Re: SELinux is preventing devkit-disks-da (devicekit_disk_t)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/06/2009 05:28 PM, Antonio Olivares wrote:

Dear fellow selinux experts,

I got a selinux denial upon mounting a fat32 partition(shared between windows and linux).  How can I fix it so that it does not show up again if it does?

Summary:

SELinux is preventing devkit-disks-da (devicekit_disk_t) "sys_ptrace"
devicekit_disk_t.

Detailed Description:

SELinux denied access requested by devkit-disks-da. It is not expected that this
access is required by devkit-disks-da and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023
Target Context                system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023
Target Objects                None [ capability ]
Source                        devkit-disks-da
Source Path                   /usr/libexec/devkit-disks-daemon
Port<Unknown>
Host                          antonio-fedora-x86-64
Source RPM Packages           DeviceKit-disks-003-9.fc11
Target RPM Packages
Policy RPM                    selinux-policy-3.6.10-8.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     antonio-fedora-x86-64
Platform                      Linux antonio-fedora-x86-64
                               2.6.29.1-46.fc11.x86_64 #1 SMP Thu Apr 2 22:34:13
                               EDT 2009 x86_64 x86_64
Alert Count                   2
First Seen                    Thu 02 Apr 2009 04:36:09 PM CDT
Last Seen                     Mon 06 Apr 2009 04:24:45 PM CDT
Local ID                      80470692-0d41-4e67-8df2-d03673f897a8
Line Numbers

Raw Audit Messages

node=antonio-fedora-x86-64 type=AVC msg=audit(1239053085.114:23): avc:  denied  { sys_ptrace } for  pid=2830 comm="devkit-disks-da" capability=19 scontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tcontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tclass=capability

node=antonio-fedora-x86-64 type=SYSCALL msg=audit(1239053085.114:23): arch=c000003e syscall=89 success=yes exit=36 a0=7fffb3ce9c00 a1=7fffb3ce9d10 a2=fff a3=7fffb3ce99b0 items=0 ppid=1 pid=2830 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="devkit-disks-da" exe="/usr/libexec/devkit-disks-daemon" subj=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 key=(null)




Regards,

Antonio




--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
devicekit_disk_t is a permissive domain so it did not block anything, (success=yes) 

But you can allow this using audit2allow -M mydevicekit.

I will add it to policy although I am not sure what it is doing.


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux