|
On Monday 26 September 2011 22:22:31 Dominick Grift wrote: > On Mon, 2011-09-26 at 15:00 +0100, Tony Molloy wrote: > > Hi, > > > > > > On a fully updated CentOS 5.7 box I get the following AVC > > > > > > Summary: > > > > > > SELinux is preventing unix_update (updpwd_t) "getattr" to / > > (fs_t). > > > > > > Detailed Description: > > > > > > SELinux denied access requested by unix_update. It is not > > expected that this > > > > access is required by unix_update and this access may signal an > > intrusion > > > > attempt. It is also possible that the specific version or > > configuration of the > > > > application is causing it to require additional access. > > > > > > Allowing Access: > > > > > > You can generate a local policy module to allow this access - see > > FAQ > > > > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you > > can disable > > > > SELinux protection altogether. Disabling SELinux protection is > > not recommended. > > > > Please file a bug report > > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > > > > against this package. > > > > > > Additional Information: > > > > > > Source Context system_u:system_r:updpwd_t > > > > Target Context system_u:object_r:fs_t > > > > Target Objects / [ filesystem ] > > > > Source unix_update > > > > Source Path <Unknown> > > > > Port <Unknown> > > > > Host a.b.c.d > > > > Source RPM Packages > > > > Target RPM Packages filesystem-2.4.0-3.el5.centos > > > > Policy RPM selinux-policy-2.4.6-316.el5 > > > > Selinux Enabled True > > > > Policy Type targeted > > > > MLS Enabled True > > > > Enforcing Mode Enforcing > > > > Plugin Name catchall > > > > Host Name a.b.c.d > > > > Platform Linuxl a.b.c.d 2.6.18-274.3.1.el5 > > > > #1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 x86_64 > > > > Alert Count 11 > > > > First Seen Fri Feb 25 15:39:33 2011 > > > > Last Seen Mon Sep 26 14:18:54 2011 > > > > Local ID 275eef01-114a-419b-9df0-4bb81932bc5e > > > > Line Numbers > > > > > > Raw Audit Messages > > > > > > host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc: denied > > { getattr } for pid=21354 comm="unix_update" name="/" dev=sda5 > > ino=2 scontext=system_u:system_r:updpwd_t:s0 > > tcontext=system_u:object_r:fs_t:s0 tclass=filesystem > > > > > > > > I can generate a local policy module. > > Any idea what you were doing when this happened? The reason i ask > is because this is not even allowed in latest fedora as far as i > can see. > This machine is basically a mail and ftp server. As far as I can tell from the logs ( secure and messages ) nobody was doing anything on the machine at the times I get the AVC, 5 times yesterday. > It is no big deal to allow updpwd_t to get attributes of the fs_t > filesystem but it is certainly not common for updpwd_t to want this > access i believe. If it was we probably would have gotten may more > reports much earlier. > Strange then that I am getting it from this one server only. Here's the context for unix_update -rwx------ root root system_u:object_r:updpwd_exec_t /sbin/unix_update I've just run an autorelabel on the entire filesystem as part of the 5.6 to 5.7 CentOS update Thanks, Tony > > Thanks, > > > > > > Tony > > > > -- > > selinux mailing list > > selinux@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/selinux |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
