Re: F12: "mac_admin"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/07/2010 03:21 PM, Daniel B. Thurman wrote:
> I have no idea what this is, but it is new:
>
> ================================================
> Summary:
>
> SELinux is preventing /usr/bin/chcon "mac_admin" access .
>
> Detailed Description:
>
> SELinux denied access requested by chcon. It is not expected that this
> access is
> required by chcon and this access may signal an intrusion attempt. It is
> also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
> report.
>
> Additional Information:
>
> Source Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
>                                 023
> Target Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
>                                 023
> Target Objects                None [ capability2 ]
> Source                        chcon
> Source Path                   /usr/bin/chcon
> Port<Unknown>
> Host                          host.domain.com
> Source RPM Packages           coreutils-7.6-9.fc12
> Target RPM Packages
> Policy RPM                    selinux-policy-3.6.32-92.fc12
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     host.domain.com
> Platform                      Linux host.domain.com
> 2.6.31.12-174.2.22.fc12.i686
>                                 #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
> Alert Count                   1
> First Seen                    Fri 05 Mar 2010 11:24:27 AM PST
> Last Seen                     Fri 05 Mar 2010 11:24:27 AM PST
> Local ID                      73c77171-b9bb-44f9-98bb-68a6d3ee1e96
> Line Numbers
>
> Raw Audit Messages
>
> node=host.domain.com type=AVC msg=audit(1267817067.517:43791): avc:
> denied  { mac_admin } for  pid=28356 comm="chcon" capability=33
> scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tclass=capability2
>
> node=host.domain.com type=SYSCALL msg=audit(1267817067.517:43791):
> arch=40000003 syscall=226 success=no exit=-22 a0=834b8d0 a1=7fd69ed
> a2=834cc90 a3=23 items=0 ppid=28098 pid=28356 auid=500 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=1 comm="chcon"
> exe="/usr/bin/chcon"
> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
>
>
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
>    
Something is executing chcon with a context that the kernel does not 
understand?  Do you have any idea when this is happening?
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux