Alert on mac_admin /usr/sbin/setfiles capability2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I updated fedora20 now and got SELinux alert.
What's wrong?

SELinux is preventing /usr/sbin/setfiles from mac_admin access on the capability2 .

*****  Plugin catchall (100. confidence) suggests   **************************

# grep restorecon /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023
Target Context                unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023
Target Objects                 [ capability2 ]
Source                        restorecon
Source Path                   /usr/sbin/setfiles
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           policycoreutils-2.2.5-3.fc20.x86_64
Target RPM Packages          
Policy RPM                    selinux-policy-3.12.1-158.fc20.noarch selinux-
                              policy-3.12.1-166.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 3.14.4-200.fc20.x86_64
                              #1 SMP Tue May 13 13:51:08 UTC 2014 x86_64 x86_64
Alert Count                   3
First Seen                    2014-02-20 00:11:29 JST
Last Seen                     2014-05-25 19:36:13 JST
Local ID                      0a51e340-8e41-42fb-8c41-4c3d3d7fee6f

Raw Audit Messages
type=AVC msg=audit(1401014173.443:796): avc:  denied  { mac_admin } for  pid=13598 comm="restorecon" capability=33  scontext=unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023 tclass=capability2


type=SYSCALL msg=audit(1401014173.443:796): arch=x86_64 syscall=lsetxattr success=no exit=EINVAL a0=7f5e992cc820 a1=7f5e9708556e a2=7f5e992cf070 a3=29 items=0 ppid=13002 pid=13598 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm=restorecon exe=/usr/sbin/setfiles subj=unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023 key=(null)

Hash: restorecon,setfiles_t,setfiles_t,capability2,mac_admin


--
日本にヘヴィメタル・ハードロックを根付かせるページ
http://heavymetalhardrock.no-ip.info/

世界中でセキュアOSのSELinuxを使いやすくするフリーソフト
http://sourceforge.net/projects/segatex/

CMS(PHPとPostgreSQLを使ったフリーソフト)
http://sourceforge.net/projects/webon/
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux