-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/27/2010 06:28 AM, Tony Molloy wrote: > > Hi, > > I'm running SELinux in enforcing mode on fully updated CentOS-5 servers. > selinux-policy-2.4.6-279.el5_5.1.noarch > > After the latest "possibly glibc" update I've seen the following AVC on > several of my servers. > > > > Summary: > > SELinux is preventing tzdata-update (tzdata_t) "getattr" to / (fs_t). > > Detailed Description: > > SELinux denied access requested by tzdata-update. It is not expected that this > access is required by tzdata-update and this access may signal an intrusion > attempt. It is also possible that the specific version or configuration of the > application is causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. > Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context root:system_r:tzdata_t:SystemLow-SystemHigh > Target Context system_u:object_r:fs_t > Target Objects / [ filesystem ] > Source tzdata-update > Source Path <Unknown> > Port <Unknown> > Host remote-backup.x.y.z > Source RPM Packages > Target RPM Packages filesystem-2.4.0-3.el5 > Policy RPM selinux-policy-2.4.6-279.el5_5.1 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name catchall > Host Name remote-backup.x.y.z > Platform Linux remote-backup.x.y.z 2.6.18-194.17.1.el5 > #1 SMP Wed Sep 29 12:50:31 EDT 2010 x86_64 > x86_64 > Alert Count 3 > First Seen Fri Oct 22 06:31:14 2010 > Last Seen Wed Oct 27 06:39:14 2010 > Local ID ec15ac2d-b644-40fb-809a-2b3809b001e5 > Line Numbers > > Raw Audit Messages > > host=remote-backup.csis.ul.ie type=AVC msg=audit(1288157954.817:16502): avc: > denied { getattr } for pid=2135 comm="tzdata-update" name="/" dev=sda5 ino=2 > scontext=root:system_r:tzdata_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:fs_t:s0 tclass=filesystem > > > Regards, > > Tony > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > You can ignore this. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzIJWQACgkQrlYvE4MpobNNVQCcDo04UtjjdkTIFQzxd2lm0/gL Rk8AoOf8EAHqbhJJ1oHQ+JtJQjfCObw3 =CUMW -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
