Re: policy for mgetty fax receive and new_fax

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Dienstag, den 29.12.2009, 12:16 +0100 schrieb Dominick Grift:
> On Tue, Dec 29, 2009 at 10:17:36AM +0100, Klaus Lichtenwalder wrote:
> > Hi,
> > 
> > just tried receiving a fax with mgetty (and notifying me via email with
> > the attached fax)
> > Watching all denials flowing by (permissive mode,
> > selinux-policy-targeted-3.6.32-59.fc12.noarch) I'm wondering whether
> > someone already started preparing a policy or whether I should try to
> > start it on myself? Anyone knows? Google does not find much of value
> 
> Can you show us the AVC denials?

Sure, no problem. One thing, as a first step I put new_fax into bin_t,
as this was a suggestion from sealert output. 
I do think this probably does not belong to the getty policy, as mgetty,
receiving a fax, does far more than standard getty, imho.

Klaus
-- 
------------------------------------------------------------------------ 
 Klaus Lichtenwalder, Dipl. Inform.,  http://lklaus.homelinux.org/Klaus/
 PGP Key fingerprint: A5C0 F73A 2C83 96EE 766B  9C62 DB6D 1258 0E9B B6D1

----
time->Mon Dec 28 17:12:38 2009
type=SYSCALL msg=audit(1262016758.657:57496): arch=c000003e syscall=59 success=yes exit=0 a0=3273d3ace3 a1=7fffef415d60 a2=7fffef418a30 a3=7f0863d089d0 items=0 ppid=31795 pid=1283 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="sh" exe="/bin/bash" subj=system_u:system_r:getty_t:s0 key=(null)
type=AVC msg=audit(1262016758.657:57496): avc:  denied  { execute_no_trans } for  pid=1283 comm="mgetty" path="/bin/bash" dev=dm-6 ino=12628 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
type=AVC msg=audit(1262016758.657:57496): avc:  denied  { read open } for  pid=1283 comm="mgetty" name="bash" dev=dm-6 ino=12628 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
type=AVC msg=audit(1262016758.657:57496): avc:  denied  { execute } for  pid=1283 comm="mgetty" name="bash" dev=dm-6 ino=12628 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
----
time->Mon Dec 28 17:12:38 2009
type=SYSCALL msg=audit(1262016758.659:57497): arch=c000003e syscall=2 success=yes exit=3 a0=3273d3c1f2 a1=0 a2=1b6 a3=2 items=0 ppid=31795 pid=1283 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="sh" exe="/bin/bash" subj=system_u:system_r:getty_t:s0 key=(null)
type=AVC msg=audit(1262016758.659:57497): avc:  denied  { open } for  pid=1283 comm="sh" name="meminfo" dev=proc ino=4026531984 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1262016758.659:57497): avc:  denied  { read } for  pid=1283 comm="sh" name="meminfo" dev=proc ino=4026531984 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
----
time->Mon Dec 28 17:12:38 2009
type=SYSCALL msg=audit(1262016758.661:57498): arch=c000003e syscall=5 success=yes exit=128 a0=3 a1=7fff05edb290 a2=7fff05edb290 a3=2 items=0 ppid=31795 pid=1283 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="sh" exe="/bin/bash" subj=system_u:system_r:getty_t:s0 key=(null)
type=AVC msg=audit(1262016758.661:57498): avc:  denied  { getattr } for  pid=1283 comm="sh" path="/proc/meminfo" dev=proc ino=4026531984 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
----
time->Mon Dec 28 17:12:38 2009
type=SYSCALL msg=audit(1262016758.662:57499): arch=c000003e syscall=4 success=yes exit=128 a0=1090ab0 a1=7fff05edd2e0 a2=7fff05edd2e0 a3=8 items=0 ppid=31795 pid=1283 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="sh" exe="/bin/bash" subj=system_u:system_r:getty_t:s0 key=(null)
type=AVC msg=audit(1262016758.662:57499): avc:  denied  { getattr } for  pid=1283 comm="sh" path="/bin/bash" dev=dm-6 ino=12628 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
----
time->Mon Dec 28 17:12:38 2009
type=SYSCALL msg=audit(1262016758.664:57500): arch=c000003e syscall=59 success=yes exit=0 a0=1093a10 a1=1093b30 a2=1092b20 a3=18 items=0 ppid=1283 pid=1286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="sendmail" exe="/usr/sbin/sendmail.postfix" subj=system_u:system_r:system_mail_t:s0 key=(null)
type=AVC msg=audit(1262016758.664:57500): avc:  denied  { read write } for  pid=1286 comm="sendmail" name="ttyS0" dev=tmpfs ino=2217 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
----
time->Mon Dec 28 17:12:38 2009
type=SYSCALL msg=audit(1262016758.806:57501): arch=c000003e syscall=2 success=yes exit=0 a0=3273d3c1f2 a1=0 a2=1b6 a3=2 items=0 ppid=1288 pid=1289 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="sh" exe="/bin/bash" subj=system_u:system_r:getty_t:s0 key=(null)
type=AVC msg=audit(1262016758.806:57501): avc:  denied  { open } for  pid=1289 comm="sh" name="meminfo" dev=proc ino=4026531984 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
type=AVC msg=audit(1262016758.806:57501): avc:  denied  { read } for  pid=1289 comm="sh" name="meminfo" dev=proc ino=4026531984 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
----
time->Mon Dec 28 17:12:38 2009
type=SYSCALL msg=audit(1262016758.807:57502): arch=c000003e syscall=5 success=yes exit=128 a0=0 a1=7fff44b52830 a2=7fff44b52830 a3=2 items=0 ppid=1288 pid=1289 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="sh" exe="/bin/bash" subj=system_u:system_r:getty_t:s0 key=(null)
type=AVC msg=audit(1262016758.807:57502): avc:  denied  { getattr } for  pid=1289 comm="sh" path="/proc/meminfo" dev=proc ino=4026531984 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
----
time->Mon Dec 28 17:12:38 2009
type=SYSCALL msg=audit(1262016758.809:57503): arch=c000003e syscall=59 success=yes exit=0 a0=eb55b0 a1=eb5480 a2=eb3e50 a3=30 items=0 ppid=1289 pid=1291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="new_fax" exe="/bin/bash" subj=system_u:system_r:getty_t:s0 key=(null)
type=AVC msg=audit(1262016758.809:57503): avc:  denied  { execute_no_trans } for  pid=1291 comm="sh" path="/etc/mgetty+sendfax/new_fax" dev=dm-6 ino=51 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1262016758.809:57503): avc:  denied  { read open } for  pid=1291 comm="sh" name="new_fax" dev=dm-6 ino=51 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=AVC msg=audit(1262016758.809:57503): avc:  denied  { execute } for  pid=1291 comm="sh" name="new_fax" dev=dm-6 ino=51 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
----
time->Mon Dec 28 17:12:38 2009
type=SYSCALL msg=audit(1262016758.817:57504): arch=c000003e syscall=16 success=no exit=-25 a0=3 a1=5401 a2=7fffcdc622a0 a3=2 items=0 ppid=1289 pid=1291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="new_fax" exe="/bin/bash" subj=system_u:system_r:getty_t:s0 key=(null)
type=AVC msg=audit(1262016758.817:57504): avc:  denied  { ioctl } for  pid=1291 comm="new_fax" path="/etc/mgetty+sendfax/new_fax" dev=dm-6 ino=51 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file
----
time->Mon Dec 28 17:12:38 2009
type=SYSCALL msg=audit(1262016758.817:57505): arch=c000003e syscall=5 success=yes exit=0 a0=ff a1=7fffcdc62370 a2=7fffcdc62370 a3=0 items=0 ppid=1289 pid=1291 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="new_fax" exe="/bin/bash" subj=system_u:system_r:getty_t:s0 key=(null)
type=AVC msg=audit(1262016758.817:57505): avc:  denied  { getattr } for  pid=1291 comm="new_fax" path="/etc/mgetty+sendfax/new_fax" dev=dm-6 ino=51 scontext=system_u:system_r:getty_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=file

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux