> > Could you send me the output of > > ausearch -m avc > > > > If audit is not running send me > > > > grep avc /var/log/messages > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.11 (GNU/Linux) > > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > > > > iEYEARECAAYFAk6MXHQACgkQrlYvE4MpobMjJACglIoDWdgYu4wJMwF3Hwc05jE5 > > evYAn1zQ5s83+J/A7AQf00sU3WuqpTQ9 > > =Qga3 > > -----END PGP SIGNATURE----- > > > > [students@localhost ~]$ su - > Password: > [root@localhost ~]# ausearch -m avc > ---- > time->Tue Oct 4 19:58:30 2011 > type=SYSCALL msg=audit(1317776310.816:77): arch=c000003e > syscall=189 success=no exit=-22 a0=bb1ce30 a1=7fd0a4e0123b > a2=bb3afe0 a3=24 items=0 ppid=1367 pid=1427 auid=1000 uid=0 > gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 > ses=1 comm="yum" exe="/usr/bin/python" > subj=unconfined_u:system_r:rpm_t:s0-s0:c0.c1023 key=(null) > type=AVC msg=audit(1317776310.816:77): avc: > denied { mac_admin } for pid=1427 comm="yum" > capability=33 > scontext=unconfined_u:system_r:rpm_t:s0-s0:c0.c1023 > tcontext=unconfined_u:system_r:rpm_t:s0-s0:c0.c1023 > tclass=capability2 > [root@localhost ~]# service auditd status > Redirecting to /bin/systemctl status auditd.service > auditd.service - Security Auditing Service > Loaded: loaded > (/lib/systemd/system/auditd.service; enabled) > Active: active (running) since > Tue, 04 Oct 2011 20:21:01 -0500; 21h ago > Process: 910 > ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules > (code=exited, status=0/SUCCESS) > Main PID: 906 (auditd) > CGroup: > name=systemd:/system/auditd.service > ├ 906 > /sbin/auditd -n > ├ 946 > /sbin/audispd > └ 948 > /usr/sbin/sedispatch > > > Thanks, > > Antonio > -- While installing from livecd, this is the seaplugin alert that I got: SELinux is preventing /sbin/ldconfig from append access on the chr_file /dev/tty3. ***** Plugin leaks (50.5 confidence) suggests ****************************** If you want to ignore ldconfig trying to append access the tty3 chr_file, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # grep /sbin/ldconfig /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp ***** Plugin catchall (50.5 confidence) suggests *************************** If you believe that ldconfig should be allowed append access on the tty3 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep ldconfig /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c102 3 Target Context system_u:object_r:tty_device_t:s0 Target Objects /dev/tty3 [ chr_file ] Source ldconfig Source Path /sbin/ldconfig Port <Unknown> Host localhost.localdomain Source RPM Packages glibc-2.14.90-8 Target RPM Packages Policy RPM selinux-policy-3.10.0-32.fc16 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name localhost.localdomain Platform Linux localhost.localdomain 3.1.0-0.rc6.git0.3.fc16.x86_64 #1 SMP Fri Sep 16 12:26:22 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Wed 05 Oct 2011 02:40:53 PM CDT Last Seen Wed 05 Oct 2011 02:40:53 PM CDT Local ID c1953056-941c-4d02-9cfe-ddce29f219d3 Raw Audit Messages type=AVC msg=audit(1317843653.766:69): avc: denied { append } for pid=13323 comm="ldconfig" path="/dev/tty3" dev=devtmpfs ino=37 scontext=unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file type=AVC msg=audit(1317843653.766:69): avc: denied { read write } for pid=13323 comm="ldconfig" path="/dev/mapper/control" dev=devtmpfs ino=185 scontext=unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lvm_control_t:s0 tclass=chr_file type=SYSCALL msg=audit(1317843653.766:69): arch=x86_64 syscall=execve success=yes exit=0 a0=1d67650 a1=1cd8aa0 a2=1d80530 a3=7fffc91fec80 items=0 ppid=3359 pid=13323 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=ldconfig exe=/sbin/ldconfig subj=unconfined_u:unconfined_r:ldconfig_t:s0-s0:c0.c1023 key=(null) Hash: ldconfig,ldconfig_t,tty_device_t,chr_file,append audit2allow #============= ldconfig_t ============== allow ldconfig_t lvm_control_t:chr_file { read write }; allow ldconfig_t tty_device_t:chr_file append; audit2allow -R #============= ldconfig_t ============== allow ldconfig_t lvm_control_t:chr_file { read write }; allow ldconfig_t tty_device_t:chr_file append; I could not capture it at first clicked on dismiss :( I have installed Beta on at least 3 machines two i686s and one x86_64 and installing one x86_64 at this time :) Regards, Antonio -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
