Re: unconfined domains and Dan Walsh's article

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am 04.04.2011 20:49, schrieb Daniel J Walsh:
> On 04/04/2011 02:22 PM, Klaus Lichtenwalder wrote:
>> Dan,
> 
>> it does not show up in normal operation. It just showed up when I
>> undefined all unconfined domains, as per your post, for tests. For
>> normal operations this bug is fixed, I was more or less following on
>> your plans to move along with a more stricter targeted policy...
> 
>> Klaus
> 
> Could you send me your audit.log?

Sure, it's in the attachment. I did the following commands:

1004  semodule -d unconfined
 1005  setenforce 0
 1006  kpartx -av /dev/vg00/lv_fc15lxde
 1007  vgchange -a y vg_fc15lxde
 1008  vgchange -a n vg_fc15lxde
 1009  kpartx -dv /dev/vg00/lv_fc15lxde
 1010  setenforce 1

Klaus

-- 
------------------------------------------------------------------------
 Klaus Lichtenwalder, Dipl. Inform.,  http://www.lichtenwalder.name
 PGP Key fingerprint: BF52 72FA 1F5A 1E29 C0F8  498C C4C6 633C 2821 97DA

type=MAC_POLICY_LOAD msg=audit(1301943032.212:1742): policy loaded auid=500 ses=1
type=SYSCALL msg=audit(1301943032.212:1742): arch=c000003e syscall=1 success=yes exit=6139579 a0=4 a1=7f9649ace000 a2=5daebb a3=7fffe38a1790 items=0 ppid=15901 pid=15902 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="load_policy" exe="/sbin/load_policy" subj=unconfined_u:unconfined_r:load_policy_t:s0-s0:c0.c1023 key=(null)
type=MAC_STATUS msg=audit(1301943091.239:1743): enforcing=0 old_enforcing=1 auid=500 ses=1
type=SYSCALL msg=audit(1301943091.239:1743): arch=c000003e syscall=1 success=yes exit=1 a0=3 a1=7fff7a5c7e60 a2=1 a3=1999999999999999 items=0 ppid=15874 pid=15905 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="setenforce" exe="/usr/sbin/setenforce" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1301943095.683:1744): avc:  denied  { read } for  pid=15916 comm="udisks-lvm-pv-e" name="md" dev=devtmpfs ino=7059 scontext=system_u:system_r:lvm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mdadm_var_run_t:s0 tclass=dir
type=SYSCALL msg=audit(1301943095.683:1744): arch=c000003e syscall=2 success=yes exit=4 a0=1cdd270 a1=90800 a2=0 a3=70616d2f7665642f items=0 ppid=15465 pid=15916 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udisks-lvm-pv-e" exe="/lib/udev/udisks-lvm-pv-export" subj=system_u:system_r:lvm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1301943095.683:1745): avc:  denied  { getattr } for  pid=15916 comm="udisks-lvm-pv-e" path="/dev/md/md-device-map" dev=devtmpfs ino=7268 scontext=system_u:system_r:lvm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mdadm_var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1301943095.683:1745): arch=c000003e syscall=4 success=yes exit=0 a0=1cdea90 a1=7fff701aca70 a2=7fff701aca70 a3=70616d2d65636976 items=0 ppid=15465 pid=15916 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udisks-lvm-pv-e" exe="/lib/udev/udisks-lvm-pv-export" subj=system_u:system_r:lvm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1301943101.862:1746): avc:  denied  { associate } for  pid=15936 comm="dmsetup" key=223164607  scontext=system_u:system_r:lvm_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=sem
type=SYSCALL msg=audit(1301943101.862:1746): arch=c000003e syscall=64 success=yes exit=1277961 a0=d4d38bf a1=1 a2=0 a3=0 items=0 ppid=15908 pid=15936 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dmsetup" exe="/sbin/dmsetup" subj=system_u:system_r:lvm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1301943101.863:1747): avc:  denied  { unix_write } for  pid=15936 comm="dmsetup" key=223164607  scontext=system_u:system_r:lvm_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=sem
type=AVC msg=audit(1301943101.863:1747): avc:  denied  { read write } for  pid=15936 comm="dmsetup" key=223164607  scontext=system_u:system_r:lvm_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=sem
type=SYSCALL msg=audit(1301943101.863:1747): arch=c000003e syscall=65 success=yes exit=0 a0=138009 a1=7fffec6ebe80 a2=1 a3=0 items=0 ppid=15908 pid=15936 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dmsetup" exe="/sbin/dmsetup" subj=system_u:system_r:lvm_t:s0-s0:c0.c1023 key=(null)
type=MAC_STATUS msg=audit(1301943124.427:1748): enforcing=1 old_enforcing=0 auid=500 ses=1
type=SYSCALL msg=audit(1301943124.427:1748): arch=c000003e syscall=1 success=yes exit=1 a0=3 a1=7fff3cc09990 a2=1 a3=1999999999999999 items=0 ppid=15874 pid=15966 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="setenforce" exe="/usr/sbin/setenforce" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Attachment: signature.asc
Description: OpenPGP digital signature

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux