Andrew Farris wrote:
Andrew Farris wrote:
Jim Cornette wrote:
Also SEtroubleshooter oes wild on my system and I had to disable it.
Once an episode is encountered it should not bring up a balloon for
each policy infringement. After several thousand denials the system
gets a bit overloaded like a DOS condition. I hope it can be reformed
to not put up a balloon with every episode.
With the new version it should have an option to keep the notification
from showing when you've got setroubleshoot open already. I haven't
checked whether that is in the version in rawhide yet, but John Dennis
got that added after an RFE bug I posted for it.
I just checked and this did make it into the latest rawhide version, see
/etc/setroubleshoot/setroubleshoot.cfg and look for [alert]. Setting
use_notification = browser_hidden
should do the trick. That will help with the annoyance during a major
selinux problem.
That sounds like a worthy change. I ignored the balloon for awhile but
the younger 6 yr. old grandchild would ask what was coming up when she
was using the computer. The error causing the repeat balloon seemed to
be this error.
I checked the quiet checkbox for now and the balloon and system
resources seems to be reduced.
Thanks!
Jim
--
"Little else matters than to write good code."
-- Karl Lehenbauer
Summary:
SELinux is preventing gam_server (gamin_t) "sys_ptrace" to <Unknown> (gamin_t).
Detailed Description:
SELinux denied access requested by gam_server. It is not expected that this
access is required by gam_server and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:system_r:gamin_t
Target Context system_u:system_r:gamin_t
Target Objects None [ capability ]
Source gam_server
Source Path /usr/libexec/gam_server
Port <Unknown>
Host HP-JCF7
Source RPM Packages gamin-0.1.9-5.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-19.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name HP-JCF7
Platform Linux HP-JCF7 2.6.25-0.113.rc5.git2.fc9 #1 SMP Tue
Mar 11 23:11:11 EDT 2008 i686 athlon
Alert Count 236
First Seen Thu 20 Mar 2008 10:50:56 PM EDT
Last Seen Thu 20 Mar 2008 10:52:55 PM EDT
Local ID 7f266d75-0650-4858-8f52-432c8759b20a
Line Numbers
Raw Audit Messages
host=HP-JCF7 type=AVC msg=audit(1206067975.729:21643): avc: denied { sys_ptrace } for pid=2215 comm="gam_server" capability=19 scontext=system_u:system_r:gamin_t:s0 tcontext=system_u:system_r:gamin_t:s0 tclass=capability
host=HP-JCF7 type=SYSCALL msg=audit(1206067975.729:21643): arch=40000003 syscall=195 success=no exit=-13 a0=85ff9b8 a1=bf9fcb20 a2=5e6ff4 a3=bf9fccbc items=0 ppid=1 pid=2215 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gam_server" exe="/usr/libexec/gam_server" subj=system_u:system_r:gamin_t:s0 key=(null)
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
