ]
Source                        NetworkManager
Source Path                   /usr/sbin/NetworkManager
Port                          <Unknown>
Host                          riohigh
Source RPM Packages           NetworkManager-0.7.0.99-1.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.7-2.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     riohigh
Platform                      Linux riohigh 2.6.29-0.203.rc7.fc11.i586 #1 SMP
                              Wed Mar 4 18:03:29 EST 2009 i686 athlon
Alert Count                   5
First Seen                    Mon 23 Feb 2009 07:23:54 AM CST
Last Seen                     Fri 06 Mar 2009 04:15:00 PM CST
Local ID                      f192ed25-15af-43fd-aa2e-524cca16b88a
Line Numbers                  

Raw Audit Messages            

node=riohigh type=AVC msg=audit(1236377700.684:236): avc:  denied  { read write } for  pid=14462 comm="NetworkManager" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1236377700.684:236): avc:  denied  { read write } for  pid=14462 comm="NetworkManager" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1236377700.684:236): avc:  denied  { read write } for  pid=14462 comm="NetworkManager" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=SYSCALL msg=audit(1236377700.684:236): arch=40000003 syscall=11 success=yes exit=0 a0=84f2ee0 a1=84f2e30 a2=84f2268 a3=84f2e30 items=0 ppid=14461 pid=14462 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=10 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)




Summary:

SELinux is preventing consoletype (consoletype_t) "read write" unconfined_t.

Detailed Description:

SELinux denied access requested by consoletype. It is not expected that this
access is required by consoletype and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:consoletype_t:s0
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                socket [ unix_stream_socket ]
Source                        consoletype
Source Path                   /sbin/consoletype
Port                          <Unknown>
Host                          riohigh
Source RPM Packages           initscripts-8.89-2
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.7-2.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     riohigh
Platform                      Linux riohigh 2.6.29-0.203.rc7.fc11.i586 #1 SMP
                              Wed Mar 4 18:03:29 EST 2009 i686 athlon
Alert Count                   10
First Seen                    Mon 23 Feb 2009 07:23:51 AM CST
Last Seen                     Fri 06 Mar 2009 04:15:00 PM CST
Local ID                      2797c459-0038-4c1e-a419-d4bc54691e3a
Line Numbers                  

Raw Audit Messages            

node=riohigh type=AVC msg=audit(1236377700.541:235): avc:  denied  { read write } for  pid=14459 comm="consoletype" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1236377700.541:235): avc:  denied  { read write } for  pid=14459 comm="consoletype" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1236377700.541:235): avc:  denied  { read write } for  pid=14459 comm="consoletype" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:consoletype_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=SYSCALL msg=audit(1236377700.541:235): arch=40000003 syscall=11 success=yes exit=0 a0=8fe0470 a1=8fe0078 a2=8fe01c8 a3=8fe0078 items=0 ppid=14458 pid=14459 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=10 comm="consoletype" exe="/sbin/consoletype" subj=unconfined_u:system_r:consoletype_t:s0 key=(null)



Summary:

SELinux is preventing dhclient (dhcpc_t) "read write" unconfined_t.

Detailed Description:

SELinux denied access requested by dhclient. It is not expected that this access
is required by dhclient and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                socket [ unix_stream_socket ]
Source                        dhclient
Source Path                   /sbin/dhclient
Port                          <Unknown>
Host                          riohigh
Source RPM Packages           dhclient-4.1.0-9.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.7-2.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     riohigh
Platform                      Linux riohigh 2.6.29-0.203.rc7.fc11.i586 #1 SMP
                              Wed Mar 4 18:03:29 EST 2009 i686 athlon
Alert Count                   3
First Seen                    Fri 06 Mar 2009 04:16:01 PM CST
Last Seen                     Fri 06 Mar 2009 04:16:01 PM CST
Local ID                      a9c1d6de-334d-4f45-99bb-470f0f97e3ff
Line Numbers                  

Raw Audit Messages            

node=riohigh type=AVC msg=audit(1236377761.743:243): avc:  denied  { read write } for  pid=14537 comm="dhclient" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1236377761.743:243): avc:  denied  { read write } for  pid=14537 comm="dhclient" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1236377761.743:243): avc:  denied  { read write } for  pid=14537 comm="dhclient" path="socket:[26116]" dev=sockfs ino=26116 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=SYSCALL msg=audit(1236377761.743:243): arch=40000003 syscall=11 success=yes exit=0 a0=8d98e40 a1=8da51d0 a2=8d891b8 a3=8da51d0 items=0 ppid=14469 pid=14537 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=10 comm="dhclient" exe="/sbin/dhclient" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)



I first started the system, then I saw that there was no connection, so I did a service NetworkManager stop, followed by a start and then the denied avc.  I did not get a working internet connection, so I then went to call dhclient, the command worked, but selinux kicked in.  Thank you for your help.  Will get back to work on Monday :)

Regards,

Antonio 


      

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux