Alert on mac_admin /usr/sbin/setfiles capability2
Daniel J Walsh
dwalsh at redhat.com
Sun May 25 15:23:28 UTC 2014
This looks like the file_context file does not match the policy that is
loaded into the kernel.
Execute:
# semodule -B
Which should recompile and load the policy.
On 05/25/2014 06:40 AM, Shintaro Fujiwara wrote:
> I updated fedora20 now and got SELinux alert.
> What's wrong?
>
> SELinux is preventing /usr/sbin/setfiles from mac_admin access on the
> capability2 .
>
> ***** Plugin catchall (100. confidence) suggests
> **************************
>
> # grep restorecon /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Additional Information:
> Source Context
> unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023
> Target Context
> unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023
> Target Objects [ capability2 ]
> Source restorecon
> Source Path /usr/sbin/setfiles
> Port <Unknown>
> Host localhost.localdomain
> Source RPM Packages policycoreutils-2.2.5-3.fc20.x86_64
> Target RPM Packages
> Policy RPM selinux-policy-3.12.1-158.fc20.noarch
> selinux-
> policy-3.12.1-166.fc20.noarch
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Host Name localhost.localdomain
> Platform Linux localhost.localdomain
> 3.14.4-200.fc20.x86_64
> #1 SMP Tue May 13 13:51:08 UTC 2014
> x86_64 x86_64
> Alert Count 3
> First Seen 2014-02-20 00:11:29 JST
> Last Seen 2014-05-25 19:36:13 JST
> Local ID 0a51e340-8e41-42fb-8c41-4c3d3d7fee6f
>
> Raw Audit Messages
> type=AVC msg=audit(1401014173.443:796): avc: denied { mac_admin }
> for pid=13598 comm="restorecon" capability=33
> scontext=unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023
> tclass=capability2
>
>
> type=SYSCALL msg=audit(1401014173.443:796): arch=x86_64
> syscall=lsetxattr success=no exit=EINVAL a0=7f5e992cc820
> a1=7f5e9708556e a2=7f5e992cf070 a3=29 items=0 ppid=13002 pid=13598
> auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=pts2 ses=1 comm=restorecon exe=/usr/sbin/setfiles
> subj=unconfined_u:system_r:setfiles_t:s0-s0:c0.c1023 key=(null)
>
> Hash: restorecon,setfiles_t,setfiles_t,capability2,mac_admin
>
>
> --
> 日本にヘヴィメタル・ハードロックを根付かせるページ
> http://heavymetalhardrock.no-ip.info/
>
> 世界中でセキュアOSのSELinuxを使いやすくするフリーソフト
> http://sourceforge.net/projects/segatex/
>
> CMS(PHPとPostgreSQLを使ったフリーソフト)
> http://sourceforge.net/projects/webon/
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20140525/cdca4fe9/attachment-0001.html>
More information about the selinux
mailing list