On Fri, 2012-02-03 at 15:41 -0500, Maria Iano wrote:
> I installed the mylikewise policy. those two files do have the right
> type now. After I remove them they do get created with the right type.
>
> After installing the new policy there were some additional AVCs. Here
> they are:
>
> type=AVC msg=audit(1328288896.867:124): avc: denied { name_connect }
> for pid=1803 comm="eventlogd" dest=135
> scontext=system_u:system_r:eventlogd_t:s0
> tcontext=system_u:object_r:epmap_port_t:s0 tclass=tcp_socket
add this to the mylikewise.te file:
corenet_tcp_connect_epmap_port(eventlogd_t)
then just: make -f /usr/share/selinux/devel/Makefile mylikewise.pp; sudo
semodule -i mylikewise.pp
> type=AVC msg=audit(1328288705.888:70): avc: denied { unlink } for
> pid=1803 comm="eventlogd" name=".eventlog" dev=dm-0 ino=392489
> scontext=system_u:system_r:eventlogd_t:s0
> tcontext=system_u:object_r:likewise_var_lib_t:s0 tclass=sock_file
>
> type=AVC msg=audit(1328288542.603:69): avc: denied { write } for
> pid=1162 comm="lsassd" name=".eventlog" dev=dm-0 ino=392489
> scontext=system_u:system_r:lsassd_t:s0
> tcontext=system_u:object_r:likewise_var_lib_t:s0 tclass=sock_file
>
> type=AVC msg=audit(1328288542.586:68): avc: denied { getattr } for
> pid=1161 comm="lsassd"
> path
> =
> 2F7661722F6C69622F6C696B65776973652F6B72623563635F6C736173732E55532E41442E47414E4E4554542E434F4D202864656C6574656429
> dev=dm-0 ino=394337 scontext=system_u:system_r:lsassd_t:s0
> tcontext=system_u:object_r:likewise_var_lib_t:s0 tclass=file
>
> type=AVC msg=audit(1328288542.585:66): avc: denied { read write
> open } for pid=1161 comm="lsassd" name="krb5cc_lsass.AD.DOMAIN"
> dev=dm-0 ino=394337 scontext=system_u:system_r:lsassd_t:s0
> tcontext=system_u:object_r:likewise_var_lib_t:s0 tclass=file
>
> type=AVC msg=audit(1328288542.586:67): avc: denied { unlink } for
> pid=1161 comm="lsassd" name="krb5cc_lsass.AD.DOMAIN" dev=dm-0
> ino=394337 scontext=system_u:system_r:lsassd_t:s0
> tcontext=system_u:object_r:likewise_var_lib_t:s0 tclass=file
>
> type=AVC msg=audit(1328287031.471:5): avc: denied { read } for
> pid=1165 comm="lsassd" name="lsass-adcache.filedb.AD.DOMAIN" dev=dm-0
> ino=395406 scontext=system_u:system_r:lsassd_t:s0
> tcontext=system_u:object_r:likewise_var_lib_t:s0 tclass=file
>
> type=AVC msg=audit(1328287031.471:5): avc: denied { open } for
> pid=1165 comm="lsassd" name="lsass-adcache.filedbAD.DOMAIN" dev=dm-0
> ino=395406 scontext=system_u:system_r:lsassd_t:s0
> tcontext=system_u:object_r:likewise_var_lib_t:s0 tclass=file
>
> type=AVC msg=audit(1328288893.067:123): avc: denied { unlink } for
> pid=1849 comm="lsassd" name="lsass-adcache.filedb.AD.DOMAIN" dev=dm-0
> ino=395406 scontext=system_u:system_r:lsassd_t:s0
> tcontext=system_u:object_r:likewise_var_lib_t:s0 tclass=file
All of these are somehow wrong. There should be no files or sock files
with the generic likewise_var_lib_t. Only some directories.
I wonder how these got created and or labeled this way.
None of the confined likewise processes should be allowed to create
these with this type.
The strange thing is that i also do not see any AVC denials of their
actual creation.
This leads me to suspect that these are mislabeled left overs. Could i
be right?
> Thank you,
> Maria
>
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
