Re: Named and /dev/random Fedora 14

Daniel Walsh <dwalsh@xxxxxxxxxx> · Thu, 11 Nov 2010 14:45:50 -0500 (EST)

In that case, I think you have a screwed up policy install.

# yum reinstall selinux-policy-targeted

Any errors?

----- Original Message -----
From: "Daniel J Walsh" <dwalsh@xxxxxxxxxx>
To: "David Highley" <dhighley@xxxxxxxxxxxxxxxxxxxxxxx>
Cc: fedora-selinux-list@xxxxxxxxxx
Sent: Thursday, November 11, 2010 1:27:19 PM GMT -05:00 US/Canada Eastern
Subject: Re: Named and /dev/random Fedora 14

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/11/2010 01:13 PM, David Highley wrote:
> Anyone else seeing this issue with a new install of Fedora 14? Attempted
> to get around issue with audit2allow, but was not successful.
> 
> time->Wed Nov 10 21:28:20 2010
> type=SYSCALL msg=audit(1289453300.241:33869): arch=c000003e syscall=4
> success=no exit=-13 a0=7f482c177050 a1=7f4826a61590 a2=7f4826a61590
> a3=7f482960e150 items=0 ppid=4267 pid=4272 auid=1000 uid=25 gid=25
> euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=1
> comm="named" exe="/usr/sbin/named" subj=unconfined_u:system_r:named_t:s0
> key=(null)
> type=AVC msg=audit(1289453300.241:33869): avc:  denied  { getattr } for
> pid=4272 comm="named" path="/dev/random" dev=dm-0 ino=2361331
> scontext=unconfined_u:system_r:named_t:s0
> tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file
> ----
> time->Wed Nov 10 21:45:00 2010
> type=SYSCALL msg=audit(1289454300.409:5): arch=c000003e syscall=2
> success=no exit=-13 a0=7f41edbc8050 a1=800 a2=0 a3=7f41eb05f150 items=0
> ppid=1168 pid=1172 auid=4294967295 uid=25 gid=25 euid=25 suid=25
> fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=4294967295 comm="named"
> exe="/usr/sbin/named" subj=system_u:system_r:named_t:s0 key=(null)
> type=AVC msg=audit(1289454300.409:5): avc:  denied  { read } for
> pid=1172 comm="named" name="random" dev=dm-0 ino=2361331
> scontext=system_u:system_r:named_t:s0
> tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file
> ----
> time->Thu Nov 11 09:45:29 2010
> type=SYSCALL msg=audit(1289497529.277:177): arch=c000003e syscall=2
> success=no exit=-13 a0=7f3f6554f050 a1=800 a2=0 a3=7f3f629e6150 items=0
> ppid=5581 pid=5585 auid=1000 uid=25 gid=25 euid=25 suid=25 fsuid=25
> egid=25 sgid=25 fsgid=25 tty=(none) ses=19 comm="named"
> exe="/usr/sbin/named" subj=unconfined_u:system_r:named_t:s0 key=(null)
> type=AVC msg=audit(1289497529.277:177): avc:  denied  { read } for
> pid=5585 comm="named" name="random" dev=dm-0 ino=2361331
> scontext=unconfined_u:system_r:named_t:s0
> tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file
> ----
> time->Thu Nov 11 09:48:34 2010
> type=SYSCALL msg=audit(1289497714.136:178): arch=c000003e syscall=2
> success=no exit=-13 a0=7f6e92cdc050 a1=800 a2=0 a3=7f6e90173150 items=0
> ppid=5704 pid=5706 auid=1000 uid=25 gid=25 euid=25 suid=25 fsuid=25
> egid=25 sgid=25 fsgid=25 tty=(none) ses=19 comm="named"
> exe="/usr/sbin/named" subj=unconfined_u:system_r:named_t:s0 key=(null)
> type=AVC msg=audit(1289497714.136:178): avc:  denied  { read } for
> pid=5706 comm="named" name="random" dev=dm-0 ino=2361331
> scontext=unconfined_u:system_r:named_t:s0
> tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file
> ----
> time->Thu Nov 11 09:55:11 2010
> type=SYSCALL msg=audit(1289498111.595:193): arch=c000003e syscall=4
> success=no exit=-13 a0=7f90a3eb2050 a1=7f909e79c590 a2=7f909e79c590
> a3=7f90a1349150 items=0 ppid=5916 pid=5921 auid=1000 uid=25 gid=25
> euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=19
> comm="named" exe="/usr/sbin/named" subj=unconfined_u:system_r:named_t:s0
> key=(null)
> type=AVC msg=audit(1289498111.595:193): avc:  denied  { getattr } for
> pid=5921 comm="named" path="/dev/random" dev=dm-0 ino=2361331
> scontext=unconfined_u:system_r:named_t:s0
> tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file
> ----
> time->Thu Nov 11 09:56:26 2010
> type=SYSCALL msg=audit(1289498186.109:195): arch=c000003e syscall=2
> success=no exit=-13 a0=7f6e01308050 a1=800 a2=0 a3=7f6dfe79f150 items=0
> ppid=6042 pid=6046 auid=1000 uid=25 gid=25 euid=25 suid=25 fsuid=25
> egid=25 sgid=25 fsgid=25 tty=(none) ses=19 comm="named"
> exe="/usr/sbin/named" subj=unconfined_u:system_r:named_t:s0 key=(null)
> type=AVC msg=audit(1289498186.109:195): avc:  denied  { read } for
> pid=6046 comm="named" name="random" dev=dm-0 ino=2361331
> scontext=unconfined_u:system_r:named_t:s0
> tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file
> ----
> time->Thu Nov 11 10:01:50 2010
> type=SYSCALL msg=audit(1289498510.975:204): arch=c000003e syscall=4
> success=no exit=-13 a0=7f7313ba9050 a1=7f730f495590 a2=7f730f495590
> a3=7f7311040150 items=0 ppid=6199 pid=6202 auid=1000 uid=25 gid=25
> euid=25 suid=25 fsuid=25 egid=25 sgid=25 fsgid=25 tty=(none) ses=19
> comm="named" exe="/usr/sbin/named" subj=unconfined_u:system_r:named_t:s0
> key=(null)
> type=AVC msg=audit(1289498510.975:204): avc:  denied  { getattr } for
> pid=6202 comm="named" path="/dev/random" dev=dm-0 ino=2361331
> scontext=unconfined_u:system_r:named_t:s0
> tcontext=unconfined_u:object_r:device_t:s0 tclass=chr_file
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
For some reason /dev/random is mislabeled.  Udev is in charge of
labeling it, running restorecon /dev/random should fix.

If this continues on next reboot, open a bug on udev, with me on cc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzcNYYACgkQrlYvE4MpobOz8ACg2WzZhWb84iHLRECPtk9Dqnh+
AjYAoK4smJs2DFMOf6eQVa9Iijc7o5NR
=tgM0
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux