Stuff I found in my log?
by Knute Johnson
I found some interesting things in my 'messages' log today. I'm not
sure what they mean and would appreciate any information.
This one is the most bothersome. It appears that 'useradd' was
prevented from running this morning only I didn't run it. Would any
other programs run 'useradd' and what would cause it to be denied?
May 23 05:11:49 rabbitbrush kernel: audit(1148386309.877:556): avc:
denied { write } for pid=13906 comm="useradd" name="[1708464]"
dev=pipefs ino=1708464 scontext=user_u:system_r:useradd_t:s0
tcontext=user_u:system_r:unconfined_t:s0 tclass=fifo_file
There are a boatload of these messages. I know that 'webalizer' is a
statistics formatter for the web server but why would it be run
dozens of times and be denied?
May 23 04:02:02 rabbitbrush kernel: audit(1148382121.861:514): avc:
denied { create } for pid=12313 comm="webalizer"
scontext=user_u:system_r:webalizer_t:s0
tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
May 23 04:02:02 rabbitbrush kernel: audit(1148382122.237:515): avc:
denied { create } for pid=12313 comm="webalizer"
scontext=user_u:system_r:webalizer_t:s0
tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
May 23 04:02:02 rabbitbrush kernel: audit(1148382122.237:516): avc:
denied { create } for pid=12313 comm="webalizer"
scontext=user_u:system_r:webalizer_t:s0
tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
What would cause hundreds of these messages to appear in the log. I
know I played with setsebool but I only changed one item.
May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:286): avc:
granted { setbool } for pid=2303 comm="setsebool"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:287): avc:
granted { setbool } for pid=2303 comm="setsebool"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:288): avc:
granted { setbool } for pid=2303 comm="setsebool"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:289): avc:
granted { setbool } for pid=2303 comm="setsebool"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
Thanks very much,
--
Knute Johnson
Molon Labe...
16 years, 10 months
Cannot FTP to /var/www/don/html with SELinux enabled
by Don
Hi,
I have two problems which I think they are similar.
1) I have a directory /var/www/don/html which is owned by don. I
want to ftp some web pages, but I cannot cd to /var/www/don/html when
SELinux is enabled. When I turn SELinux off it works. What do I
need to set to allow this.
2) If I ftp the html files to my home dir the and copy them to
/var/www/don/html they cannot we read by the browser while SELinux is enabled.
Thanks in advance,
Don
16 years, 10 months
File contexts again
by Paul Howarth
Having trouble with default file contexts again.
I have a policy module with the following .fc file:
/home/pgsql -d
gen_context(system_u:object_r:var_lib_t,s0)
/home/pgsql/data -d
gen_context(system_u:object_r:postgresql_db_t,s0)
/home/pgsql/data/.* -d
gen_context(system_u:object_r:postgresql_db_t,s0)
/home/pgsql/data/.* --
gen_context(system_u:object_r:postgresql_db_t,s0)
/home/pgsql/pgstartup\.log --
gen_context(system_u:object_r:postgresql_log_t,s0)
The entries that are not regexes work OK, but as soon as I use a regex,
the type I'm specifying gets overridden by user_home_t when I do a
restorecon.
For instance, if I have a file /home/pgsql/data/test.db, restorecon
labels it user_home_t rather than postgresql_db_t.
/home/pgsql is not the home directory of any user.
Why is this happening?
It appears that some further tweaking to the file contexts sort order
that I put on the wiki
(http://fedoraproject.org/wiki/SELinux/ManagingFileContext) after the
last discussion is needed.
Paul.
16 years, 10 months
Fedora Core +SELinux +VMware GSX server
by Michael Colef
I am wondering if anyone has any information about setting up SELinux
policies or sample policy files for a Fedora Core host running VMware
GSX server. I am presently looking at both FC4 and FC5.
Any help is highly appreciated.
Michael Colef
NYIT
16 years, 10 months
home dir is default_t ?
by Tom London
Running today's rawhide, targeted/enforcing.
I did a 'restorecon -v -R' of my home directory (/home/tbl) and it
relabeled almost everything as default_t.
Did I miss a step in the upgrade?
tom
--
Tom London
16 years, 10 months
Cisco VPNClient does not work with SELinux enabled in FC4
by yukku yukkoooooo
Hi,
I am running on FC4 and I installed Cisco VPN client software, however when I run vpnclient I am getting the error message :
"vpnclient: error while loading shared libraries: /opt/cisco-vpnclient/lib/libvpnapi.so: cannot restore segment prot after reloc: Permission denied"
Friendly neighbourhood Paul Howarth correctly guessed it to be related to SELinux.
I am able to run the vpnclient by disabling the SELinux using
setenforce 0
The chcon command did not work (apparently it is not supposed to work in FC4)
I get a error message "type=AVC msg=audit(1147460693.437:11955217): avc: denied { execmod } "
if I disable selinux and run the vpnclient command.
> Paul Howarth wrote :
> > The memory checks are present in FC4 but disabled by default. It
> > appears
> > that they have somehow been enabled on your system. This should fix
it:
> > # setsebool -P allow_execmod 1
>
> I gave this command and it still does not work with
> SELinux. So digged a littlebit and gave the command
> # getsebool -a | less
> and I got a long output of which I took the ones that might
> make sense to you -
> allow_execmem --> active
> allow_execmod --> active
> allow_execstack --> active
> allow_kerberos --> active
> allow_write_xshm --> active
> allow_ypbind --> active
>> There's something very weird going on there. allow_execmod should do
>> what it says. I'd try asking about this on fedora-selinux-list,
setsebool with execmod is not working either.
I have attached the relevant files as well. Any ideas ?
This should give you an idea of the SELinux version
> selinux-doc-1.19.5-1.noarch.rpm
> selinux-policy-strict-1.23.16-6.noarch.rpm
> selinux-policy-targeted-1.23.16-6.noarch.rpm
Thanks
Newbie Yukku
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 19
Policy from config file: targeted
Policy booleans:
NetworkManager_disable_trans inactive
allow_execmem active
allow_execmod active
allow_execstack active
allow_kerberos active
allow_write_xshm inactive
allow_ypbind inactive
apmd_disable_trans inactive
arpwatch_disable_trans inactive
auditd_disable_trans inactive
bluetooth_disable_trans inactive
canna_disable_trans inactive
cardmgr_disable_trans inactive
comsat_disable_trans inactive
cupsd_config_disable_trans inactive
cupsd_disable_trans inactive
cvs_disable_trans inactive
cyrus_disable_trans inactive
dbskkd_disable_trans inactive
dhcpc_disable_trans inactive
dhcpd_disable_trans inactive
dovecot_disable_trans inactive
fingerd_disable_trans inactive
ftp_home_dir active
ftpd_disable_trans inactive
ftpd_is_daemon active
hald_disable_trans inactive
hotplug_disable_trans inactive
howl_disable_trans inactive
httpd_builtin_scripting active
httpd_can_network_connect inactive
httpd_disable_trans inactive
httpd_enable_cgi active
httpd_enable_homedirs active
httpd_ssi_exec active
httpd_suexec_disable_trans inactive
httpd_tty_comm inactive
httpd_unified active
i18n_input_disable_trans inactive
inetd_child_disable_trans inactive
inetd_disable_trans inactive
innd_disable_trans inactive
kadmind_disable_trans inactive
klogd_disable_trans inactive
krb5kdc_disable_trans inactive
ktalkd_disable_trans inactive
lpd_disable_trans inactive
mysqld_disable_trans inactive
named_disable_trans inactive
named_write_master_zones inactive
nfs_export_all_ro active
nfs_export_all_rw active
nmbd_disable_trans inactive
nscd_disable_trans inactive
ntpd_disable_trans inactive
portmap_disable_trans inactive
postgresql_disable_trans inactive
pppd_disable_trans inactive
pppd_for_user inactive
privoxy_disable_trans inactive
ptal_disable_trans inactive
radiusd_disable_trans inactive
radvd_disable_trans inactive
read_default_t active
rlogind_disable_trans inactive
rsync_disable_trans inactive
samba_enable_home_dirs inactive
saslauthd_disable_trans inactive
slapd_disable_trans inactive
smbd_disable_trans inactive
snmpd_disable_trans inactive
squid_connect_any inactive
squid_disable_trans inactive
stunnel_disable_trans inactive
stunnel_is_daemon inactive
syslogd_disable_trans inactive
system_dbusd_disable_trans inactive
telnetd_disable_trans inactive
tftpd_disable_trans inactive
udev_disable_trans inactive
use_nfs_home_dirs inactive
use_samba_home_dirs inactive
uucpd_disable_trans inactive
winbind_disable_trans inactive
ypbind_disable_trans inactive
ypserv_disable_trans inactive
zebra_disable_trans inactive
16 years, 10 months
Re: httpd can't execute bash?
by Jouni Viikari
I have the same problem:
type=AVC msg=audit(1148808793.986:30189): avc: denied { execute } for
pid=18644 comm="httpd" name="bash" dev=dm-0 ino=3440979
scontext=user_u:system_r:httpd_t:s0
tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Not sure which update started it. Script complaining now used to work
before on FC5.
# getsebool -a | grep http
allow_httpd_anon_write --> off
allow_httpd_sys_script_anon_write --> off
httpd_builtin_scripting --> on
httpd_can_network_connect --> on
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off
httpd_disable_trans --> off
httpd_enable_cgi --> on
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> on
httpd_ssi_exec --> off
httpd_suexec_disable_trans --> off
httpd_tty_comm --> off
httpd_unified --> off
# rpm -qa | grep -i policy
selinux-policy-targeted-2.2.40-1.fc5
checkpolicy-1.30.3-1.fc5
policycoreutils-1.30.8-1.fc5
selinux-policy-2.2.40-1.fc5
-Jouni
16 years, 10 months
webalizer avcs in dmesg (FC5 targeted)
by dragoran
I found tons of such errors in my logs:
audit(1148908532.047:300): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:301): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:302): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:303): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:304): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:305): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:306): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:307): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:308): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:309): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:310): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:311): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:312): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
audit(1148908532.047:313): avc: denied { create } for pid=3924
comm="webalizer" scontext=system_u:system_r:webalizer_t:s0
tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket
whats wrong here?
known bug or new one?
should I fill it in bugzilla?
I am using selinux-policy-targeted-2.2.40-1.fc5 on FC5 x86_64.
16 years, 10 months
automount borked ...
by Tom London
Running latest rawhide, targeted/enforcing.
Lots of AVC from automount:
type=AVC msg=audit(1148751437.978:7): avc: denied { search } for
pid=2042 comm="automount" name="irq" dev=proc ino=-268435217
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.978:7): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.978:7): cwd="/"
type=PATH msg=audit(1148751437.978:7): item=0 name="/proc/irq/cmdline"
obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.982:8): avc: denied { search } for
pid=2042 comm="automount" name="net" dev=proc ino=-268435432
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:object_r:proc_net_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.982:8): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.982:8): cwd="/"
type=PATH msg=audit(1148751437.982:8): item=0 name="/proc/net/cmdline"
obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.982:9): avc: denied { search } for
pid=2042 comm="automount" name="1" dev=proc ino=65538
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:init_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.982:9): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.982:9): cwd="/"
type=PATH msg=audit(1148751437.982:9): item=0 name="/proc/1/cmdline"
obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.982:10): avc: denied { search } for
pid=2042 comm="automount" name="2" dev=proc ino=131074
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.982:10): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.982:10): cwd="/"
type=PATH msg=audit(1148751437.982:10): item=0 name="/proc/2/cmdline"
obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.986:11): avc: denied { search } for
pid=2042 comm="automount" name="3" dev=proc ino=196610
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.986:11): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.986:11): cwd="/"
type=PATH msg=audit(1148751437.986:11): item=0 name="/proc/3/cmdline"
obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.986:12): avc: denied { search } for
pid=2042 comm="automount" name="4" dev=proc ino=262146
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.986:12): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.986:12): cwd="/"
type=PATH msg=audit(1148751437.986:12): item=0 name="/proc/4/cmdline"
obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.986:13): avc: denied { search } for
pid=2042 comm="automount" name="5" dev=proc ino=327682
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.986:13): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.986:13): cwd="/"
type=PATH msg=audit(1148751437.986:13): item=0 name="/proc/5/cmdline"
obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.986:14): avc: denied { search } for
pid=2042 comm="automount" name="6" dev=proc ino=393218
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.986:14): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.986:14): cwd="/"
type=PATH msg=audit(1148751437.986:14): item=0 name="/proc/6/cmdline"
obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.986:15): avc: denied { search } for
pid=2042 comm="automount" name="7" dev=proc ino=458754
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.986:15): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.986:15): cwd="/"
type=PATH msg=audit(1148751437.986:15): item=0 name="/proc/7/cmdline"
obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.986:16): avc: denied { search } for
pid=2042 comm="automount" name="9" dev=proc ino=589826
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.986:16): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.986:16): cwd="/"
type=PATH msg=audit(1148751437.986:16): item=0 name="/proc/9/cmdline"
obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.986:17): avc: denied { search } for
pid=2042 comm="automount" name="10" dev=proc ino=655362
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.986:17): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.986:17): cwd="/"
type=PATH msg=audit(1148751437.986:17): item=0 name="/proc/10/cmdline"
obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.986:18): avc: denied { search } for
pid=2042 comm="automount" name="118" dev=proc ino=7733250
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.986:18): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.986:18): cwd="/"
type=PATH msg=audit(1148751437.986:18): item=0
name="/proc/118/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.990:19): avc: denied { search } for
pid=2042 comm="automount" name="120" dev=proc ino=7864322
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.990:19): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.990:19): cwd="/"
type=PATH msg=audit(1148751437.990:19): item=0
name="/proc/120/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.990:20): avc: denied { search } for
pid=2042 comm="automount" name="174" dev=proc ino=11403266
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.990:20): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.990:20): cwd="/"
type=PATH msg=audit(1148751437.990:20): item=0
name="/proc/174/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.990:21): avc: denied { search } for
pid=2042 comm="automount" name="175" dev=proc ino=11468802
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.990:21): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.990:21): cwd="/"
type=PATH msg=audit(1148751437.990:21): item=0
name="/proc/175/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.990:22): avc: denied { search } for
pid=2042 comm="automount" name="176" dev=proc ino=11534338
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.990:22): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.990:22): cwd="/"
type=PATH msg=audit(1148751437.990:22): item=0
name="/proc/176/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.990:23): avc: denied { search } for
pid=2042 comm="automount" name="177" dev=proc ino=11599874
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.990:23): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.990:23): cwd="/"
type=PATH msg=audit(1148751437.990:23): item=0
name="/proc/177/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.990:24): avc: denied { search } for
pid=2042 comm="automount" name="323" dev=proc ino=21168130
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.990:24): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.990:24): cwd="/"
type=PATH msg=audit(1148751437.990:24): item=0
name="/proc/323/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.990:25): avc: denied { search } for
pid=2042 comm="automount" name="334" dev=proc ino=21889026
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.990:25): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.990:25): cwd="/"
type=PATH msg=audit(1148751437.990:25): item=0
name="/proc/334/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.990:26): avc: denied { search } for
pid=2042 comm="automount" name="355" dev=proc ino=23265282
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.990:26): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.990:26): cwd="/"
type=PATH msg=audit(1148751437.990:26): item=0
name="/proc/355/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.990:27): avc: denied { search } for
pid=2042 comm="automount" name="360" dev=proc ino=23592962
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.990:27): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.990:27): cwd="/"
type=PATH msg=audit(1148751437.990:27): item=0
name="/proc/360/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.994:28): avc: denied { search } for
pid=2042 comm="automount" name="374" dev=proc ino=24510466
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.994:28): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.994:28): cwd="/"
type=PATH msg=audit(1148751437.994:28): item=0
name="/proc/374/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.994:29): avc: denied { search } for
pid=2042 comm="automount" name="393" dev=proc ino=25755650
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.994:29): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.994:29): cwd="/"
type=PATH msg=audit(1148751437.994:29): item=0
name="/proc/393/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.994:30): avc: denied { search } for
pid=2042 comm="automount" name="403" dev=proc ino=26411010
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.994:30): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.994:30): cwd="/"
type=PATH msg=audit(1148751437.994:30): item=0
name="/proc/403/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.994:31): avc: denied { search } for
pid=2042 comm="automount" name="474" dev=proc ino=31064066
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:udev_t:s0-s0:c0.c255 tclass=dir
type=SYSCALL msg=audit(1148751437.994:31): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.994:31): cwd="/"
type=PATH msg=audit(1148751437.994:31): item=0
name="/proc/474/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.994:32): avc: denied { search } for
pid=2042 comm="automount" name="852" dev=proc ino=55836674
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.994:32): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.994:32): cwd="/"
type=PATH msg=audit(1148751437.994:32): item=0
name="/proc/852/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.994:33): avc: denied { search } for
pid=2042 comm="automount" name="1358" dev=proc ino=88997890
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.994:33): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.994:33): cwd="/"
type=PATH msg=audit(1148751437.994:33): item=0
name="/proc/1358/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.994:34): avc: denied { search } for
pid=2042 comm="automount" name="1420" dev=proc ino=93061122
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.994:34): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.994:34): cwd="/"
type=PATH msg=audit(1148751437.994:34): item=0
name="/proc/1420/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.994:35): avc: denied { search } for
pid=2042 comm="automount" name="1455" dev=proc ino=95354882
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:readahead_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.994:35): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.994:35): cwd="/"
type=PATH msg=audit(1148751437.994:35): item=0
name="/proc/1455/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.994:36): avc: denied { search } for
pid=2042 comm="automount" name="1474" dev=proc ino=96600066
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:cpuspeed_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.994:36): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.994:36): cwd="/"
type=PATH msg=audit(1148751437.994:36): item=0
name="/proc/1474/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.998:37): avc: denied { search } for
pid=2042 comm="automount" name="1769" dev=proc ino=115933186
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:dhcpc_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.998:37): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.998:37): cwd="/"
type=PATH msg=audit(1148751437.998:37): item=0
name="/proc/1769/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.998:38): avc: denied { search } for
pid=2042 comm="automount" name="1816" dev=proc ino=119013378
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:auditd_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.998:38): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.998:38): cwd="/"
type=PATH msg=audit(1148751437.998:38): item=0
name="/proc/1816/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.998:39): avc: denied { search } for
pid=2042 comm="automount" name="1818" dev=proc ino=119144450
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.998:39): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.998:39): cwd="/"
type=PATH msg=audit(1148751437.998:39): item=0
name="/proc/1818/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.998:40): avc: denied { search } for
pid=2042 comm="automount" name="1831" dev=proc ino=119996418
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:setrans_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.998:40): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.998:40): cwd="/"
type=PATH msg=audit(1148751437.998:40): item=0
name="/proc/1831/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.998:41): avc: denied { search } for
pid=2042 comm="automount" name="1840" dev=proc ino=120586242
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:syslogd_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.998:41): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.998:41): cwd="/"
type=PATH msg=audit(1148751437.998:41): item=0
name="/proc/1840/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.998:42): avc: denied { search } for
pid=2042 comm="automount" name="1843" dev=proc ino=120782850
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:klogd_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.998:42): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.998:42): cwd="/"
type=PATH msg=audit(1148751437.998:42): item=0
name="/proc/1843/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.998:43): avc: denied { search } for
pid=2042 comm="automount" name="1867" dev=proc ino=122355714
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:portmap_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.998:43): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.998:43): cwd="/"
type=PATH msg=audit(1148751437.998:43): item=0
name="/proc/1867/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.998:44): avc: denied { search } for
pid=2042 comm="automount" name="1886" dev=proc ino=123600898
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:rpcd_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.998:44): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.998:44): cwd="/"
type=PATH msg=audit(1148751437.998:44): item=0
name="/proc/1886/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751437.998:45): avc: denied { search } for
pid=2042 comm="automount" name="1915" dev=proc ino=125501442
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:rpcd_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751437.998:45): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751437.998:45): cwd="/"
type=PATH msg=audit(1148751437.998:45): item=0
name="/proc/1915/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751438.002:46): avc: denied { search } for
pid=2042 comm="automount" name="1954" dev=proc ino=128057346
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751438.002:46): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751438.002:46): cwd="/"
type=PATH msg=audit(1148751438.002:46): item=0
name="/proc/1954/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751438.002:47): avc: denied { search } for
pid=2042 comm="automount" name="1955" dev=proc ino=128122882
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751438.002:47): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751438.002:47): cwd="/"
type=PATH msg=audit(1148751438.002:47): item=0
name="/proc/1955/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751438.002:48): avc: denied { search } for
pid=2042 comm="automount" name="1956" dev=proc ino=128188418
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751438.002:48): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751438.002:48): cwd="/"
type=PATH msg=audit(1148751438.002:48): item=0
name="/proc/1956/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751438.002:49): avc: denied { search } for
pid=2042 comm="automount" name="1967" dev=proc ino=128909314
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751438.002:49): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751438.002:49): cwd="/"
type=PATH msg=audit(1148751438.002:49): item=0
name="/proc/1967/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751438.002:50): avc: denied { search } for
pid=2042 comm="automount" name="1968" dev=proc ino=128974850
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751438.002:50): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751438.002:50): cwd="/"
type=PATH msg=audit(1148751438.002:50): item=0
name="/proc/1968/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751438.002:51): avc: denied { search } for
pid=2042 comm="automount" name="1969" dev=proc ino=129040386
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751438.002:51): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751438.002:51): cwd="/"
type=PATH msg=audit(1148751438.002:51): item=0
name="/proc/1969/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751438.002:52): avc: denied { search } for
pid=2042 comm="automount" name="1989" dev=proc ino=130351106
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:system_dbusd_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751438.002:52): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751438.002:52): cwd="/"
type=PATH msg=audit(1148751438.002:52): item=0
name="/proc/1989/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751438.002:53): avc: denied { search } for
pid=2042 comm="automount" name="2030" dev=proc ino=133038082
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:bluetooth_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751438.002:53): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751438.002:53): cwd="/"
type=PATH msg=audit(1148751438.002:53): item=0
name="/proc/2030/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751438.002:54): avc: denied { search } for
pid=2042 comm="automount" name="2038" dev=proc ino=133562370
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:initrc_t:s0 tclass=dir
type=SYSCALL msg=audit(1148751438.002:54): arch=40000003 syscall=5
success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751438.002:54): cwd="/"
type=PATH msg=audit(1148751438.002:54): item=0
name="/proc/2038/cmdline" obj=system_u:object_r:proc_t:s0
type=AVC msg=audit(1148751438.006:55): avc: denied { setrlimit } for
pid=2042 comm="automount" scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:automount_t:s0 tclass=process
type=SYSCALL msg=audit(1148751438.006:55): arch=40000003 syscall=75
success=no exit=-13 a0=7 a1=bffb3fd8 a2=23fff4 a3=bffb3fd8 items=0
pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=AVC msg=audit(1148751438.006:56): avc: denied { execute } for
pid=2047 comm="automount" name="modprobe" dev=dm-0 ino=2687107
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1148751438.006:56): arch=40000003 syscall=11
success=no exit=-13 a0=dc1fdf a1=bffb2e80 a2=848d1e8 a3=dc1fdf items=1
pid=2047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount"
subj=system_u:system_r:automount_t:s0
type=CWD msg=audit(1148751438.006:56): cwd="/"
type=PATH msg=audit(1148751438.006:56): item=0 name="/sbin/modprobe"
inode=2687107 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:insmod_exec_t:s0
--
Tom London
16 years, 10 months
Really wierd 'more' interaction with 'newrole' and stderr...
by Valdis.Kletnieks@vt.edu
OK.. .running Rawhide as of this morning, strict policy in permissive
mode - so selinux *shouldn't* kill anything off.
I start off as a user, and then 'su' to root. I'm running with:
# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=valdis:staff_r:staff_t
# ls -lZ `tty`
crw------- valdis valdis valdis:object_r:staff_devpts_t /dev/pts/0
If I do 'more /etc/passwd /etc/group', it works fine (any two files is OK,
or any single file over 1 screen long).
Then I 'newrole -r sysadm_r'..
# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=valdis:sysadm_r:sysadm_t
# ls -lZ `tty`
crw------- valdis valdis valdis:object_r:sysadm_devpts_t /dev/pts/0
Now if I try to 'more' anything that's more than one screen, it just silently
exits after the first screen/file/etc.
Some poking with strace indicates that when it fails, we have this:
getcwd("/home/valdis", 4098) = 13
write(1, "\33[7m--More--(Next file: /etc/gro"..., 40)) = 40
read(2, 0xbfa266c7, 1) = -1 EBADF (Bad file descriptor)
ioctl(2, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0) = 4
exit_group(0) = ?
while the working case has:
getcwd("/home/valdis", 4098) = 13
write(1, "\33[7m--More--(Next file: /etc/gro"..., 40)) = 40
read(2, "\n", 1) = 1
The problem is in newrole.c, where we do this:
fd = open(ttyn,O_WRONLY);
to open fd2. Now, should this be fixed to O_RDWR, or should 'more'
be fixed to read off stdin rather than stderr?
16 years, 10 months
