During the startup of one of our process, I notice a lot of avc
denial messages for ptrace, as shown below. I have
tried the suggestions by audit2allow, used the various macros for ptrace (also
pasted below), but nothing seems to work. Could you help?
type=AVC msg=audit(1277403181.796:261073): avc: denied {
ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0
tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.796:261073): arch=40000003 syscall=3 success=yes exit=181 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.797:261074): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.797:261074): arch=40000003 syscall=3 success=yes exit=183 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.799:261075): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.799:261075): arch=40000003 syscall=3 success=yes exit=187 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.799:261076): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.799:261076): arch=40000003 syscall=3 success=yes exit=185 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.800:261077): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=root:sysadm_r:sysadm_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.800:261077): arch=40000003 syscall=3 success=yes exit=203 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.801:261078): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=root:system_r:auditd_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.801:261078): arch=40000003 syscall=3 success=yes exit=200 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.801:261079): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=root:system_r:audisp_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.796:261073): arch=40000003 syscall=3 success=yes exit=181 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.797:261074): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=system_u:system_r:setrans_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.797:261074): arch=40000003 syscall=3 success=yes exit=183 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.799:261075): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.799:261075): arch=40000003 syscall=3 success=yes exit=187 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.799:261076): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.799:261076): arch=40000003 syscall=3 success=yes exit=185 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.800:261077): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=root:sysadm_r:sysadm_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.800:261077): arch=40000003 syscall=3 success=yes exit=203 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.801:261078): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=root:system_r:auditd_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1277403181.801:261078): arch=40000003 syscall=3 success=yes exit=200 a0=7 a1=11f900 a2=3ff a3=11f8a0 items=0 ppid=27313 pid=27314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="ps" exe="/bin/ps" subj=system_u:system_r:servm_t:s0 key=(null)
type=AVC msg=audit(1277403181.801:261079): avc: denied { ptrace } for pid=27314 comm="ps" scontext=system_u:system_r:servm_t:s0 tcontext=root:system_r:audisp_t:s0-s0:c0.c1023 tclass=process
The
audit2allow tools suggests the below
allow servm_t audisp_t:process ptrace;
allow servm_t auditd_t:process ptrace;
allow servm_t crond_t:process ptrace;
allow servm_t setrans_t:process ptrace;
allow servm_t sshd_t:process ptrace;
allow servm_t sysadm_t:process ptrace;
allow servm_t udev_t:process ptrace;
allow servm_t auditd_t:process ptrace;
allow servm_t crond_t:process ptrace;
allow servm_t setrans_t:process ptrace;
allow servm_t sshd_t:process ptrace;
allow servm_t sysadm_t:process ptrace;
allow servm_t udev_t:process ptrace;
However, when these rules were added, there was no change in the avc
messages. I also tried the macro
domain_ptrace_all_domains(servm_t)
and
allow servm_t
self:capability { sys_ptrace };
But
none of this makes a difference to the avc messages
generated.
Thanks,
Radha.
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
