Re: tzdata AVC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/27/2010 06:28 AM, Tony Molloy wrote:
> 
> Hi,
> 
> I'm running SELinux in enforcing mode on fully updated CentOS-5 servers.
> selinux-policy-2.4.6-279.el5_5.1.noarch
> 
> After the latest "possibly glibc" update I've seen the following AVC on 
> several of my servers. 
> 
> 
> 
> Summary:
> 
> SELinux is preventing tzdata-update (tzdata_t) "getattr" to / (fs_t).
> 
> Detailed Description:
> 
> SELinux denied access requested by tzdata-update. It is not expected that this
> access is required by tzdata-update and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of the
> application is causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not 
> recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context                root:system_r:tzdata_t:SystemLow-SystemHigh
> Target Context                system_u:object_r:fs_t
> Target Objects                / [ filesystem ]
> Source                        tzdata-update
> Source Path                   <Unknown>
> Port                          <Unknown>
> Host                          remote-backup.x.y.z
> Source RPM Packages           
> Target RPM Packages           filesystem-2.4.0-3.el5
> Policy RPM                    selinux-policy-2.4.6-279.el5_5.1
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     remote-backup.x.y.z
> Platform                      Linux remote-backup.x.y.z 2.6.18-194.17.1.el5
>                               #1 SMP Wed Sep 29 12:50:31 EDT 2010 x86_64 
> x86_64
> Alert Count                   3
> First Seen                    Fri Oct 22 06:31:14 2010
> Last Seen                     Wed Oct 27 06:39:14 2010
> Local ID                      ec15ac2d-b644-40fb-809a-2b3809b001e5
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> host=remote-backup.csis.ul.ie type=AVC msg=audit(1288157954.817:16502): avc:  
> denied  { getattr } for  pid=2135 comm="tzdata-update" name="/" dev=sda5 ino=2 
> scontext=root:system_r:tzdata_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
> 
> 
> Regards,
> 
> Tony
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> 
You can ignore this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzIJWQACgkQrlYvE4MpobNNVQCcDo04UtjjdkTIFQzxd2lm0/gL
Rk8AoOf8EAHqbhJJ1oHQ+JtJQjfCObw3
=CUMW
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux