-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/10/2011 02:12 PM, Vadym Chepkov wrote:
On Jan 10, 2011, at 1:32 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/10/2011 12:40 PM, Vadym Chepkov wrote:
>> Hi,
>>
>> Is it safe to permit these?
>>
>> selinux-policy-3.9.7-18.fc14.noarch
>>
>> # ausearch -m avc -ts yesterday
>> ----
>> time->Sun Jan 9 11:23:14 2011
>> type=SYSCALL msg=audit(1294590194.604:12): arch=40000003 syscall=5 success=yes
exit=18 a0=57b497 a1=0 a2=1b6 a3=58856a items=0 ppid=1 pid=997 auid=4294967295 uid=28
gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295
comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0
key=(null)
>> type=AVC msg=audit(1294590194.604:12): avc: denied { read } for pid=997
comm="nscd" name="/" dev=dm-2 ino=2
scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
>> ----
>> time->Sun Jan 9 11:23:14 2011
>> type=SYSCALL msg=audit(1294590194.604:13): arch=40000003 syscall=195 success=yes
exit=0 a0=57b49c a1=ae2f16bc a2=29fff4 a3=3 items=0 ppid=1 pid=997 auid=4294967295 uid=28
gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295
comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0
key=(null)
>> type=AVC msg=audit(1294590194.604:13): avc: denied { read } for pid=997
comm="nscd" name="tmp" dev=dm-0 ino=15581
scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
>> ----
>> time->Sun Jan 9 11:41:04 2011
>> type=SYSCALL msg=audit(1294591264.449:7): arch=40000003 syscall=195 success=yes
exit=0 a0=3f049c a1=ae9f964c a2=38bff4 a3=3 items=0 ppid=1 pid=973 auid=4294967295 uid=28
gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295
comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0
key=(null)
>> type=AVC msg=audit(1294591264.449:7): avc: denied { read } for pid=973
comm="nscd" name="tmp" dev=dm-0 ino=15581
scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
>> ----
>> time->Sun Jan 9 11:41:04 2011
>> type=SYSCALL msg=audit(1294591264.448:6): arch=40000003 syscall=5 success=yes
exit=16 a0=3f0497 a1=0 a2=1b6 a3=3fd56a items=0 ppid=1 pid=973 auid=4294967295 uid=28
gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295
comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0
key=(null)
>> type=AVC msg=audit(1294591264.448:6): avc: denied { read } for pid=973
comm="nscd" name="/" dev=dm-2 ino=2
scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
>>
>>
>>
>>
>> --
>> selinux mailing list
>> selinux(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
> What is nscd looking for in /tmp?
nscd is part of glibc, so the source code is really huge and it uses TMPDIR environment
variable all over the place.
"Don't know" would be an honest answer. Shall I open bugzilla about it?
Thanks,
Vadym
I have a feeling that you can dontaudit these rather then allow. Might
be a leaked file descriptor from the calling app. (cron?)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk0rX2cACgkQrlYvE4MpobNfXwCcCJ/uonJ+AQksGDqs51dz4kft
pogAn3ZgADIp02vlCzvN3Vnh3lMQIcQM
=LLh0
-----END PGP SIGNATURE-----