Re: Mlogc problem after aupgrade to F13

Arthur Dent <misc.lists@xxxxxxxxxxxxxxxx> · Sat, 14 Aug 2010 10:35:45 +0100

Hi Dominick!

Thanks for coming to my aid once more.

On Sat, 2010-08-14 at 10:45 +0200, Dominick Grift wrote:
> On 08/14/2010 10:06 AM, Arthur Dent wrote:
> 
> > And this is what audit2allow makes of them...
> > 
> > require {
> > 	type mlogc_t;
> > }
> > 
> > #============= mlogc_t ==============
> > files_delete_root_dir_entry(mlogc_t)
> > files_delete_tmp_dir_entry(mlogc_t)
> > miscfiles_manage_cert_files(mlogc_t)
> > 
> > 
> > Should I add these to the above policy, or is there some other way?
> > 
> > Thanks in advance for any help or suggestions...
> > 
> > Mark
> > 
> 
> There are some issues:
> 
> 1. I would go here:
> https://lists.sourceforge.net/lists/listinfo/mod-security-users and ask
> if it is normal that mlogc writes to certificate databases. Its trying
> to write to files like: cert9.db, key4.db.

I am already subscribed to that list so I'll post a message now...
> 
> 2. You have a partition mounted that is not labelled properly. It is:
> /dev/sda6. Where is that mounted?

Hmmm... That's /

!!!

Essentially I have 3 partitions (more actually, but 3 relevant to this)
sda5, sda6 and sda8. sda8 is /home and each time I upgrade Fedora I use
the previous partition - so sda6 is where F13 resides and sda5 still has
F11 (mounted on /mnt/f11 - so I can refer back to previous configs
etc.) 

When I upgrade to F14 I will install it in sda5 and keep F13 in sda6. I
have done this since Redhat6 !

> 
> 3. Looks like mlogc wants to maintain objects in /tmp. However your logs
> do not display what kind of objects ( e.g. it is incomplete )

Sorry I don't understand what you mean...

> 
> You may have removed log entries that were no duplicates.

OK here are all 12...

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.635:29370): avc: denied { write } for pid=3512 comm="mlogc" name="cert9.db" dev=sda6 ino=91782 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file 
node=troodos type=SYSCALL msg=audit(1281734421.635:29370): arch=40000003 syscall=5 success=no exit=-13 a0=b5926308 a1=8042 a2=1a4 a3=0 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.847:29371): avc: denied { write } for pid=3512 comm="mlogc" name="tmp" dev=sda6 ino=1549 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir 
node=troodos type=SYSCALL msg=audit(1281734421.847:29371): arch=40000003 syscall=33 success=no exit=-13 a0=1e6774 a1=7 a2=1fca64 a3=2 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.847:29372): avc: denied { write } for pid=3512 comm="mlogc" name="tmp" dev=sda6 ino=1549 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir 
node=troodos type=SYSCALL msg=audit(1281734421.847:29372): arch=40000003 syscall=33 success=no exit=-13 a0=1e677d a1=7 a2=1fca64 a3=3 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.847:29373): avc: denied { write } for pid=3512 comm="mlogc" name="tmp" dev=sda6 ino=310 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir 
node=troodos type=SYSCALL msg=audit(1281734421.847:29373): arch=40000003 syscall=33 success=no exit=-13 a0=1e6778 a1=7 a2=1fca64 a3=4 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.847:29374): avc: denied { write } for pid=3512 comm="mlogc" name="/" dev=sda6 ino=2 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir 
node=troodos type=SYSCALL msg=audit(1281734421.847:29374): arch=40000003 syscall=33 success=no exit=-13 a0=1e4d73 a1=7 a2=1fca64 a3=5 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.852:29375): avc: denied { write } for pid=3512 comm="mlogc" name="/" dev=sda6 ino=2 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir 
node=troodos type=SYSCALL msg=audit(1281734421.852:29375): arch=40000003 syscall=5 success=no exit=-13 a0=b642097b a1=8042 a2=180 a3=0 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.852:29376): avc: denied { write } for pid=3512 comm="mlogc" name="key4.db" dev=sda6 ino=19637 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:cert_t:s0 tclass=file 
node=troodos type=SYSCALL msg=audit(1281734421.852:29376): arch=40000003 syscall=5 success=no exit=-13 a0=b5933cf8 a1=8042 a2=1a4 a3=0 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.861:29377): avc: denied { write } for pid=3512 comm="mlogc" name="tmp" dev=sda6 ino=1549 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir 
node=troodos type=SYSCALL msg=audit(1281734421.861:29377): arch=40000003 syscall=33 success=no exit=-13 a0=1e6774 a1=7 a2=1fca64 a3=2 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.861:29378): avc: denied { write } for pid=3512 comm="mlogc" name="tmp" dev=sda6 ino=1549 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir 
node=troodos type=SYSCALL msg=audit(1281734421.861:29378): arch=40000003 syscall=33 success=no exit=-13 a0=1e677d a1=7 a2=1fca64 a3=3 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.861:29379): avc: denied { write } for pid=3512 comm="mlogc" name="tmp" dev=sda6 ino=310 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir 
node=troodos type=SYSCALL msg=audit(1281734421.861:29379): arch=40000003 syscall=33 success=no exit=-13 a0=1e6778 a1=7 a2=1fca64 a3=4 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.861:29380): avc: denied { write } for pid=3512 comm="mlogc" name="/" dev=sda6 ino=2 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir 
node=troodos type=SYSCALL msg=audit(1281734421.861:29380): arch=40000003 syscall=33 success=no exit=-13 a0=1e4d73 a1=7 a2=1fca64 a3=5 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

Raw Audit Messages :

node=troodos type=AVC msg=audit(1281734421.861:29381): avc: denied { write } for pid=3512 comm="mlogc" name="/" dev=sda6 ino=2 scontext=system_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir 
node=troodos type=SYSCALL msg=audit(1281734421.861:29381): arch=40000003 syscall=5 success=no exit=-13 a0=b642097b a1=8042 a2=180 a3=0 items=0 ppid=1506 pid=3512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=system_u:system_r:mlogc_t:s0 key=(null) 

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux