Re: SELinux is preventing gconf-defaults- (gconfdefaultsm_t) "read" security_t.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2009-07-10 at 16:28 -0500, Robert Nichols wrote:
> When trying to set a new default for Power Management Preferences:
> 
> Detailed Description:
> 
> SELinux denied access requested by gconf-defaults-. It is not expected 
> that this
> access is required by gconf-defaults- and this access may signal an
> intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context
> system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023
> Target Context                system_u:object_r:security_t:s0
> Target Objects                mls [ file ]
> Source                        gconf-defaults-
> Source Path                   /usr/libexec/gconf-defaults-mechanism
> Port                          <Unknown>
> Host                          omega-3p.local
> Source RPM Packages           GConf2-2.26.2-1.fc11
> Target RPM Packages
> Policy RPM                    selinux-policy-3.6.12-53.fc11
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     omega-3p.local
> Platform                      Linux omega-3p.local
> 2.6.29.5-191.fc11.i586 #1 SMP
>                                Tue Jun 16 23:11:39 EDT 2009 i686 i686
> Alert Count                   2
> First Seen                    Fri 10 Jul 2009 04:20:11 PM CDT
> Last Seen                     Fri 10 Jul 2009 04:20:11 PM CDT
> Local ID                      de1d32d5-dded-47ec-9eb5-9dc8167a8685
> Line Numbers
> 
> Raw Audit Messages
> 
> node=omega-3p.local type=AVC msg=audit(1247260811.959:37): avc:  denied
>   { read } for  pid=3541 comm="gconf-defaults-" name="mls" dev=selinuxfs
> ino=12 scontext=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:security_t:s0 tclass=file
> 
> node=omega-3p.local type=AVC msg=audit(1247260811.959:37): avc:  denied
>   { open } for  pid=3541 comm="gconf-defaults-" name="mls" dev=selinuxfs
> ino=12 scontext=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:security_t:s0 tclass=file
> 
> node=omega-3p.local type=SYSCALL msg=http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.6.12/65.fc11/noarch/selinux-policy-3.6.12-65.fc11.noarch.rpmaudit(1247260811.959:37):
> arch=40000003 syscall=5 success=yes exit=3 a0=bfd414e8 a1=8000 a2=0
> a3=bfd414e8 items=0 ppid=3540 pid=3541 auid=4294967295 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
> comm="gconf-defaults-" exe="/usr/libexec/gconf-defaults-mechanism"
> subj=system_u:system_r:gconfdefaultsm_t:s0-s0:c0.c1023 key=(null)
> 

This issue should be resolved in latest policy:

rpm -Uvh
http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.6.12/65.fc11/noarch/selinux-policy-3.6.12-65.fc11.noarch.rpm http://kojipkgs.fedoraproject.org/packages/selinux-policy/3.6.12/65.fc11/noarch/selinux-policy-targeted-3.6.12-65.fc11.noarch.rpm

Attachment: signature.asc
Description: This is a digitally signed message part

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux