Here is another strange AVC I'm trying to understand.
SETroubleshoot on one of my machines is telling me that
SELinux is preventing plymouthd (plymouthd_t) "dac_override" plymouthd_t.
The full message is attached.
If I have understood this correctly, this means that plymouthd was
trying to read a file as root. But the regular permissions bits of
the file would not allow that. (Right?)
I assume there is some file with wrong permission bits, which causes
this to happen. But I can't find any indication WHAT file it was.
Looking at the message, it seems to me it was trying a dac_override on
itself.
Is there a way to know what file was involved?
--- Begin Message ---
| Summary |
|
SELinux is preventing plymouthd (plymouthd_t) "dac_override" plymouthd_t.
|
| Detailed Description |
|
SELinux denied access requested by plymouthd. It is not
expected that this access is required by plymouthd and this access
may signal an intrusion attempt. It is also possible that the specific
version or configuration of the application is causing it to require
additional access.
|
| Allowing Access |
|
You can generate a local policy module to allow this
access - see FAQ
Or you can disable SELinux protection altogether. Disabling
SELinux protection is not recommended.
Please file a bug report
against this package.
|
| Additional Information |
|
| Source Context: | system_u:system_r:plymouthd_t:SystemLow |
| Target Context: | system_u:system_r:plymouthd_t:SystemLow |
| Target Objects: | None [ capability ] |
| Source: | plymouthd |
| Source Path: | /sbin/plymouthd |
| Port: | <Unknown> |
| Host: | freddi |
| Source RPM Packages: | plymouth-0.7.0-0.2009.05.15.1.fc11 |
| Target RPM Packages: | |
| Policy RPM: | selinux-policy-3.6.32-63.fc12 |
| Selinux Enabled: | True |
| Policy Type: | targeted |
| Enforcing Mode: | Enforcing |
| Plugin Name: | catchall |
| Host Name: | freddi |
| Platform: | Linux freddi 2.6.31.9-174.fc12.x86_64 #1 SMP Mon Dec 21 05:33:33 UTC 2009 x86_64 x86_64 |
| Alert Count: | 1 |
| First Seen: | Mon Jan 18 20:37:35 2010 |
| Last Seen: | Mon Jan 18 20:37:35 2010 |
| Local ID: | 25c47e1c-ec86-46bd-9611-26cd9bea8d85 |
| Line Numbers: | |
Raw Audit Messages
:
node=freddi type=AVC msg=audit(1263843455.583:203): avc: denied { dac_override } for pid=6050 comm="plymouthd" capability=1 scontext=system_u:system_r:plymouthd_t:s0 tcontext=system_u:system_r:plymouthd_t:s0 tclass=capability
node=freddi type=SYSCALL msg=audit(1263843455.583:203): arch=c000003e syscall=2 success=no exit=-19 a0=d13a60 a1=2 a2=0 a3=7fff3cad2310 items=0 ppid=1 pid=6050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="plymouthd" exe="/sbin/plymouthd" subj=system_u:system_r:plymouthd_t:s0 key=(null)
|
--- End Message ---
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
