On 08/19/2013 12:33 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/18/2013 12:45 AM, David Highley wrote:
Lots of avc for sosreport in Fedora 19.
type=SYSCALL msg=audit(1376177902.497:110): arch=c000003e syscall=16
success=no exit=-65 a0=3 a1=8940 a2=7fff72ed5bf0 a3=7fff72ed59a0 items=0
ppid=3710 pid=3736 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="brctl" exe="/usr/sbin/brctl"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
msg=audit(1376177902.497:110): avc: denied { module_request } for
pid=3736 comm="brctl" kmod="bridge"
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:kernel_t:s0 tclass=system type=SYSCALL
msg=audit(1376177902.968:111): arch=c000003e syscall=6 success=no exit=-13
a0=7fff425f9af0 a1=1dcd140 a2=1dcd140 a3=fffff800 items=0 ppid=3710
pid=3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm="ls" exe="/usr/bin/ls"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
msg=audit(1376177902.968:111): avc: denied { getattr } for pid=3764
comm="ls" path="/dev/initctl" dev="devtmpfs" ino=8906
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:object_r:initctl_t:s0 tclass=fifo_file type=SYSCALL
msg=audit(1376177902.980:112): arch=c000003e syscall=6 success=no exit=-13
a0=7fff425f9af0 a1=1ddbb30 a2=1ddbb30 a3=fffffff8 items=0 ppid=3710
pid=3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm="ls" exe="/usr/bin/ls"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
msg=audit(1376177902.980:112): avc: denied { getattr } for pid=3764
comm="ls" path="/dev/pts/ptmx" dev="devpts" ino=2
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file type=SYSCALL
msg=audit(1376177903.375:113): arch=c000003e syscall=4 success=no exit=-13
a0=2051cb0 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0 items=0 ppid=3710 pid=3772
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
ses=4294967295 tty=(none) comm="df" exe="/usr/bin/df"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
msg=audit(1376177903.375:113): avc: denied { getattr } for pid=3772
comm="df" path="/sys/fs/pstore" dev="pstore" ino=9238
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:object_r:pstorefs_t:s0 tclass=dir type=SYSCALL
msg=audit(1376177903.408:114): arch=c000003e syscall=4 success=no exit=-13
a0=2052470 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0 items=0 ppid=3710 pid=3772
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
ses=4294967295 tty=(none) comm="df" exe="/usr/bin/df"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
msg=audit(1376177903.408:114): avc: denied { getattr } for pid=3772
comm="df" path="/sys/kernel/config" dev="configfs" ino=15409
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:object_r:configfs_t:s0 tclass=dir type=SYSCALL
msg=audit(1376177904.575:115): arch=c000003e syscall=41 success=no exit=-13
a0=10 a1=80803 a2=f a3=d2be50 items=0 ppid=3710 pid=3803 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295
tty=(none) comm="lsusb" exe="/usr/bin/lsusb"
subj=system_u:system_r:sosreport_t:s0-s0:c 0.c1023 key=(null) type=AVC
msg=audit(1376177904.575:115): avc: denied { create } for pid=3803
comm="lsusb" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tclass=netlink_kobject_uevent_socket type=SYSCALL
msg=audit(1376177904.650:116): arch=c000003e syscall=41 success=no exit=-13
a0=10 a1=80803 a2=f a3=1697e50 items=0 ppid=3710 pid=3804 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295
tty=(none) comm="lsusb" exe="/usr/bin/lsusb"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
msg=audit(1376177904.650:116): avc: denied { create } for pid=3804
comm="lsusb" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tclass=netlink_kobject_uevent_socket type=SYSCALL
msg=audit(1376180405.316:271): arch=c000003e syscall=41 success=no exit=-13
a0=2 a1=3 a2=ff a3=7fffde20a870 items=0 ppid=3710 pid=6315 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295
tty=(none) comm="iptables" exe="/usr/sbin/xtables-multi"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
msg=audit(1376180405.316:271): avc: denied { create } for pid=6315
comm="iptables" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=rawip_socket
type=SYSCALL msg=audit(1376180405.317:272): arch=c000003e syscall=41
success=no exit=-13 a0=2 a1=3 a2=ff a3=7fffde20a810 items=0 ppid=3710
pid=6315 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=( none) comm="iptables"
exe="/usr/sbin/xtables-multi"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
msg=audit(1376180405.317:272): avc: denied { create } for pid=6315
comm="iptables" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=rawip_socket
type=SYSCALL msg=audit(1376180405.323:273): arch=c000003e syscall=41
success=no exit=-13 a0=2 a1=3 a2=ff a3=7fffec93d130 items=0 ppid=3710
pid=6316 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm="iptables"
exe="/usr/sbin/xtables-multi"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
msg=audit(1376180405.323:273): avc: denied { create } for pid=6316
comm="iptables" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=rawip_socket
type=SYSCALL msg=audit(1376180405.323:274): arch=c000003e syscall=41
success=no exit=-13 a0=2 a1=3 a2=ff a3=7fffec93d0d0 items=0 ppid=3710
pid=6316 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm="iptables"
exe="/usr/sbin/xtables-multi"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
msg=audit(1376180405.323:274): avc: denied { create } for pid=6316
comm="iptables" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=rawip_socket
type=SYSCALL msg=audit(1376180405.697:281): arch=c000003e syscall=89
success=no exit=-13 a0=7fffa26e89e0 a1=7fffa26e87c0 a2=1d a3=3 items=0
ppid=3710 pid=6324 a -- selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
Please open a bugzilla. I have checked in fixes for this into git, but need
bugzilla for back port.
Fixed in git
3f7534cb0eaec96d7d8b69a4e91c078a9f52634d
0ee08f51c6ddd43646c3fc12fd85aea82298c253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlIR9JMACgkQrlYvE4MpobMwagCgyJmnkju8ustiB2jfkY0N6B5e
9YoAn2SLYJI2SX2KgpdRT+7Hpbstgax4
=dCN6
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes, the bugzilla is a better way in this case.
But back ported.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux