Alert on mac_admin /usr/sbin/setfiles capability2

Daniel J Walsh dwalsh at redhat.com
Sun May 25 15:23:28 UTC 2014 

This looks like the file_context file does not match the policy that is
loaded into the kernel.

Execute:

# semodule -B
Which should recompile and load the policy.


On 05/25/2014 06:40 AM, Shintaro Fujiwara wrote:
> I updated fedora20 now and got SELinux alert.
> What's wrong?
>
> SELinux is preventing /usr/sbin/setfiles from mac_admin access on the
> capability2 .
>
> *****  Plugin catchall (100. confidence) suggests  
> **************************
>
> # grep restorecon /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Additional Information:
> Source Context               
> unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023
> Target Context               
> unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023
> Target Objects                 [ capability2 ]
> Source                        restorecon
> Source Path                   /usr/sbin/setfiles
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           policycoreutils-2.2.5-3.fc20.x86_64
> Target RPM Packages          
> Policy RPM                    selinux-policy-3.12.1-158.fc20.noarch
> selinux-
>                               policy-3.12.1-166.fc20.noarch
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
> 3.14.4-200.fc20.x86_64
>                               #1 SMP Tue May 13 13:51:08 UTC 2014
> x86_64 x86_64
> Alert Count                   3
> First Seen                    2014-02-20 00:11:29 JST
> Last Seen                     2014-05-25 19:36:13 JST
> Local ID                      0a51e340-8e41-42fb-8c41-4c3d3d7fee6f
>
> Raw Audit Messages
> type=AVC msg=audit(1401014173.443:796): avc:  denied  { mac_admin }
> for  pid=13598 comm="restorecon" capability=33 
> scontext=unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023
> tclass=capability2
>
>
> type=SYSCALL msg=audit(1401014173.443:796): arch=x86_64
> syscall=lsetxattr success=no exit=EINVAL a0=7f5e992cc820
> a1=7f5e9708556e a2=7f5e992cf070 a3=29 items=0 ppid=13002 pid=13598
> auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=pts2 ses=1 comm=restorecon exe=/usr/sbin/setfiles
> subj=unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023 key=(null)
>
> Hash: restorecon,setfiles_t,setfiles_t,capability2,mac_admin
>
>
> -- 
> 日本にヘヴィメタル・ハードロックを根付かせるページ
> http://heavymetalhardrock.no-ip.info/
>
> 世界中でセキュアOSのSELinuxを使いやすくするフリーソフト
> http://sourceforge.net/projects/segatex/
>
> CMS(PHPとPostgreSQLを使ったフリーソフト)
> http://sourceforge.net/projects/webon/
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20140525/cdca4fe9/attachment-0001.html>

More information about the selinux mailing list