May 2006 - selinux - Fedora Mailing-Lists

by Knute Johnson

I found some interesting things in my 'messages' log today. I'm not sure what they mean and would appreciate any information. This one is the most bothersome. It appears that 'useradd' was prevented from running this morning only I didn't run it. Would any other programs run 'useradd' and what would cause it to be denied? May 23 05:11:49 rabbitbrush kernel: audit(1148386309.877:556): avc: denied { write } for pid=13906 comm="useradd" name="[1708464]" dev=pipefs ino=1708464 scontext=user_u:system_r:useradd_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=fifo_file There are a boatload of these messages. I know that 'webalizer' is a statistics formatter for the web server but why would it be run dozens of times and be denied? May 23 04:02:02 rabbitbrush kernel: audit(1148382121.861:514): avc: denied { create } for pid=12313 comm="webalizer" scontext=user_u:system_r:webalizer_t:s0 tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket May 23 04:02:02 rabbitbrush kernel: audit(1148382122.237:515): avc: denied { create } for pid=12313 comm="webalizer" scontext=user_u:system_r:webalizer_t:s0 tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket May 23 04:02:02 rabbitbrush kernel: audit(1148382122.237:516): avc: denied { create } for pid=12313 comm="webalizer" scontext=user_u:system_r:webalizer_t:s0 tcontext=user_u:system_r:webalizer_t:s0 tclass=netlink_route_socket What would cause hundreds of these messages to appear in the log. I know I played with setsebool but I only changed one item. May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:286): avc: granted { setbool } for pid=2303 comm="setsebool" scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:287): avc: granted { setbool } for pid=2303 comm="setsebool" scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:288): avc: granted { setbool } for pid=2303 comm="setsebool" scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security May 22 17:33:58 rabbitbrush kernel: audit(1148344436.645:289): avc: granted { setbool } for pid=2303 comm="setsebool" scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security Thanks very much, -- Knute Johnson Molon Labe...

17 years, 10 months

5
9
0 / 0

Cannot FTP to /var/www/don/html with SELinux enabled

by Don

Hi, I have two problems which I think they are similar. 1) I have a directory /var/www/don/html which is owned by don. I want to ftp some web pages, but I cannot cd to /var/www/don/html when SELinux is enabled. When I turn SELinux off it works. What do I need to set to allow this. 2) If I ftp the html files to my home dir the and copy them to /var/www/don/html they cannot we read by the browser while SELinux is enabled. Thanks in advance, Don

17 years, 11 months

3
4
0 / 0

File contexts again

by Paul Howarth

Having trouble with default file contexts again. I have a policy module with the following .fc file: /home/pgsql -d gen_context(system_u:object_r:var_lib_t,s0) /home/pgsql/data -d gen_context(system_u:object_r:postgresql_db_t,s0) /home/pgsql/data/.* -d gen_context(system_u:object_r:postgresql_db_t,s0) /home/pgsql/data/.* -- gen_context(system_u:object_r:postgresql_db_t,s0) /home/pgsql/pgstartup\.log -- gen_context(system_u:object_r:postgresql_log_t,s0) The entries that are not regexes work OK, but as soon as I use a regex, the type I'm specifying gets overridden by user_home_t when I do a restorecon. For instance, if I have a file /home/pgsql/data/test.db, restorecon labels it user_home_t rather than postgresql_db_t. /home/pgsql is not the home directory of any user. Why is this happening? It appears that some further tweaking to the file contexts sort order that I put on the wiki (http://fedoraproject.org/wiki/SELinux/ManagingFileContext) after the last discussion is needed. Paul.

17 years, 11 months

3
11
0 / 0

Fedora Core +SELinux +VMware GSX server

by Michael Colef

I am wondering if anyone has any information about setting up SELinux policies or sample policy files for a Fedora Core host running VMware GSX server. I am presently looking at both FC4 and FC5. Any help is highly appreciated. Michael Colef NYIT

17 years, 11 months

2
1
0 / 0

home dir is default_t ?

by Tom London

Running today's rawhide, targeted/enforcing. I did a 'restorecon -v -R' of my home directory (/home/tbl) and it relabeled almost everything as default_t. Did I miss a step in the upgrade? tom -- Tom London

17 years, 11 months

1
0
0 / 0

Cisco VPNClient does not work with SELinux enabled in FC4

by yukku yukkoooooo

Hi, I am running on FC4 and I installed Cisco VPN client software, however when I run vpnclient I am getting the error message : "vpnclient: error while loading shared libraries: /opt/cisco-vpnclient/lib/libvpnapi.so: cannot restore segment prot after reloc: Permission denied" Friendly neighbourhood Paul Howarth correctly guessed it to be related to SELinux. I am able to run the vpnclient by disabling the SELinux using setenforce 0 The chcon command did not work (apparently it is not supposed to work in FC4) I get a error message "type=AVC msg=audit(1147460693.437:11955217): avc: denied { execmod } " if I disable selinux and run the vpnclient command. > Paul Howarth wrote : > > The memory checks are present in FC4 but disabled by default. It > > appears > > that they have somehow been enabled on your system. This should fix it: > > # setsebool -P allow_execmod 1 > > I gave this command and it still does not work with > SELinux. So digged a littlebit and gave the command > # getsebool -a | less > and I got a long output of which I took the ones that might > make sense to you - > allow_execmem --> active > allow_execmod --> active > allow_execstack --> active > allow_kerberos --> active > allow_write_xshm --> active > allow_ypbind --> active >> There's something very weird going on there. allow_execmod should do >> what it says. I'd try asking about this on fedora-selinux-list, setsebool with execmod is not working either. I have attached the relevant files as well. Any ideas ? This should give you an idea of the SELinux version > selinux-doc-1.19.5-1.noarch.rpm > selinux-policy-strict-1.23.16-6.noarch.rpm > selinux-policy-targeted-1.23.16-6.noarch.rpm Thanks Newbie Yukku --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 19 Policy from config file: targeted Policy booleans: NetworkManager_disable_trans inactive allow_execmem active allow_execmod active allow_execstack active allow_kerberos active allow_write_xshm inactive allow_ypbind inactive apmd_disable_trans inactive arpwatch_disable_trans inactive auditd_disable_trans inactive bluetooth_disable_trans inactive canna_disable_trans inactive cardmgr_disable_trans inactive comsat_disable_trans inactive cupsd_config_disable_trans inactive cupsd_disable_trans inactive cvs_disable_trans inactive cyrus_disable_trans inactive dbskkd_disable_trans inactive dhcpc_disable_trans inactive dhcpd_disable_trans inactive dovecot_disable_trans inactive fingerd_disable_trans inactive ftp_home_dir active ftpd_disable_trans inactive ftpd_is_daemon active hald_disable_trans inactive hotplug_disable_trans inactive howl_disable_trans inactive httpd_builtin_scripting active httpd_can_network_connect inactive httpd_disable_trans inactive httpd_enable_cgi active httpd_enable_homedirs active httpd_ssi_exec active httpd_suexec_disable_trans inactive httpd_tty_comm inactive httpd_unified active i18n_input_disable_trans inactive inetd_child_disable_trans inactive inetd_disable_trans inactive innd_disable_trans inactive kadmind_disable_trans inactive klogd_disable_trans inactive krb5kdc_disable_trans inactive ktalkd_disable_trans inactive lpd_disable_trans inactive mysqld_disable_trans inactive named_disable_trans inactive named_write_master_zones inactive nfs_export_all_ro active nfs_export_all_rw active nmbd_disable_trans inactive nscd_disable_trans inactive ntpd_disable_trans inactive portmap_disable_trans inactive postgresql_disable_trans inactive pppd_disable_trans inactive pppd_for_user inactive privoxy_disable_trans inactive ptal_disable_trans inactive radiusd_disable_trans inactive radvd_disable_trans inactive read_default_t active rlogind_disable_trans inactive rsync_disable_trans inactive samba_enable_home_dirs inactive saslauthd_disable_trans inactive slapd_disable_trans inactive smbd_disable_trans inactive snmpd_disable_trans inactive squid_connect_any inactive squid_disable_trans inactive stunnel_disable_trans inactive stunnel_is_daemon inactive syslogd_disable_trans inactive system_dbusd_disable_trans inactive telnetd_disable_trans inactive tftpd_disable_trans inactive udev_disable_trans inactive use_nfs_home_dirs inactive use_samba_home_dirs inactive uucpd_disable_trans inactive winbind_disable_trans inactive ypbind_disable_trans inactive ypserv_disable_trans inactive zebra_disable_trans inactive

17 years, 11 months

5
7
0 / 0

Re: httpd can't execute bash?

by Jouni Viikari

I have the same problem: type=AVC msg=audit(1148808793.986:30189): avc: denied { execute } for pid=18644 comm="httpd" name="bash" dev=dm-0 ino=3440979 scontext=user_u:system_r:httpd_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file Not sure which update started it. Script complaining now used to work before on FC5. # getsebool -a | grep http allow_httpd_anon_write --> off allow_httpd_sys_script_anon_write --> off httpd_builtin_scripting --> on httpd_can_network_connect --> on httpd_can_network_connect_db --> off httpd_can_network_relay --> off httpd_disable_trans --> off httpd_enable_cgi --> on httpd_enable_ftp_server --> off httpd_enable_homedirs --> on httpd_ssi_exec --> off httpd_suexec_disable_trans --> off httpd_tty_comm --> off httpd_unified --> off # rpm -qa | grep -i policy selinux-policy-targeted-2.2.40-1.fc5 checkpolicy-1.30.3-1.fc5 policycoreutils-1.30.8-1.fc5 selinux-policy-2.2.40-1.fc5 -Jouni

17 years, 11 months

2
2
0 / 0

webalizer avcs in dmesg (FC5 targeted)

by dragoran

I found tons of such errors in my logs: audit(1148908532.047:300): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:301): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:302): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:303): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:304): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:305): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:306): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:307): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:308): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:309): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:310): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:311): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:312): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket audit(1148908532.047:313): avc: denied { create } for pid=3924 comm="webalizer" scontext=system_u:system_r:webalizer_t:s0 tcontext=system_u:system_r:webalizer_t:s0 tclass=netlink_route_socket whats wrong here? known bug or new one? should I fill it in bugzilla? I am using selinux-policy-targeted-2.2.40-1.fc5 on FC5 x86_64.

17 years, 11 months

2
1
0 / 0

automount borked ...

by Tom London

Running latest rawhide, targeted/enforcing. Lots of AVC from automount: type=AVC msg=audit(1148751437.978:7): avc: denied { search } for pid=2042 comm="automount" name="irq" dev=proc ino=-268435217 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.978:7): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.978:7): cwd="/" type=PATH msg=audit(1148751437.978:7): item=0 name="/proc/irq/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.982:8): avc: denied { search } for pid=2042 comm="automount" name="net" dev=proc ino=-268435432 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.982:8): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.982:8): cwd="/" type=PATH msg=audit(1148751437.982:8): item=0 name="/proc/net/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.982:9): avc: denied { search } for pid=2042 comm="automount" name="1" dev=proc ino=65538 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.982:9): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.982:9): cwd="/" type=PATH msg=audit(1148751437.982:9): item=0 name="/proc/1/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.982:10): avc: denied { search } for pid=2042 comm="automount" name="2" dev=proc ino=131074 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.982:10): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.982:10): cwd="/" type=PATH msg=audit(1148751437.982:10): item=0 name="/proc/2/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.986:11): avc: denied { search } for pid=2042 comm="automount" name="3" dev=proc ino=196610 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.986:11): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.986:11): cwd="/" type=PATH msg=audit(1148751437.986:11): item=0 name="/proc/3/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.986:12): avc: denied { search } for pid=2042 comm="automount" name="4" dev=proc ino=262146 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.986:12): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.986:12): cwd="/" type=PATH msg=audit(1148751437.986:12): item=0 name="/proc/4/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.986:13): avc: denied { search } for pid=2042 comm="automount" name="5" dev=proc ino=327682 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.986:13): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.986:13): cwd="/" type=PATH msg=audit(1148751437.986:13): item=0 name="/proc/5/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.986:14): avc: denied { search } for pid=2042 comm="automount" name="6" dev=proc ino=393218 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.986:14): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.986:14): cwd="/" type=PATH msg=audit(1148751437.986:14): item=0 name="/proc/6/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.986:15): avc: denied { search } for pid=2042 comm="automount" name="7" dev=proc ino=458754 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.986:15): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.986:15): cwd="/" type=PATH msg=audit(1148751437.986:15): item=0 name="/proc/7/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.986:16): avc: denied { search } for pid=2042 comm="automount" name="9" dev=proc ino=589826 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.986:16): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.986:16): cwd="/" type=PATH msg=audit(1148751437.986:16): item=0 name="/proc/9/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.986:17): avc: denied { search } for pid=2042 comm="automount" name="10" dev=proc ino=655362 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.986:17): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.986:17): cwd="/" type=PATH msg=audit(1148751437.986:17): item=0 name="/proc/10/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.986:18): avc: denied { search } for pid=2042 comm="automount" name="118" dev=proc ino=7733250 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.986:18): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.986:18): cwd="/" type=PATH msg=audit(1148751437.986:18): item=0 name="/proc/118/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.990:19): avc: denied { search } for pid=2042 comm="automount" name="120" dev=proc ino=7864322 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.990:19): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.990:19): cwd="/" type=PATH msg=audit(1148751437.990:19): item=0 name="/proc/120/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.990:20): avc: denied { search } for pid=2042 comm="automount" name="174" dev=proc ino=11403266 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.990:20): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.990:20): cwd="/" type=PATH msg=audit(1148751437.990:20): item=0 name="/proc/174/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.990:21): avc: denied { search } for pid=2042 comm="automount" name="175" dev=proc ino=11468802 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.990:21): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.990:21): cwd="/" type=PATH msg=audit(1148751437.990:21): item=0 name="/proc/175/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.990:22): avc: denied { search } for pid=2042 comm="automount" name="176" dev=proc ino=11534338 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.990:22): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.990:22): cwd="/" type=PATH msg=audit(1148751437.990:22): item=0 name="/proc/176/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.990:23): avc: denied { search } for pid=2042 comm="automount" name="177" dev=proc ino=11599874 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.990:23): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.990:23): cwd="/" type=PATH msg=audit(1148751437.990:23): item=0 name="/proc/177/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.990:24): avc: denied { search } for pid=2042 comm="automount" name="323" dev=proc ino=21168130 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.990:24): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.990:24): cwd="/" type=PATH msg=audit(1148751437.990:24): item=0 name="/proc/323/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.990:25): avc: denied { search } for pid=2042 comm="automount" name="334" dev=proc ino=21889026 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.990:25): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.990:25): cwd="/" type=PATH msg=audit(1148751437.990:25): item=0 name="/proc/334/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.990:26): avc: denied { search } for pid=2042 comm="automount" name="355" dev=proc ino=23265282 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.990:26): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.990:26): cwd="/" type=PATH msg=audit(1148751437.990:26): item=0 name="/proc/355/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.990:27): avc: denied { search } for pid=2042 comm="automount" name="360" dev=proc ino=23592962 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.990:27): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.990:27): cwd="/" type=PATH msg=audit(1148751437.990:27): item=0 name="/proc/360/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.994:28): avc: denied { search } for pid=2042 comm="automount" name="374" dev=proc ino=24510466 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.994:28): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.994:28): cwd="/" type=PATH msg=audit(1148751437.994:28): item=0 name="/proc/374/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.994:29): avc: denied { search } for pid=2042 comm="automount" name="393" dev=proc ino=25755650 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.994:29): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.994:29): cwd="/" type=PATH msg=audit(1148751437.994:29): item=0 name="/proc/393/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.994:30): avc: denied { search } for pid=2042 comm="automount" name="403" dev=proc ino=26411010 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.994:30): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.994:30): cwd="/" type=PATH msg=audit(1148751437.994:30): item=0 name="/proc/403/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.994:31): avc: denied { search } for pid=2042 comm="automount" name="474" dev=proc ino=31064066 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:udev_t:s0-s0:c0.c255 tclass=dir type=SYSCALL msg=audit(1148751437.994:31): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.994:31): cwd="/" type=PATH msg=audit(1148751437.994:31): item=0 name="/proc/474/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.994:32): avc: denied { search } for pid=2042 comm="automount" name="852" dev=proc ino=55836674 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.994:32): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.994:32): cwd="/" type=PATH msg=audit(1148751437.994:32): item=0 name="/proc/852/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.994:33): avc: denied { search } for pid=2042 comm="automount" name="1358" dev=proc ino=88997890 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.994:33): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.994:33): cwd="/" type=PATH msg=audit(1148751437.994:33): item=0 name="/proc/1358/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.994:34): avc: denied { search } for pid=2042 comm="automount" name="1420" dev=proc ino=93061122 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.994:34): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.994:34): cwd="/" type=PATH msg=audit(1148751437.994:34): item=0 name="/proc/1420/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.994:35): avc: denied { search } for pid=2042 comm="automount" name="1455" dev=proc ino=95354882 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.994:35): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.994:35): cwd="/" type=PATH msg=audit(1148751437.994:35): item=0 name="/proc/1455/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.994:36): avc: denied { search } for pid=2042 comm="automount" name="1474" dev=proc ino=96600066 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:cpuspeed_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.994:36): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.994:36): cwd="/" type=PATH msg=audit(1148751437.994:36): item=0 name="/proc/1474/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.998:37): avc: denied { search } for pid=2042 comm="automount" name="1769" dev=proc ino=115933186 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:dhcpc_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.998:37): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.998:37): cwd="/" type=PATH msg=audit(1148751437.998:37): item=0 name="/proc/1769/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.998:38): avc: denied { search } for pid=2042 comm="automount" name="1816" dev=proc ino=119013378 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:auditd_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.998:38): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.998:38): cwd="/" type=PATH msg=audit(1148751437.998:38): item=0 name="/proc/1816/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.998:39): avc: denied { search } for pid=2042 comm="automount" name="1818" dev=proc ino=119144450 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.998:39): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.998:39): cwd="/" type=PATH msg=audit(1148751437.998:39): item=0 name="/proc/1818/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.998:40): avc: denied { search } for pid=2042 comm="automount" name="1831" dev=proc ino=119996418 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:setrans_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.998:40): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.998:40): cwd="/" type=PATH msg=audit(1148751437.998:40): item=0 name="/proc/1831/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.998:41): avc: denied { search } for pid=2042 comm="automount" name="1840" dev=proc ino=120586242 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:syslogd_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.998:41): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.998:41): cwd="/" type=PATH msg=audit(1148751437.998:41): item=0 name="/proc/1840/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.998:42): avc: denied { search } for pid=2042 comm="automount" name="1843" dev=proc ino=120782850 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:klogd_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.998:42): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.998:42): cwd="/" type=PATH msg=audit(1148751437.998:42): item=0 name="/proc/1843/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.998:43): avc: denied { search } for pid=2042 comm="automount" name="1867" dev=proc ino=122355714 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:portmap_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.998:43): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.998:43): cwd="/" type=PATH msg=audit(1148751437.998:43): item=0 name="/proc/1867/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.998:44): avc: denied { search } for pid=2042 comm="automount" name="1886" dev=proc ino=123600898 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.998:44): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.998:44): cwd="/" type=PATH msg=audit(1148751437.998:44): item=0 name="/proc/1886/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751437.998:45): avc: denied { search } for pid=2042 comm="automount" name="1915" dev=proc ino=125501442 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:rpcd_t:s0 tclass=dir type=SYSCALL msg=audit(1148751437.998:45): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751437.998:45): cwd="/" type=PATH msg=audit(1148751437.998:45): item=0 name="/proc/1915/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751438.002:46): avc: denied { search } for pid=2042 comm="automount" name="1954" dev=proc ino=128057346 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=dir type=SYSCALL msg=audit(1148751438.002:46): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751438.002:46): cwd="/" type=PATH msg=audit(1148751438.002:46): item=0 name="/proc/1954/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751438.002:47): avc: denied { search } for pid=2042 comm="automount" name="1955" dev=proc ino=128122882 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=dir type=SYSCALL msg=audit(1148751438.002:47): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751438.002:47): cwd="/" type=PATH msg=audit(1148751438.002:47): item=0 name="/proc/1955/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751438.002:48): avc: denied { search } for pid=2042 comm="automount" name="1956" dev=proc ino=128188418 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=dir type=SYSCALL msg=audit(1148751438.002:48): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751438.002:48): cwd="/" type=PATH msg=audit(1148751438.002:48): item=0 name="/proc/1956/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751438.002:49): avc: denied { search } for pid=2042 comm="automount" name="1967" dev=proc ino=128909314 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=dir type=SYSCALL msg=audit(1148751438.002:49): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751438.002:49): cwd="/" type=PATH msg=audit(1148751438.002:49): item=0 name="/proc/1967/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751438.002:50): avc: denied { search } for pid=2042 comm="automount" name="1968" dev=proc ino=128974850 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=dir type=SYSCALL msg=audit(1148751438.002:50): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751438.002:50): cwd="/" type=PATH msg=audit(1148751438.002:50): item=0 name="/proc/1968/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751438.002:51): avc: denied { search } for pid=2042 comm="automount" name="1969" dev=proc ino=129040386 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=dir type=SYSCALL msg=audit(1148751438.002:51): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751438.002:51): cwd="/" type=PATH msg=audit(1148751438.002:51): item=0 name="/proc/1969/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751438.002:52): avc: denied { search } for pid=2042 comm="automount" name="1989" dev=proc ino=130351106 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0 tclass=dir type=SYSCALL msg=audit(1148751438.002:52): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751438.002:52): cwd="/" type=PATH msg=audit(1148751438.002:52): item=0 name="/proc/1989/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751438.002:53): avc: denied { search } for pid=2042 comm="automount" name="2030" dev=proc ino=133038082 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:bluetooth_t:s0 tclass=dir type=SYSCALL msg=audit(1148751438.002:53): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751438.002:53): cwd="/" type=PATH msg=audit(1148751438.002:53): item=0 name="/proc/2030/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751438.002:54): avc: denied { search } for pid=2042 comm="automount" name="2038" dev=proc ino=133562370 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=dir type=SYSCALL msg=audit(1148751438.002:54): arch=40000003 syscall=5 success=no exit=-13 a0=bffb4fe8 a1=0 a2=1b6 a3=848f290 items=1 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751438.002:54): cwd="/" type=PATH msg=audit(1148751438.002:54): item=0 name="/proc/2038/cmdline" obj=system_u:object_r:proc_t:s0 type=AVC msg=audit(1148751438.006:55): avc: denied { setrlimit } for pid=2042 comm="automount" scontext=system_u:system_r:automount_t:s0 tcontext=system_u:system_r:automount_t:s0 tclass=process type=SYSCALL msg=audit(1148751438.006:55): arch=40000003 syscall=75 success=no exit=-13 a0=7 a1=bffb3fd8 a2=23fff4 a3=bffb3fd8 items=0 pid=2042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=AVC msg=audit(1148751438.006:56): avc: denied { execute } for pid=2047 comm="automount" name="modprobe" dev=dm-0 ino=2687107 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file type=SYSCALL msg=audit(1148751438.006:56): arch=40000003 syscall=11 success=no exit=-13 a0=dc1fdf a1=bffb2e80 a2=848d1e8 a3=dc1fdf items=1 pid=2047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="automount" exe="/usr/sbin/automount" subj=system_u:system_r:automount_t:s0 type=CWD msg=audit(1148751438.006:56): cwd="/" type=PATH msg=audit(1148751438.006:56): item=0 name="/sbin/modprobe" inode=2687107 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:insmod_exec_t:s0 -- Tom London

17 years, 11 months

1
0
0 / 0

Really wierd 'more' interaction with 'newrole' and stderr...

by Valdis.Kletnieks＠vt.edu

OK.. .running Rawhide as of this morning, strict policy in permissive mode - so selinux *shouldn't* kill anything off. I start off as a user, and then 'su' to root. I'm running with: # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=valdis:staff_r:staff_t # ls -lZ `tty` crw------- valdis valdis valdis:object_r:staff_devpts_t /dev/pts/0 If I do 'more /etc/passwd /etc/group', it works fine (any two files is OK, or any single file over 1 screen long). Then I 'newrole -r sysadm_r'.. # id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=valdis:sysadm_r:sysadm_t # ls -lZ `tty` crw------- valdis valdis valdis:object_r:sysadm_devpts_t /dev/pts/0 Now if I try to 'more' anything that's more than one screen, it just silently exits after the first screen/file/etc. Some poking with strace indicates that when it fails, we have this: getcwd("/home/valdis", 4098) = 13 write(1, "\33[7m--More--(Next file: /etc/gro"..., 40)) = 40 read(2, 0xbfa266c7, 1) = -1 EBADF (Bad file descriptor) ioctl(2, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon echo ...}) = 0 ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0) = 4 exit_group(0) = ? while the working case has: getcwd("/home/valdis", 4098) = 13 write(1, "\33[7m--More--(Next file: /etc/gro"..., 40)) = 40 read(2, "\n", 1) = 1 The problem is in newrole.c, where we do this: fd = open(ttyn,O_WRONLY); to open fd2. Now, should this be fixed to O_RDWR, or should 'more' be fixed to read off stdin rather than stderr?

17 years, 11 months

3
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux May 2006