Re: RHEL 5.3 and sealert -b

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

Looking at the browser the advice it gives me about this error was to allow
an access rule to selinux this way:


#more allowrule

type=AVC msg=audit(1236084821.214:171): avc:  denied  { connectto } for
pid=212

3 comm="setroubleshootd" path="/var/run/audispd_events"
scontext=system_u:system

_r:setroubleshootd_t:s0 tcontext=system_u:system_r:auditd_t:s0
tclass=unix_strea

m_socket



this text is taken from audit.log

#audit2allow -M local < allowrule

******************** IMPORTANT ***********************

To make this policy package active, execute:

semodule -i local.pp



#semodule -i local.pp

Now it works fine.

Why happened this? it´s a mistery...

ESG



2009/3/3 George Magklaras <georgios@xxxxxxxxxxxxx>

> Hi again,
>
> ESGLinux wrote:
>
>> in /var/log/audit/audit.log there are a lot of logs with AVC
>>> ...
>>>
>>> u:system_r:setroubleshootd_t:s0
>>> tcontext=system_u:object_r:auditd_var_run_t:s0 tclass=sock_file
>>> type=AVC msg=audit(1236072678.050:68): avc:  denied  { write } for
>>> pid=2130 comm="setroubleshootd" name="audispd_events" dev=hda8 ino=16329
>>> scontext=system_u:system_r:setroubleshootd_t:s0
>>> tcontext=system_u:object_r:auditd_var_run_t:s0 tclass=sock_file
>>> type=AVC msg=audit(1236072738.057:69): avc:  denied  { write } for
>>> pid=2130 comm="setroubleshootd" name="audispd_events" dev=hda8 ino=16329
>>> scontext=system_u:system_r:setroubleshootd_t:s0
>>> tcontext=system_u:object_r:auditd_var_run_t:s0 tclass=sock_file
>>> type=AVC msg=audit(1236085050.837:8): avc:  denied  { write } for
>>>  pid=2123
>>> comm="setroubleshootd" name="audispd_events" dev=hda8 ino=16329
>>> scontext=system_u:system_r:setroubleshootd_t:s0
>>> tcontext=system_u:object_r:auditd_var_run_t:s0 tclass=sock_file
>>> type=USER_TTY msg=audit(1236085103.658:21): user pid=2940 uid=0 auid=0
>>> subj=root:system_r:unconfined_t:s0-s0:c0.c1023 msg='grep AVC audit.log '
>>> type=AVC msg=audit(1236085110.848:22): avc:  denied  { write } for
>>> pid=2123 comm="setroubleshootd" name="audispd_events" dev=hda8 ino=16329
>>> scontext=system_u:system_r:setroubleshootd_t:s0
>>> tcontext=system_u:object_r:auditd_var_run_t:s0 tclass=sock_file
>>> type=USE
>>>
>>
> These messages indicate that setroubleshootd itself has problems
> communicating with the OS audit daemon. Interesting! Could it be that you
> should try to restart the audit daemon by doing a service auditd stop
> followed by a service auditd start.
>
> If the problem is not cured by this, then you need to look at the context
> of the files been shown in the AVC messages( name="audispd_events" dev=hda8
> ino=16329). I am guessing that this probably refers to a file under
> /var/run:
>
> srw-r-----  root    root    user_u:object_r:audisp_var_run_t audispd_events
> -rw-r--r--  root    root    user_u:object_r:auditd_var_run_t auditd.pid
> drwxr-xr-x  root    root    system_u:object_r:setroubleshoot_var_run_t
> setroubleshoot
>
>
> You should then have at this point access to these files in the correct
> SElinux context under /var/run and try to make it winge by executing a
> manually installed version of Open Office 3. You should see the star icon
> popping up.
>
>
>
> --
> --
> George Magklaras BSc Hons MPhil
> RHCE:805008309135525
>
> Senior Computer Systems Engineer/UNIX-Linux Systems Administrator
> EMBnet Technical Management Board
> The Biotechnology Centre of Oslo,
> University of Oslo
> http://folk.uio.no/georgios
>
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux