On Thu, Apr 08, 2010 at 07:30:04PM +0100, Arthur Dent wrote:
> On Thu, 2010-04-08 at 19:35 +0200, Dominick Grift wrote:
> > On Thu, Apr 08, 2010 at 06:15:37PM +0100, Arthur Dent wrote:
> > > On Thu, 2010-04-08 at 18:10 +0200, Dominick Grift wrote:
> > >
> > > > Alright lets try and wrap this up.
> > >
> > > [snipped lots of stuff to wrap things up]
> > >
> > > Well Dominick, I triggered a Mod-Sec alert nearly 20 minutes ago and so
> > > far (touching wood here) there are no reported AVCs!
> > >
>
> Spoke too soon!...
>
> Raw Audit Messages :
>
> node=troodos.org.uk type=AVC msg=audit(1270750990.203:47741): avc: denied { signal } for pid=10852 comm="httpd" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:mlogc_t:s0 tclass=process
> node=troodos.org.uk type=SYSCALL msg=audit(1270750990.203:47741): arch=40000003 syscall=37 success=yes exit=0 a0=ffffd59c a1=f a2=9b6ff4 a3=1 items=0 ppid=1 pid=10852 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null)
in mlogc.if:
#######################################
## <summary>
## Send a generic signal to MLOGC.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mlogc_signal',`
gen_require(`
type mlogc_t;
')
allow $1 mlogc_t:process signal;
')
in myapache.te:
mlogc_signal(httpd_t)
>
> Raw Audit Messages :
>
> node=troodos.org.uk type=AVC msg=audit(1270750996.408:47742): avc: denied { destroy } for pid=10884 comm="mlogc" key=0 scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=unconfined_u:system_r:mlogc_t:s0 tclass=sem
> node=troodos.org.uk type=SYSCALL msg=audit(1270750996.408:47742): arch=40000003 syscall=117 success=yes exit=0 a0=3 a1=698012 a2=0 a3=100 items=0 ppid=10852 pid=10884 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
mlogc.te:
instead of rw_sem_perms use create_sem_perms.
>
>
> Raw Audit Messages :
>
> node=troodos.org.uk type=AVC msg=audit(1270751004.197:47743): avc: denied { read write } for pid=14112 comm="mlogc" name="1" dev=devpts ino=4 scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=unconfined_u:object_r:user_devpts_t:s0 tclass=chr_file
> node=troodos.org.uk type=SYSCALL msg=audit(1270751004.197:47743): arch=40000003 syscall=11 success=yes exit=0 a0=9dd3288 a1=9dd32b8 a2=9dd2900 a3=9dd32b8 items=0 ppid=14111 pid=14112 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
mlogc.te:
userdom_use_user_terminals(mlogc_t)
>
> Raw Audit Messages :
>
> node=troodos.org.uk type=AVC msg=audit(1270751009.399:47744): avc: denied { create } for pid=14112 comm="mlogc" key=0 scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=unconfined_u:system_r:mlogc_t:s0 tclass=sem
> node=troodos.org.uk type=SYSCALL msg=audit(1270751009.399:47744): arch=40000003 syscall=117 success=yes exit=7143448 a0=2 a1=0 a2=1 a3=380 items=0 ppid=1 pid=14112 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
>
>
mlogc.te:
instead of rw_sem_perms use create_sem_perms.
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
pgp9BsoaWHnpP.pgp
Description: PGP signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
