Re: google authenticator doesnt work under staff_t confinement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Lukas,
managed to get AVC messages (via  'ausearch -m AVC,USER_AVC -ts 13:00:00'and sealert) after running in permissive mode. they dont show up when running in enforcing mode in both staff_u and unconfined_u contexts. Ive attached them below and Thanks again.:
----
time->Mon Dec 18 13:29:03 2017
type=USER_AVC msg=audit(1513596543.356:255916): pid=28357 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:  received setenforce notice (enforcing=0)  exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
----
time->Mon Dec 18 13:29:09 2017
type=PROCTITLE msg=audit(1513596549.118:255918): proctitle=7375646F002D69
type=PATH msg=audit(1513596549.118:255918): item=0 name="/var/lib/google-authenticator/chira" inode=7968602 dev=00:29 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513596549.118:255918): cwd="/etc/pam.d"
type=SYSCALL msg=audit(1513596549.118:255918): arch=c000003e syscall=257 success=yes exit=8 a0=ffffffffffffff9c a1=55c7fa1703f0 a2=0 a3=0 items=1 ppid=5833 pid=5878 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts5 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1513596549.118:255918): avc:  denied  { open } for  pid=5878 comm="sudo" path="/var/lib/google-authenticator/chira" dev="dm-1" ino=7968602 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
type=AVC msg=audit(1513596549.118:255918): avc:  denied  { read } for  pid=5878 comm="sudo" name="chira" dev="dm-1" ino=7968602 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
----
time->Mon Dec 18 13:29:09 2017
type=PROCTITLE msg=audit(1513596549.119:255919): proctitle=7375646F002D69
type=SYSCALL msg=audit(1513596549.119:255919): arch=c000003e syscall=5 success=yes exit=0 a0=8 a1=7ffd51788270 a2=7ffd51788270 a3=0 items=0 ppid=5833 pid=5878 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts5 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1513596549.119:255919): avc:  denied  { getattr } for  pid=5878 comm="sudo" path="/var/lib/google-authenticator/chira" dev="dm-1" ino=7968602 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
----
time->Mon Dec 18 13:29:40 2017
type=PROCTITLE msg=audit(1513596580.903:256063): proctitle=7375646F002D69
type=PATH msg=audit(1513596580.903:256063): item=4 name="/var/lib/google-authenticator/chira" inode=7979347 dev=00:29 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513596580.903:256063): item=3 name="/var/lib/google-authenticator/chira" inode=7968602 dev=00:29 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513596580.903:256063): item=2 name="/var/lib/google-authenticator/chira~" inode=7979347 dev=00:29 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513596580.903:256063): item=1 name="/var/lib/google-authenticator/" inode=7704905 dev=00:29 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513596580.903:256063): item=0 name="/var/lib/google-authenticator/" inode=7704905 dev=00:29 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513596580.903:256063): cwd="/etc/pam.d"
type=SYSCALL msg=audit(1513596580.903:256063): arch=c000003e syscall=82 success=yes exit=0 a0=55c7fa18d7c0 a1=55c7fa1703f0 a2=9c a3=100 items=5 ppid=5833 pid=5878 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts5 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="delete"
type=AVC msg=audit(1513596580.903:256063): avc:  denied  { unlink } for  pid=5878 comm="sudo" name="chira" dev="dm-1" ino=7968602 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
type=AVC msg=audit(1513596580.903:256063): avc:  denied  { rename } for  pid=5878 comm="sudo" name="chira~" dev="dm-1" ino=7979347 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
type=AVC msg=audit(1513596580.903:256063): avc:  denied  { remove_name } for  pid=5878 comm="sudo" name="chira~" dev="dm-1" ino=7979347 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=dir permissive=1
----
time->Mon Dec 18 13:29:40 2017
type=PROCTITLE msg=audit(1513596580.678:256062): proctitle=7375646F002D69
type=PATH msg=audit(1513596580.678:256062): item=1 name="/var/lib/google-authenticator/chira~" inode=7979347 dev=00:29 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513596580.678:256062): item=0 name="/var/lib/google-authenticator/" inode=7704905 dev=00:29 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513596580.678:256062): cwd="/etc/pam.d"
type=SYSCALL msg=audit(1513596580.678:256062): arch=c000003e syscall=257 success=yes exit=8 a0=ffffffffffffff9c a1=55c7fa18d7c0 a2=202c1 a3=100 items=2 ppid=5833 pid=5878 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts5 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1513596580.678:256062): avc:  denied  { write } for  pid=5878 comm="sudo" path="/var/lib/google-authenticator/chira~" dev="dm-1" ino=7979347 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
type=AVC msg=audit(1513596580.678:256062): avc:  denied  { create } for  pid=5878 comm="sudo" name="chira~" scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
type=AVC msg=audit(1513596580.678:256062): avc:  denied  { add_name } for  pid=5878 comm="sudo" name="chira~" scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1513596580.678:256062): avc:  denied  { write } for  pid=5878 comm="sudo" name="google-authenticator" dev="dm-1" ino=7704905 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=dir permissive=1
----
time->Mon Dec 18 13:29:50 2017
type=PROCTITLE msg=audit(1513596590.104:256082): proctitle=7375646F002D69
type=PATH msg=audit(1513596590.104:256082): item=0 name="/var/lib/google-authenticator/chira" inode=7979347 dev=00:29 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513596590.104:256082): cwd="/etc/pam.d"
type=SYSCALL msg=audit(1513596590.104:256082): arch=c000003e syscall=257 success=yes exit=8 a0=ffffffffffffff9c a1=55db60e0c3f0 a2=0 a3=0 items=1 ppid=5767 pid=5968 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1513596590.104:256082): avc:  denied  { open } for  pid=5968 comm="sudo" path="/var/lib/google-authenticator/chira" dev="dm-1" ino=7979347 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
type=AVC msg=audit(1513596590.104:256082): avc:  denied  { read } for  pid=5968 comm="sudo" name="chira" dev="dm-1" ino=7979347 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
----
time->Mon Dec 18 13:29:50 2017
type=PROCTITLE msg=audit(1513596590.105:256083): proctitle=7375646F002D69
type=SYSCALL msg=audit(1513596590.105:256083): arch=c000003e syscall=5 success=yes exit=0 a0=8 a1=7fffc0dfa310 a2=7fffc0dfa310 a3=0 items=0 ppid=5767 pid=5968 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1513596590.105:256083): avc:  denied  { getattr } for  pid=5968 comm="sudo" path="/var/lib/google-authenticator/chira" dev="dm-1" ino=7979347 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
----
time->Mon Dec 18 13:30:06 2017
type=PROCTITLE msg=audit(1513596606.992:256226): proctitle=7375646F002D69
type=PATH msg=audit(1513596606.992:256226): item=1 name="/var/lib/google-authenticator/chira~" inode=7979376 dev=00:29 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513596606.992:256226): item=0 name="/var/lib/google-authenticator/" inode=7704905 dev=00:29 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513596606.992:256226): cwd="/etc/pam.d"
type=SYSCALL msg=audit(1513596606.992:256226): arch=c000003e syscall=257 success=yes exit=8 a0=ffffffffffffff9c a1=55db60e298b0 a2=202c1 a3=100 items=2 ppid=5767 pid=5968 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1513596606.992:256226): avc:  denied  { write } for  pid=5968 comm="sudo" path="/var/lib/google-authenticator/chira~" dev="dm-1" ino=7979376 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
type=AVC msg=audit(1513596606.992:256226): avc:  denied  { create } for  pid=5968 comm="sudo" name="chira~" scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
type=AVC msg=audit(1513596606.992:256226): avc:  denied  { add_name } for  pid=5968 comm="sudo" name="chira~" scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1513596606.992:256226): avc:  denied  { write } for  pid=5968 comm="sudo" name="google-authenticator" dev="dm-1" ino=7704905 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=dir permissive=1
----
time->Mon Dec 18 13:30:07 2017
type=PROCTITLE msg=audit(1513596607.149:256227): proctitle=7375646F002D69
type=PATH msg=audit(1513596607.149:256227): item=4 name="/var/lib/google-authenticator/chira" inode=7979376 dev=00:29 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=CREATE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513596607.149:256227): item=3 name="/var/lib/google-authenticator/chira" inode=7979347 dev=00:29 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513596607.149:256227): item=2 name="/var/lib/google-authenticator/chira~" inode=7979376 dev=00:29 mode=0100400 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513596607.149:256227): item=1 name="/var/lib/google-authenticator/" inode=7704905 dev=00:29 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1513596607.149:256227): item=0 name="/var/lib/google-authenticator/" inode=7704905 dev=00:29 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=staff_u:object_r:var_auth_t:s0 nametype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1513596607.149:256227): cwd="/etc/pam.d"
type=SYSCALL msg=audit(1513596607.149:256227): arch=c000003e syscall=82 success=yes exit=0 a0=55db60e298b0 a1=55db60e0c3f0 a2=a5 a3=100 items=5 ppid=5767 pid=5968 auid=1000 uid=1000 gid=1000 euid=0 suid=0 fsuid=0 egid=0 sgid=1000 fsgid=0 tty=pts3 ses=2 comm="sudo" exe="/usr/bin/sudo" subj=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 key="delete"
type=AVC msg=audit(1513596607.149:256227): avc:  denied  { unlink } for  pid=5968 comm="sudo" name="chira" dev="dm-1" ino=7979347 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
type=AVC msg=audit(1513596607.149:256227): avc:  denied  { rename } for  pid=5968 comm="sudo" name="chira~" dev="dm-1" ino=7979376 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=file permissive=1
type=AVC msg=audit(1513596607.149:256227): avc:  denied  { remove_name } for  pid=5968 comm="sudo" name="chira~" dev="dm-1" ino=7979376 scontext=staff_u:staff_r:staff_sudo_t:s0-s0:c0.c1023 tcontext=staff_u:object_r:var_auth_t:s0 tclass=dir permissive=1
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux