Re: Sosreport Fedora 19

[Miroslav Grepl <mgrepl@xxxxxxxxxx>]

On 08/19/2013 12:33 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 08/18/2013 12:45 AM, David Highley wrote:
> > Lots of avc for sosreport in Fedora 19.
> >
> > type=SYSCALL msg=audit(1376177902.497:110): arch=c000003e syscall=16
> > success=no exit=-65 a0=3 a1=8940 a2=7fff72ed5bf0 a3=7fff72ed59a0 items=0
> > ppid=3710 pid=3736 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> > sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="brctl" exe="/usr/sbin/brctl"
> > subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
> > msg=audit(1376177902.497:110): avc:  denied  { module_request } for
> > pid=3736 comm="brctl" kmod="bridge"
> > scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:system_r:kernel_t:s0 tclass=system type=SYSCALL
> > msg=audit(1376177902.968:111): arch=c000003e syscall=6 success=no exit=-13
> > a0=7fff425f9af0 a1=1dcd140 a2=1dcd140 a3=fffff800 items=0 ppid=3710
> > pid=3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 ses=4294967295 tty=(none) comm="ls" exe="/usr/bin/ls"
> > subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
> > msg=audit(1376177902.968:111): avc:  denied  { getattr } for pid=3764
> > comm="ls" path="/dev/initctl" dev="devtmpfs" ino=8906
> > scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:initctl_t:s0 tclass=fifo_file type=SYSCALL
> > msg=audit(1376177902.980:112): arch=c000003e syscall=6 success=no exit=-13
> > a0=7fff425f9af0 a1=1ddbb30 a2=1ddbb30 a3=fffffff8 items=0 ppid=3710
> > pid=3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 ses=4294967295 tty=(none) comm="ls" exe="/usr/bin/ls"
> > subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
> > msg=audit(1376177902.980:112): avc:  denied  { getattr } for pid=3764
> > comm="ls" path="/dev/pts/ptmx" dev="devpts" ino=2
> > scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file type=SYSCALL
> > msg=audit(1376177903.375:113): arch=c000003e syscall=4 success=no exit=-13
> > a0=2051cb0 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0 items=0 ppid=3710 pid=3772
> > auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> > ses=4294967295 tty=(none) comm="df" exe="/usr/bin/df"
> > subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
> > msg=audit(1376177903.375:113): avc:  denied  { getattr } for pid=3772
> > comm="df" path="/sys/fs/pstore" dev="pstore" ino=9238
> > scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:pstorefs_t:s0 tclass=dir type=SYSCALL
> > msg=audit(1376177903.408:114): arch=c000003e syscall=4 success=no exit=-13
> > a0=2052470 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0 items=0 ppid=3710 pid=3772
> > auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> > ses=4294967295 tty=(none) comm="df" exe="/usr/bin/df"
> > subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
> > msg=audit(1376177903.408:114): avc:  denied  { getattr } for pid=3772
> > comm="df" path="/sys/kernel/config" dev="configfs" ino=15409
> > scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:configfs_t:s0 tclass=dir type=SYSCALL
> > msg=audit(1376177904.575:115): arch=c000003e syscall=41 success=no exit=-13
> > a0=10 a1=80803 a2=f a3=d2be50 items=0 ppid=3710 pid=3803 auid=4294967295
> > uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295
> > tty=(none) comm="lsusb" exe="/usr/bin/lsusb"
> > subj=system_u:system_r:sosreport_t:s0-s0:c 0.c1023 key=(null) type=AVC
> > msg=audit(1376177904.575:115): avc:  denied  { create } for pid=3803
> > comm="lsusb" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tclass=netlink_kobject_uevent_socket type=SYSCALL
> > msg=audit(1376177904.650:116): arch=c000003e syscall=41 success=no exit=-13
> > a0=10 a1=80803 a2=f a3=1697e50 items=0 ppid=3710 pid=3804 auid=4294967295
> > uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295
> > tty=(none) comm="lsusb" exe="/usr/bin/lsusb"
> > subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
> > msg=audit(1376177904.650:116): avc:  denied  { create } for pid=3804
> > comm="lsusb" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tclass=netlink_kobject_uevent_socket type=SYSCALL
> > msg=audit(1376180405.316:271): arch=c000003e syscall=41 success=no exit=-13
> > a0=2 a1=3 a2=ff a3=7fffde20a870 items=0 ppid=3710 pid=6315 auid=4294967295
> > uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295
> > tty=(none) comm="iptables" exe="/usr/sbin/xtables-multi"
> > subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
> > msg=audit(1376180405.316:271): avc:  denied  { create } for pid=6315
> > comm="iptables" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=rawip_socket
> > type=SYSCALL msg=audit(1376180405.317:272): arch=c000003e syscall=41
> > success=no exit=-13 a0=2 a1=3 a2=ff a3=7fffde20a810 items=0 ppid=3710
> > pid=6315 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 ses=4294967295 tty=( none) comm="iptables"
> > exe="/usr/sbin/xtables-multi"
> > subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
> > msg=audit(1376180405.317:272): avc:  denied  { create } for pid=6315
> > comm="iptables" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=rawip_socket
> > type=SYSCALL msg=audit(1376180405.323:273): arch=c000003e syscall=41
> > success=no exit=-13 a0=2 a1=3 a2=ff a3=7fffec93d130 items=0 ppid=3710
> > pid=6316 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 ses=4294967295 tty=(none) comm="iptables"
> > exe="/usr/sbin/xtables-multi"
> > subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
> > msg=audit(1376180405.323:273): avc:  denied  { create } for pid=6316
> > comm="iptables" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=rawip_socket
> > type=SYSCALL msg=audit(1376180405.323:274): arch=c000003e syscall=41
> > success=no exit=-13 a0=2 a1=3 a2=ff a3=7fffec93d0d0 items=0 ppid=3710
> > pid=6316 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 ses=4294967295 tty=(none) comm="iptables"
> > exe="/usr/sbin/xtables-multi"
> > subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null) type=AVC
> > msg=audit(1376180405.323:274): avc:  denied  { create } for pid=6316
> > comm="iptables" scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023 tclass=rawip_socket
> > type=SYSCALL msg=audit(1376180405.697:281): arch=c000003e syscall=89
> > success=no exit=-13 a0=7fffa26e89e0 a1=7fffa26e87c0 a2=1d a3=3 items=0
> > ppid=3710 pid=6324 a -- selinux mailing list
> > selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
> Please open a bugzilla.  I have checked in fixes for this into git, but need
> bugzilla for back port.
>
> Fixed in git
> 3f7534cb0eaec96d7d8b69a4e91c078a9f52634d
> 0ee08f51c6ddd43646c3fc12fd85aea82298c253
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlIR9JMACgkQrlYvE4MpobMwagCgyJmnkju8ustiB2jfkY0N6B5e
> 9YoAn2SLYJI2SX2KgpdRT+7Hpbstgax4
> =dCN6
> -----END PGP SIGNATURE-----
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes, the bugzilla is a better way in this case.

But back ported.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux