Search squid archive

Squid selinux audit review needed.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Since I am not selinux expret but I am looking at couple issues I am not sure what the issue is. I have a glusterfs squid machine as a client and then I restarted the squid instance.
All of a sudden I got a "Permission Denied(13)" in the logs.
I took an audit.log output for the time of server restarting.
Please take a look on it.
it maybe related to fusefs?

##START
tail /var/log/audit/audit.log -f
type=AVC msg=audit(1394456998.422:4293): avc: denied { search } for pid=17578 comm="squid" name="/" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394456998.422:4293): arch=c000003e syscall=59 success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8 a3=376e018240 items=0 ppid=17577 pid=17578 auid=0 uid=23 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394456998.470:4294): avc: denied { getattr } for pid=17583 comm="squid" path="/mnt/gluster" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394456998.470:4294): arch=c000003e syscall=4 success=no exit=-13 a0=254d830 a1=7fff24caccf0 a2=7fff24caccf0 a3=0 items=0 ppid=17577 pid=17583 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394456998.509:4295): avc: denied { search } for pid=17582 comm="squid" name="/" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394456998.509:4295): arch=c000003e syscall=2 success=no exit=-13 a0=1bc4d30 a1=2 a2=1a4 a3=1 items=0 ppid=17577 pid=17582 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394456998.591:4296): avc: denied { create } for pid=17579 comm="squid" name="coordinator.ipc" scontext=unconfined_u:system_r:squid_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file type=SYSCALL msg=audit(1394456998.591:4296): arch=c000003e syscall=49 success=no exit=-13 a0=a a1=254f9ac a2=20 a3=98 items=0 ppid=17577 pid=17579 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394456998.611:4297): avc: denied { search } for pid=17580 comm="squid" name="/" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394456998.611:4297): arch=c000003e syscall=2 success=no exit=-13 a0=1375d30 a1=2 a2=1a4 a3=1 items=0 ppid=17577 pid=17580 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394456998.625:4298): avc: denied { create } for pid=17582 comm="squid" name="kid-2.ipc" scontext=unconfined_u:system_r:squid_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file type=SYSCALL msg=audit(1394456998.625:4298): arch=c000003e syscall=49 success=no exit=-13 a0=a a1=1ff4f0c a2=1a a3=98 items=0 ppid=17577 pid=17582 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394456998.675:4299): avc: denied { create } for pid=17580 comm="squid" name="kid-3.ipc" scontext=unconfined_u:system_r:squid_t:s0 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file type=SYSCALL msg=audit(1394456998.675:4299): arch=c000003e syscall=49 success=no exit=-13 a0=a a1=17a5f0c a2=1a a3=98 items=0 ppid=17577 pid=17580 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394457000.930:4300): avc: denied { search } for pid=17589 comm="squid" name="/" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394457000.930:4300): arch=c000003e syscall=59 success=no exit=-13 a0=7ffffc192040 a1=7ffffc18ffa0 a2=7ffffc1923a8 a3=376e018240 items=0 ppid=17515 pid=17589 auid=0 uid=23 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394457001.475:4301): avc: denied { search } for pid=17590 comm="squid" name="/" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394457001.475:4301): arch=c000003e syscall=59 success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8 a3=376e018240 items=0 ppid=17577 pid=17590 auid=0 uid=23 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394457001.601:4302): avc: denied { getattr } for pid=17591 comm="squid" path="/mnt/gluster" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394457001.601:4302): arch=c000003e syscall=4 success=no exit=-13 a0=2604830 a1=7fff2803ffd0 a2=7fff2803ffd0 a3=0 items=0 ppid=17577 pid=17591 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=USER_ACCT msg=audit(1394457001.778:4303): pid=17593 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_ACQ msg=audit(1394457001.778:4304): pid=17593 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=LOGIN msg=audit(1394457001.791:4305): login pid=17593 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=634 type=USER_START msg=audit(1394457001.794:4306): pid=17593 uid=0 auid=0 ses=634 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_DISP msg=audit(1394457001.874:4307): pid=17593 uid=0 auid=0 ses=634 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_END msg=audit(1394457001.874:4308): pid=17593 uid=0 auid=0 ses=634 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=AVC msg=audit(1394457004.605:4309): avc: denied { search } for pid=17596 comm="squid" name="/" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394457004.605:4309): arch=c000003e syscall=59 success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8 a3=376e018240 items=0 ppid=17577 pid=17596 auid=0 uid=23 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394457004.642:4310): avc: denied { getattr } for pid=17597 comm="squid" path="/mnt/gluster" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394457004.642:4310): arch=c000003e syscall=4 success=no exit=-13 a0=26db830 a1=7fffe7c992e0 a2=7fffe7c992e0 a3=0 items=0 ppid=17577 pid=17597 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394457007.646:4311): avc: denied { search } for pid=17599 comm="squid" name="/" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394457007.646:4311): arch=c000003e syscall=59 success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8 a3=376e018240 items=0 ppid=17577 pid=17599 auid=0 uid=23 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394457007.678:4312): avc: denied { getattr } for pid=17600 comm="squid" path="/mnt/gluster" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394457007.678:4312): arch=c000003e syscall=4 success=no exit=-13 a0=23af830 a1=7fff5a8c0670 a2=7fff5a8c0670 a3=0 items=0 ppid=17577 pid=17600 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394457010.680:4313): avc: denied { search } for pid=17602 comm="squid" name="/" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394457010.680:4313): arch=c000003e syscall=59 success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8 a3=376e018240 items=0 ppid=17577 pid=17602 auid=0 uid=23 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394457010.714:4314): avc: denied { getattr } for pid=17603 comm="squid" path="/mnt/gluster" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394457010.714:4314): arch=c000003e syscall=4 success=no exit=-13 a0=2065830 a1=7fffaef4cf80 a2=7fffaef4cf80 a3=0 items=0 ppid=17577 pid=17603 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=AVC msg=audit(1394457013.717:4315): avc: denied { search } for pid=17606 comm="squid" name="/" dev="fuse" ino=1 scontext=unconfined_u:system_r:squid_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1394457013.717:4315): arch=c000003e syscall=59 success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8 a3=376e018240 items=0 ppid=17577 pid=17606 auid=0 uid=23 gid=23 euid=0 suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null) type=CRYPTO_SESSION msg=audit(1394457058.505:4316): pid=11244 uid=0 auid=0 ses=388 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes256-ctr ksize=256 spid=11244 suid=0 rport=52477 laddr=192.168.10.111 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.10.125 terminal=? res=success' type=CRYPTO_SESSION msg=audit(1394457058.506:4317): pid=11244 uid=0 auid=0 ses=388 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes256-ctr ksize=256 spid=11244 suid=0 rport=52477 laddr=192.168.10.111 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.10.125 terminal=? res=success' type=CRYPTO_KEY_USER msg=audit(1394457058.684:4318): pid=11244 uid=0 auid=0 ses=388 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=from-client spid=11244 suid=0 rport=52477 laddr=192.168.10.111 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.10.125 terminal=? res=success' type=CRYPTO_KEY_USER msg=audit(1394457058.836:4319): pid=11244 uid=0 auid=0 ses=388 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=from-server spid=11244 suid=0 rport=52477 laddr=192.168.10.111 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.10.125 terminal=? res=success'
##END

Eliezer




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux