dhcpd_write and .kde4 revisited + crontab trouble, ntp too

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Summary:

SELinux is preventing dhclient (dhcpc_t) "read write" unconfined_t.

Detailed Description:

SELinux denied access requested by dhclient. It is not expected that this access
is required by dhclient and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                socket [ unix_stream_socket ]
Source                        dhclient
Source Path                   /sbin/dhclient
Port                          <Unknown>
Host                          riohigh
Source RPM Packages           dhclient-4.1.0-11.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.8-3.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     riohigh
Platform                      Linux riohigh 2.6.29-0.258.rc8.git2.fc11.i586 #1
                              SMP Mon Mar 16 20:53:59 EDT 2009 i686 athlon
Alert Count                   22
First Seen                    Fri 06 Mar 2009 04:16:01 PM CST
Last Seen                     Tue 24 Mar 2009 04:35:56 PM CST
Local ID                      a9c1d6de-334d-4f45-99bb-470f0f97e3ff
Line Numbers                  

Raw Audit Messages            

node=riohigh type=AVC msg=audit(1237934156.758:26): avc:  denied  { read write } for  pid=3372 comm="dhclient" path="socket:[17209]" dev=sockfs ino=17209 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1237934156.758:26): avc:  denied  { read write } for  pid=3372 comm="dhclient" path="socket:[17209]" dev=sockfs ino=17209 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=SYSCALL msg=audit(1237934156.758:26): arch=40000003 syscall=11 success=yes exit=0 a0=921ff38 a1=9207390 a2=9203bc0 a3=9207390 items=0 ppid=3332 pid=3372 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="dhclient" exe="/sbin/dhclient" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux prevented kde4-config from writing .kde.

Detailed Description:

SELinux prevented kde4-config from writing .kde. If .kde is a core file, you may
want to allow this. If .kde is not a core file, this could signal a intrusion
attempt.

Allowing Access:

Changing the "allow_daemons_dump_core" boolean to true will allow this access:
"setsebool -P allow_daemons_dump_core=1."

Fix Command:

setsebool -P allow_daemons_dump_core=1

Additional Information:

Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
Target Context                system_u:object_r:root_t:s0
Target Objects                .kde [ dir ]
Source                        kde4-config
Source Path                   /usr/bin/kde4-config
Port                          <Unknown>
Host                          riohigh
Source RPM Packages           kdelibs-4.2.1-4.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.8-3.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   allow_daemons_dump_core
Host Name                     riohigh
Platform                      Linux riohigh 2.6.29-0.258.rc8.git2.fc11.i586 #1
                              SMP Mon Mar 16 20:53:59 EDT 2009 i686 athlon
Alert Count                   43
First Seen                    Tue 17 Feb 2009 08:36:03 AM CST
Last Seen                     Tue 24 Mar 2009 04:34:07 PM CST
Local ID                      6d47417b-4b4b-4c4f-9c12-6210059fc418
Line Numbers                  

Raw Audit Messages            

node=riohigh type=AVC msg=audit(1237934047.415:8): avc:  denied  { create } for  pid=2410 comm="kde4-config" name=".kde" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir

node=riohigh type=SYSCALL msg=audit(1237934047.415:8): arch=40000003 syscall=39 success=no exit=-13 a0=8ac6418 a1=1c0 a2=296f2ec a3=0 items=0 ppid=2409 pid=2410 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="kde4-config" exe="/usr/bin/kde4-config" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)


Now I see why crontab does not work :(


Summary:

SELinux is preventing crontab (admin_crontab_t) "read write" unconfined_t.

Detailed Description:

SELinux denied access requested by crontab. It is not expected that this access
is required by crontab and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0
                              .c1023
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                socket [ unix_stream_socket ]
Source                        crontab
Source Path                   /usr/bin/crontab
Port                          <Unknown>
Host                          riohigh
Source RPM Packages           cronie-1.2-7.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.8-3.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     riohigh
Platform                      Linux riohigh 2.6.29-0.258.rc8.git2.fc11.i586 #1
                              SMP Mon Mar 16 20:53:59 EDT 2009 i686 athlon
Alert Count                   114
First Seen                    Mon 02 Mar 2009 07:11:37 PM CST
Last Seen                     Tue 24 Mar 2009 04:10:37 PM CST
Local ID                      3883b140-4d39-40f5-9262-ce2c4c4e2e16
Line Numbers                  

Raw Audit Messages            

node=riohigh type=AVC msg=audit(1237932637.221:85): avc:  denied  { read write } for  pid=5361 comm="crontab" path="socket:[17209]" dev=sockfs ino=17209 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1237932637.221:85): avc:  denied  { read write } for  pid=5361 comm="crontab" path="socket:[17513]" dev=sockfs ino=17513 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1237932637.221:85): avc:  denied  { read write } for  pid=5361 comm="crontab" path="socket:[17209]" dev=sockfs ino=17209 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1237932637.221:85): avc:  denied  { read write } for  pid=5361 comm="crontab" path="socket:[17209]" dev=sockfs ino=17209 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1237932637.221:85): avc:  denied  { read write } for  pid=5361 comm="crontab" path="socket:[17209]" dev=sockfs ino=17209 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1237932637.221:85): avc:  denied  { read write } for  pid=5361 comm="crontab" path="socket:[17209]" dev=sockfs ino=17209 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1237932637.221:85): avc:  denied  { read write } for  pid=5361 comm="crontab" path="socket:[17209]" dev=sockfs ino=17209 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1237932637.221:85): avc:  denied  { read write } for  pid=5361 comm="crontab" path="socket:[17209]" dev=sockfs ino=17209 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1237932637.221:85): avc:  denied  { read write } for  pid=5361 comm="crontab" path="socket:[17209]" dev=sockfs ino=17209 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=AVC msg=audit(1237932637.221:85): avc:  denied  { read write } for  pid=5361 comm="crontab" path="socket:[17209]" dev=sockfs ino=17209 scontext=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=SYSCALL msg=audit(1237932637.221:85): arch=40000003 syscall=11 success=yes exit=0 a0=8e005a0 a1=8e004d0 a2=8dfa9f8 a3=8e004d0 items=0 ppid=5324 pid=5361 auid=500 uid=500 gid=500 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=1 comm="crontab" exe="/usr/bin/crontab" subj=unconfined_u:unconfined_r:admin_crontab_t:s0-s0:c0.c1023 key=(null)

[olivares@riohigh ~]$ crontab -l

Authentication service cannot retrieve authentication info
You (olivares) are not allowed to access to (crontab) because of pam configuration.
[olivares@riohigh ~]$ crontab -e

Authentication service cannot retrieve authentication info
You (olivares) are not allowed to access to (crontab) because of pam configuration.
[olivares@riohigh ~]$

setroubleshooter kicks in and returns:


Summary:

SELinux is preventing ntpd (ntpd_t) "read write" unconfined_t.

Detailed Description:

SELinux denied access requested by ntpd. It is not expected that this access is
required by ntpd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:ntpd_t:s0
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                socket [ unix_stream_socket ]
Source                        ntpd
Source Path                   /usr/sbin/ntpd
Port                          <Unknown>
Host                          riohigh
Source RPM Packages           ntp-4.2.4p6-3.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.8-3.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     riohigh
Platform                      Linux riohigh 2.6.29-0.258.rc8.git2.fc11.i586 #1
                              SMP Mon Mar 16 20:53:59 EDT 2009 i686 athlon
Alert Count                   1
First Seen                    Mon 23 Mar 2009 04:07:29 PM CST
Last Seen                     Mon 23 Mar 2009 04:07:29 PM CST
Local ID                      718bc628-af85-4d41-a5c1-838d9d3208bd
Line Numbers                  

Raw Audit Messages            

node=riohigh type=AVC msg=audit(1237846049.986:105): avc:  denied  { read write } for  pid=18588 comm="ntpd" path="socket:[4898784]" dev=sockfs ino=4898784 scontext=unconfined_u:system_r:ntpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=SYSCALL msg=audit(1237846049.986:105): arch=40000003 syscall=11 success=yes exit=0 a0=9e21f80 a1=9e22280 a2=9e21248 a3=9e22280 items=0 ppid=18587 pid=18588 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=10 comm="ntpd" exe="/usr/sbin/ntpd" subj=unconfined_u:system_r:ntpd_t:s0 key=(null)

The time was not changed on this machine, I tried to call ntp and it did not work, why here's the reason:


Summary:

SELinux is preventing ntpd (ntpd_t) "read write" unconfined_t.

Detailed Description:

SELinux denied access requested by ntpd. It is not expected that this access is
required by ntpd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:ntpd_t:s0
Target Context                unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                socket [ unix_stream_socket ]
Source                        ntpd
Source Path                   /usr/sbin/ntpd
Port                          <Unknown>
Host                          riohigh
Source RPM Packages           ntp-4.2.4p6-3.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.8-3.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     riohigh
Platform                      Linux riohigh 2.6.29-0.258.rc8.git2.fc11.i586 #1
                              SMP Mon Mar 16 20:53:59 EDT 2009 i686 athlon
Alert Count                   1
First Seen                    Mon 23 Mar 2009 04:07:29 PM CST
Last Seen                     Mon 23 Mar 2009 04:07:29 PM CST
Local ID                      718bc628-af85-4d41-a5c1-838d9d3208bd
Line Numbers                  

Raw Audit Messages            

node=riohigh type=AVC msg=audit(1237846049.986:105): avc:  denied  { read write } for  pid=18588 comm="ntpd" path="socket:[4898784]" dev=sockfs ino=4898784 scontext=unconfined_u:system_r:ntpd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket

node=riohigh type=SYSCALL msg=audit(1237846049.986:105): arch=40000003 syscall=11 success=yes exit=0 a0=9e21f80 a1=9e22280 a2=9e21248 a3=9e22280 items=0 ppid=18587 pid=18588 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=10 comm="ntpd" exe="/usr/sbin/ntpd" subj=unconfined_u:system_r:ntpd_t:s0 key=(null)


I appreciate any help I can get.  It has been a while since NetworkManager gives me a successfull connection.  I have to become root and use dhclient to get internet access.  If I need to file bug reports, please let me know against which components and I will do it.  

Thanks,

Antonio 












      

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux