Re: sedispatch: Connection Error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Are you running this with unconfined.pp disabled?  Looks like you need policy
for vmtoolsd.

I was looking for auditd_t or setroubleshootd avc's.

ps -eZ | grep sedispatch
ps -eZ | grep setroubleshootd

sedispatch sends avc messages via dbus to setroubleshootd, if setroubleshootd
gets an AVC about itself, it will drop it on the floor,





On 03/26/2013 03:01 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
> Hi Dan,
> 
> Yes there are many denials being seen. Here is an ouput from ausearch....
> 
> time->Tue Mar 26 13:58:16 2013 type=SYSCALL
> msg=audit(1364324296.810:915270): arch=c000003e syscall=16 success=yes
> exit=0 a0=15 a1=8912 a2=7ffffa54bf90 a3=0 items=0 ppid=1 pid=18992
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=4294967295 comm="vmtoolsd" 
> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd" 
> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
> msg=audit(1364324296.810:915270): avc:  denied  { ioctl } for pid=18992
> comm="vmtoolsd" path="socket:[2348604]" dev=sockfs ino=2348604 
> scontext=system_u:system_r:init_t:s0 tcontext=system_u:system_r:init_t:s0 
> tclass=tcp_socket ---- time->Tue Mar 26 13:58:26 2013 type=PATH
> msg=audit(1364324306.076:915272): item=0 name="/" inode=2 dev=08:01
> mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0 
> type=CWD msg=audit(1364324306.076:915272):  cwd="/" type=SYSCALL
> msg=audit(1364324306.076:915272): arch=c000003e syscall=137 success=yes
> exit=0 a0=c45530 a1=7ffffa54c150 a2=1 a3=2 items=1 ppid=1 pid=18992
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=4294967295 comm="vmtoolsd" 
> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd" 
> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
> msg=audit(1364324306.076:915272): avc:  denied  { getattr } for pid=18992
> comm="vmtoolsd" name="/" dev=sda1 ino=2 
> scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fs_t:s0 
> tclass=filesystem ---- time->Tue Mar 26 13:58:26 2013 type=PATH
> msg=audit(1364324306.075:915271): item=0 name="/dev/sda1" inode=5938
> dev=00:05 mode=060660 ouid=0 ogid=6 rdev=08:01 
> obj=system_u:object_r:fixed_disk_device_t:s0 type=CWD
> msg=audit(1364324306.075:915271):  cwd="/" type=SYSCALL
> msg=audit(1364324306.075:915271): arch=c000003e syscall=4 success=yes
> exit=0 a0=c7d0b0 a1=7ffffa54c110 a2=7ffffa54c110 a3=a items=1 ppid=1
> pid=18992 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=(none) ses=4294967295 comm="vmtoolsd" 
> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd" 
> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
> msg=audit(1364324306.075:915271): avc:  denied  { getattr } for pid=18992
> comm="vmtoolsd" path="/dev/sda1" dev=devtmpfs ino=5938 
> scontext=system_u:system_r:init_t:s0 
> tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file ---- 
> time->Tue Mar 26 13:58:26 2013 type=PATH msg=audit(1364324306.080:915273):
> item=0 name="/proc/net/dev" inode=4026531979 dev=00:03 mode=0100444 ouid=0
> ogid=0 rdev=00:00 obj=system_u:object_r:proc_net_t:s0 type=CWD
> msg=audit(1364324306.080:915273):  cwd="/" type=SYSCALL
> msg=audit(1364324306.080:915273): arch=c000003e syscall=2 success=yes
> exit=22 a0=7f783bc0e159 a1=0 a2=1b6 a3=0 items=1 ppid=1 pid=18992
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=4294967295 comm="vmtoolsd" 
> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd" 
> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
> msg=audit(1364324306.080:915273): avc:  denied  { open } for pid=18992
> comm="vmtoolsd" name="dev" dev=proc ino=4026531979 
> scontext=system_u:system_r:init_t:s0 
> tcontext=system_u:object_r:proc_net_t:s0 tclass=file type=AVC
> msg=audit(1364324306.080:915273): avc:  denied  { read } for pid=18992
> comm="vmtoolsd" name="dev" dev=proc ino=4026531979 
> scontext=system_u:system_r:init_t:s0 
> tcontext=system_u:object_r:proc_net_t:s0 tclass=file ---- time->Tue Mar 26
> 13:58:26 2013 type=SYSCALL msg=audit(1364324306.081:915274): arch=c000003e
> syscall=5 success=yes exit=0 a0=16 a1=7ffffa547f10 a2=7ffffa547f10 a3=0
> items=0 ppid=1 pid=18992 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="vmtoolsd" 
> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd" 
> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
> msg=audit(1364324306.081:915274): avc:  denied  { getattr } for pid=18992
> comm="vmtoolsd" path="/proc/18992/net/dev" dev=proc ino=4026531979
> scontext=system_u:system_r:init_t:s0 
> tcontext=system_u:object_r:proc_net_t:s0 tclass=file ---- time->Tue Mar 26
> 13:58:26 2013 type=PATH msg=audit(1364324306.082:915275): item=0
> name="/etc/resolv.conf" inode=654095 dev=08:01 mode=0100644 ouid=0 ogid=0
> rdev=00:00 obj=system_u:object_r:net_conf_t:s0 type=CWD
> msg=audit(1364324306.082:915275):  cwd="/" type=SYSCALL
> msg=audit(1364324306.082:915275): arch=c000003e syscall=2 success=yes
> exit=21 a0=7f78443317fa a1=0 a2=1b6 a3=2 items=1 ppid=1 pid=18992
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=4294967295 comm="vmtoolsd" 
> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd" 
> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
> msg=audit(1364324306.082:915275): avc:  denied  { open } for pid=18992
> comm="vmtoolsd" name="resolv.conf" dev=sda1 ino=654095 
> scontext=system_u:system_r:init_t:s0 
> tcontext=system_u:object_r:net_conf_t:s0 tclass=file type=AVC
> msg=audit(1364324306.082:915275): avc:  denied  { read } for pid=18992
> comm="vmtoolsd" name="resolv.conf" dev=sda1 ino=654095 
> scontext=system_u:system_r:init_t:s0 
> tcontext=system_u:object_r:net_conf_t:s0 tclass=file ---- time->Tue Mar 26
> 13:58:26 2013 type=SYSCALL msg=audit(1364324306.083:915276): arch=c000003e
> syscall=5 success=yes exit=0 a0=15 a1=7ffffa549e80 a2=7ffffa549e80 a3=2
> items=0 ppid=1 pid=18992 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="vmtoolsd" 
> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd" 
> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
> msg=audit(1364324306.083:915276): avc:  denied  { getattr } for pid=18992
> comm="vmtoolsd" path="/etc/resolv.conf" dev=sda1 ino=654095 
> scontext=system_u:system_r:init_t:s0 
> tcontext=system_u:object_r:net_conf_t:s0 tclass=file
> 
> 
> 
> Thanks, Anamitra
> 
> On 3/26/13 11:55 AM, "Daniel J Walsh" <dwalsh@xxxxxxxxxx> wrote:
> 
> On 03/26/2013 12:50 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>>>> 
>>>> On one of our system we see that the syslog/messages file has been 
>>>> flooded with the following messages
>>>> 
>>>> r 25 18:07:56 nw043b-vcma1 user 3 sedispatch: Connection Error (An 
>>>> SELinux policy prevents this sender from sending this message to this
>>>> recipient (rejected message had sender "(unset)" interface
>>>> "org.freedesktop.DBus" member "Hello" error name "(unset)"
>>>> destination "org.freedesktop.DBus")): AVC Will be dropped Mar 25
>>>> 18:07:56 nw043b-vcma1 user 3 sedispatch: Connection Error (An SELinux
>>>> policy prevents this sender from sending this message to this
>>>> recipient (rejected message had sender "(unset)" interface 
>>>> "org.freedesktop.DBus" member "Hello" error name "(unset)"
>>>> destination "org.freedesktop.DBus")): AVC Will be dropped Mar 25
>>>> 18:07:56 nw043b-vcma1 user 3 sedispatch: Connection Error (An SELinux
>>>> policy prevents this sender from sending this message to this
>>>> recipient (rejected message had sender "(unset)" interface
>>>> "org.freedesktop.DBus" member "Hello" error name "(unset)"
>>>> destination "org.freedesktop.DBus")): AVC Will be dropped
>>>> 
>>>> 
>>>> 
>>>> We are on RHEL6.2 and running in permissive mode.
>>>> 
>>>> Here are the version of the selinux related rpms.
>>>> 
>>>> root@nw043b-vcma1 vos]# rpm -qa | grep selinux 
>>>> selinux-policy-3.7.19-126.el6.noarch libselinux-2.0.94-5.2.el6.i686 
>>>> libselinux-2.0.94-5.2.el6.x86_64 
>>>> selinux-policy-targeted-3.7.19-126.el6.noarch 
>>>> libselinux-utils-2.0.94-5.2.el6.i686 
>>>> libselinux-utils-2.0.94-5.2.el6.x86_64 
>>>> libselinux-python-2.0.94-5.2.el6.x86_64 [root@nw043b-vcma1 vos]# rpm 
>>>> -qa | grep setro setroubleshoot-server-3.0.38-2.1.el6.x86_64 
>>>> setroubleshoot-plugins-3.0.16-1.el6.noarch
>>>> 
>>>> What could be the root cause of these messages.
>>>> 
>>>> Thanks, Anamitra
>>>> 
>>>> 
>>>> 
> Are you seeing lots of AVC messages?
> 
> ausearch -m avc -ts recent
> 
> 
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFR8j0ACgkQrlYvE4MpobOyKACgt7LNy1xrlOs9A7dfehw2d2L3
yO4AoMMWM6MhUGfOvR2AXwsw6LCjvcwh
=Cxb+
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux