Re: SELinux Admin newbie question

Temlakos <temlakos@xxxxxxxxx> · Thu, 04 Mar 2010 13:14:32 -0500

Dominick Grift wrote:
> On 03/04/2010 06:47 PM, Temlakos wrote:
>
>   
>> Well, before I use audit2allow, I'll first want to know how to turn that 
>> off. Anyway, here's the output, after I un-hid the alerts:
>>
>>     
>
> I do not see any AVC denials that i think are related.
>
> Does the app work in permissive mode. If it does, than that confirmes
> that this is a issue of SELinux
>
> If the app does not work in permissive mode, than this suggests that
> this issue is not related to SELinux.
>
> If it is related to SELinux:
>
> 1. semodule -DB to unload hidden denials.
> 2. Run the app to reproduce the issue.
> 3. see /var/log/audit/audit.log for clues.
>
> (The AVC denials that you have enclosed, to me do not show anything that
> i think are related)
>
>   

Well, they must be related--because when I put SELinux into Permissive 
mode for the current session, the installation went through. Now I have 
it back on Enforcing mode, and TweetDeck still runs exactly as it 
should. So the installation created an issue, but the application, once 
installed, creates none.

Anyway--in case I have to use that installer again, as I think I might, 
I'd like to have somebody go over those alerts--because they /have/ to 
be related, somehow. Here they are again:

> [root@temlakosbeta temlakos]# semodule -DB
> [root@temlakosbeta temlakos]# ausearch -m avc -ts today
> ----
> time->Thu Mar  4 12:39:11 2010
> type=SYSCALL msg=audit(1267724351.038:22518): arch=40000003 syscall=5 
> success=no exit=-13 a0=1387d20 a1=98800 a2=c93ff4 a3=1387d20 items=0 
> ppid=1 pid=1545 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dbus-daemon" 
> exe="/bin/dbus-daemon" 
> subj=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1267724351.038:22518): avc:  denied  { search } 
> for  pid=1545 comm="dbus-daemon" name="root" dev=dm-0 ino=106497 
> scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
> ----
> time->Thu Mar  4 12:39:11 2010
> type=SYSCALL msg=audit(1267724351.050:22520): arch=40000003 syscall=11 
> success=yes exit=0 a0=12c2778 a1=746ae28 a2=0 a3=0 items=0 ppid=5873 
> pid=5879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
> fsgid=0 tty=pts1 ses=1 comm="setfiles" exe="/sbin/setfiles" 
> subj=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1267724351.050:22520): avc:  denied  { noatsecure } 
> for  pid=5879 comm="setfiles" 
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 
> tcontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 
> tclass=process
> type=AVC msg=audit(1267724351.050:22520): avc:  denied  { siginh } 
> for  pid=5879 comm="setfiles" 
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 
> tcontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 
> tclass=process
> type=AVC msg=audit(1267724351.050:22520): avc:  denied  { rlimitinh } 
> for  pid=5879 comm="setfiles" 
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 
> tcontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 
> tclass=process
> ----
> time->Thu Mar  4 12:39:11 2010
> type=SYSCALL msg=audit(1267724351.052:22521): arch=40000003 syscall=11 
> success=yes exit=0 a0=9f05c30 a1=9f055a8 a2=9f05008 a3=9f081e8 items=0 
> ppid=5877 pid=5878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" 
> exe="/usr/bin/python" 
> subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1267724351.052:22521): avc:  denied  { noatsecure } 
> for  pid=5878 comm="setroubleshootd" 
> scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 
> tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process
> type=AVC msg=audit(1267724351.052:22521): avc:  denied  { siginh } 
> for  pid=5878 comm="setroubleshootd" 
> scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 
> tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process
> type=AVC msg=audit(1267724351.052:22521): avc:  denied  { rlimitinh } 
> for  pid=5878 comm="setroubleshootd" 
> scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 
> tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process
> ----
> time->Thu Mar  4 12:39:11 2010
> type=SYSCALL msg=audit(1267724351.227:22522): arch=40000003 syscall=33 
> success=no exit=-13 a0=9868e90 a1=2 a2=60f900 a3=9809c00 items=0 
> ppid=5877 pid=5878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" 
> exe="/usr/bin/python" 
> subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1267724351.227:22522): avc:  denied  { write } for  
> pid=5878 comm="setroubleshootd" name="rpm" dev=dm-0 ino=32769 
> scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir
> ----
> time->Thu Mar  4 12:39:11 2010
> type=SYSCALL msg=audit(1267724351.229:22523): arch=40000003 syscall=33 
> success=no exit=-13 a0=9898478 a1=2 a2=60f900 a3=9854390 items=0 
> ppid=5877 pid=5878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 
> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" 
> exe="/usr/bin/python" 
> subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1267724351.229:22523): avc:  denied  { write } for  
> pid=5878 comm="setroubleshootd" name="rpm" dev=dm-0 ino=32769 
> scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir
> [root@temlakosbeta temlakos]#

Temlakos

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux