Re: fedora-selinux-list Digest, Vol 26, Issue 32
by John Griffiths
fedora-selinux-list-request(a)redhat.com wrote:
>
> Subject:
> Error running ffmpeg due to permission denied on library
> From:
> "Robert Foster" <rfoster(a)mountainvisions.com.au>
> Date:
> Thu, 27 Apr 2006 12:41:09 +1000
> To:
> <fedora-selinux-list(a)redhat.com>
>
> To:
> <fedora-selinux-list(a)redhat.com>
>
>
> Hi,
> I'm trying to get ffmpeg working for Gallery2 on FC5, and getting the
> following error (from the debug message via Gallery):
>
> Executing: ( "/usr/bin/ffmpeg" "-h" )
> 2>/MV/webs/Repository/gallery/tmp/g2dbgitTQYC
> file_exists(/MV/webs/Repository/gallery/tmp/g2dbgitTQYC)
> filesize(/MV/webs/Repository/gallery/tmp/g2dbgitTQYC)
> fopen(/MV/webs/Repository/gallery/tmp/g2dbgitTQYC, r, 0)
> feof(Resource id #108)
> fgets(Resource id #108, 4096)
> feof(Resource id #108)
> fgets(Resource id #108, 4096)
> feof(Resource id #108)
> fclose(Resource id #108)
> unlink(/MV/webs/Repository/gallery/tmp/g2dbgitTQYC)
> Regular Output:
> Error Output:
> /usr/bin/ffmpeg: error while loading shared libraries: libavcodec.so.51:
> cannot enable executable stack as shared object requires: Permission
> denied
> Status: 127 (expected 0)
> A quick look in /usr/lib reveals:
>
> -rwxr-xr-x root root system_u:object_r:textrel_shlib_t
> /usr/lib/libavcodec-CVS.so
> lrwxrwxrwx root root system_u:object_r:lib_t
> /usr/lib/libavcodec.so -> libavcodec-CVS.so
> lrwxrwxrwx root root
> system_u:object_r:lib_t /usr/lib/libavcodec.so.51 ->
> libavcodec-CVS.so
>
>
> /var/log/audit/audit.log shows:
>
> type=SYSCALL msg=audit(1146010953.133:45163): arch=40000003
> syscall=125 success=no exit=-13 a0=bfc5b000 a1=1000 a2=1000007
> a3=fffff000 items=0 pid=25005 auid=1000 uid=48 gid=48 euid=48 suid=48
> fsuid=48 egid=48 sgid=48 fsgid=48 comm="ffmpeg" exe="/usr/bin/ffmpeg"
> type=AVC msg=audit(1146010953.141:45164): avc: denied { execstack }
> for pid=25007 comm="ffmpeg"
> scontext=user_u:system_r:httpd_sys_script_t:s0
> tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=process
> type=SYSCALL msg=audit(1146010953.141:45164): arch=40000003
> syscall=125 success=no exit=-13 a0=bf9e8000 a1=1000 a2=1000007
> a3=fffff000 items=0 pid=25007 auid=1000 uid=48 gid=48 euid=48 suid=48
> fsuid=48 egid=48 sgid=48 fsgid=48 comm="ffmpeg" exe="/usr/bin/ffmpeg"
> type=AVC msg=audit(1146010953.213:45165): avc: denied { execstack }
> for pid=25009 comm="ffmpeg"
> scontext=user_u:system_r:httpd_sys_script_t:s0
> tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=process
> type=SYSCALL msg=audit(1146010953.213:45165): arch=40000003
> syscall=125 success=no exit=-13 a0=bfbe6000 a1=1000 a2=1000007
> a3=fffff000 items=0 pid=25009 auid=1000 uid=48 gid=48 euid=48 suid=48
> fsuid=48 egid=48 sgid=48 fsgid=48 comm="ffmpeg" exe="/usr/bin/ffmpeg"
> type=AVC msg=audit(1146010953.221:45166): avc: denied { execstack }
> for pid=25011 comm="ffmpeg"
> scontext=user_u:system_r:httpd_sys_script_t:s0
> tcontext=user_u:system_r:httpd_sys_script_t:s0 tclass=process
> type=SYSCALL msg=audit(1146010953.221:45166): arch=40000003
> syscall=125 success=no exit=-13 a0=bf89b000 a1=1000 a2=1000007
> a3=fffff000 items=0 pid=25011 auid=1000 uid=48 gid=48 euid=48 suid=48
> fsuid=48 egid=48 sgid=48 fsgid=48 comm="ffmpeg" exe="/usr/bin/ffmpeg"
> when I run the page producing the error output.
>
> I tried to set the allow_execstack boolean but it didn't make any
> difference.
>
> I'm out of ideas on this one - any help appreciated :)
>
> Robert Foster
> General Manager
> Mountain Visions P/L http://mountainvisions.com.au
> <http://mountainvisions.com.au/>
> Mobile: 0418 131 065
>
I had the same problem when using Kino which also uses ffmpeg. Here is
what I did and it works.
execstack -c /usr/lib/libmp3lame.so.0
execstack -c /usr/lib/libxvidcore.so.4
chcon -t textrel_shlib_t /usr/lib/libavformat.so.50
chcon -t textrel_shlib_t /usr/lib/libavutil.so.49
chcon -t textrel_shlib_t /usr/lib/libavcodec.so.51
This also takes care of the problem with lame-3.96.1-10.rhfc5.at,
libxvidcore4-1.1.0-8.rhfc5.at,
libavformat50-0.4.9-14_cvs20060301.rhfc5.at,
libavutil49-0.4.9-14_cvs20060301.rhfc5.at, and
libavcodec51-0.4.9-14_cvs20060301.rhfc5.at.
Regards,
John
17 years, 12 months
mock and SELinux
by Paul Howarth
I've written up my workaround for getting mock to work under SELinux at:
http://fedoraproject.org/wiki/Extras/MockTricks (the bottom half of the
page). It'd be nice if some people more knowledgeable than myself would
give it a once-over to make sure I'm not talking complete nonsense... :-)
Cheers, Paul.
17 years, 12 months
Problem with SELinux and Postfix (sending from Python scripts)
by Jeff Coffler
Hi folks,
I found this link that had a similar (but not identical) problem:
http://www.redhat.com/archives/fedora-selinux-list/2004-December/msg00033...
O/S: Fedora Core5
Mail server: Postfix
SELinux: Enabled.
Basically, the problem is this. When I try to send E-Mail from a Python
script, Postfix fails. In the maillog file, I see:
Apr 24 13:53:57 miffy postfix/pickup[29094]: warning: maildrop/2104D276B2A:
Permission denied
In messages, I see:
Apr 24 13:57:58 miffy kernel: audit(1145912278.348:688): avc: denied {
getattr } for pid=29094 comm="pickup" name="2104D276B2A" dev=sda3
ino=2583338 scontext=root:system_r:postfix_pickup_t:s0
tcontext=root:object_r:postfix_spool_t:s0 tclass=file
If I set SELinux to permissive mode, it works fine.
Is this an SELinux policy problem? How can I go about fixing this? I'd
prefer to run with SELinux enabled ...
Thanks!
-- Jeff
17 years, 12 months
RE: [ANN] Setools-2.4
by Kevin Carr
> On Tue, 2006-05-02 at 15:28 -0400, Kevin Carr wrote:
> > A new version of setools is available on the Tresys website.
> > http://www.tresys.com/selinux/
> >
> > Change-Log
> > ==========
> > apol: File contexts tab now allows for MLS range searching if the
loaded
> > database is from a MLS filesystem. Policy statistics dialog now
> > shows MLS and ocontexts summaries.
> >
> > libapol: Added support for loading base policies containing
optionals.
> > Added support for searching range transitions containing attributes.
> >
> > libseaudit: Bugfix to support parsing FC5-style audit logs.
>
> Curious: Is FC5 style different from a standard one?
This was nothing substantial, just a bug that showed up in the parser.
Kevin Carr
Tresys Technology
410.290.1411 x137
17 years, 12 months
Problems with clamav and httpd
by Robert Foster
Hi all,
Been playing with docmgr (http://docmgr.sourceforge.net) and discovered that
when uploading a file, it fails because clamav can't scan the uploaded
content. Audit log contains the following relevant lines:
type=AVC msg=audit(1146659861.108:221013): avc: denied { read } for
pid=15887 comm="clamscan" name="clamav" dev=dm-3 ino=2593916
scontext=user_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:var_lib_t:s0 tclass=dir
type=SYSCALL msg=audit(1146659861.108:221013): arch=40000003 syscall=5
success=no exit=-13 a0=9de85b8 a1=18800 a2=26f120 a3=9de8008 items=1
pid=15887 auid=1000 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 comm="clamscan" exe="/usr/bin/clamscan"
type=CWD msg=audit(1146659861.108:221013): cwd="/MV/webs/project/html/doc"
type=PATH msg=audit(1146659861.108:221013): item=0 name="/var/lib/clamav"
flags=103 inode=2593916 dev=fd:03 mode=040755 ouid=100 ogid=101 rdev=00:00
I've also setsebool -P on allow_execstack and allow_httpd_anon_write amongst
others, and the relevant directories have the following context to allow
httpd and samba to play nice together:
user_u:object_r:public_content_rw_t
Anyone able to shed some light on this?
Other (maybe) relevant info:
# ls -alZ /var/lib/clamav/
drwxr-xr-x clamav clamav system_u:object_r:var_lib_t .
drwxr-xr-x root root system_u:object_r:var_lib_t ..
-rw-r--r-- clamav clamav user_u:object_r:var_lib_t daily.cvd
-rw-r--r-- clamav clamav user_u:object_r:var_lib_t
daily.cvd.rpmsave
drwx------ clamav clamav system_u:object_r:var_lib_t Maildir
-rw-r--r-- clamav clamav system_u:object_r:var_lib_t main.cvd
-rw-r--r-- clamav clamav user_u:object_r:var_lib_t
main.cvd.rpmsave
# ls -alZ /MV/webs/project/html/doc
drwsrws--x apache apache user_u:object_r:public_content_rw_t .
drwsrws--x apache apache system_u:object_r:public_content_rw_t ..
drwsrws--x apache apache user_u:object_r:public_content_rw_t app
drwsrws--x apache apache user_u:object_r:public_content_rw_t auth
drwsrws--x apache apache user_u:object_r:public_content_rw_t bin
drwsrws--x apache apache user_u:object_r:public_content_rw_t config
drwsrws--x apache apache user_u:object_r:public_content_rw_t DOCS
drwsrws--x apache apache user_u:object_r:public_content_rw_t fckeditor
drwsrws--x apache apache user_u:object_r:public_content_rw_t files
drwsrws--x apache apache user_u:object_r:public_content_rw_t header
drwsrws--x apache apache user_u:object_r:public_content_rw_t include
-rwxrwx--x apache apache user_u:object_r:public_content_rw_t index.php
drwsrws--x apache apache user_u:object_r:public_content_rw_t javascript
drwsrws--x apache apache user_u:object_r:public_content_rw_t lang
drwsrws--x apache apache user_u:object_r:public_content_rw_t modules
drwsrws--x apache apache user_u:object_r:public_content_rw_t scripts
drwsrws--x apache apache user_u:object_r:public_content_rw_t themes
drwsrws--x apache apache user_u:object_r:public_content_rw_t webdav
It also seems that docmgr is calling clamscan on a temp file found in /tmp.
But I haven't been able to confirm the context of the target file as yet.
Thanks,
Robert Foster
17 years, 12 months
HOWTO: kdebluetooth with SELinux on FC5
by Charles-Edouard Ruault
Hi all,
for those who are interested, after struggling to get kdebluetooth to
work on my FC5 with SELinux targetted policy i've published a HOWTO at
the following address: http://www.ruault.com/kdebluetooth/
Feel free to let me know if i've missed something or if it can be improved.
Regards.
--
Charles-Edouard Ruault
GPG key Id E4D2B80C
17 years, 12 months
[ANN] Setools-2.4
by Kevin Carr
A new version of setools is available on the Tresys website.
http://www.tresys.com/selinux/
Change-Log
==========
apol: File contexts tab now allows for MLS range searching if the loaded
database is from a MLS filesystem. Policy statistics dialog now
shows MLS and ocontexts summaries.
libapol: Added support for loading base policies containing optionals.
Added support for searching range transitions containing attributes.
libseaudit: Bugfix to support parsing FC5-style audit logs.
seaudit: Added date filters.
secmds: Added support to indexcon and searchcon for MLS filesytems.
Added support to findcon and replcon for MLS filesystems.
sechecker: Added incomplete network access (inc_net_access) module.
Added unreachable domains (unreachable_doms) module. Added impossible
range transitions (imp_range_trans) module.
sesearch: Allow user to search range transitions by attributes and
indirect matching. Added RBAC searching.
Kevin Carr
Tresys Technology
410.290.1411 x137
17 years, 12 months
Firefox/Flash printing
by Ted Rule
On my - admittedly FC4 - system, I've had a problem recently printing
from various Flash pages on certain websites. This is with the
combination of:
Flash 7.0.63
Firefox 1.0.8
selinux-policy-strict-1.27.1-2.27
An example of the problem is to be found here ( build the jigsaw an
print it out):
http://www.bbc.co.uk/cbeebies/funandgames/jigsaw.shtml
( Yes, fixing the problem was prompted by my desire not to let 4-year
olds have to know how to temporarily set SELinux to permissive just so
as to print out their games results! )
After some burrowing around with policy tweaks and enableaudit, the
minimum extra policy I had to allow was this:
allow user_mozilla_t cupsd_t:dir { getattr search };
allow user_mozilla_t cupsd_t:file { read };
( i.e. let mozilla plugins read /proc/xxx for the cups daemon process )
With enableaudit in place, it seems that the Flash plugin seems to
invoke a very verbose call to "ps". This, in turn, leads to lots of
denial messages as SELinux stops the plugin from seeing /proc/xxx for
all the system processes. The fixup seems to be to allow Flash to read
status and cmdline for the cupsd process itself; once it has found that
process, the existing print/lpr permissions for user_mozilla_t seem to
be enough to allow it to proceed. This still leaves a flood of denial
messages, but at least the printer works.
My suspicion is that the plugin decodes the output of something like "ps
axww" to determine the flavour of the local print server. Since the
plugin is probably designed to run on a number of platforms, it
presumably has to dynamically probe for the print processor type.
Given what I see, it would not surprise me that this behaviour exists in
some sort of generic print-API within Flash, and hence the problem may
be reasonably widespread on "Flashy" websites.
Can anyone confirm/deny whether this permission exists in the FC5 strict
and/or targeted policies?
Sample enableaudit trace of a print Job invocation - with my patch set
to auditallow:
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2567): avc:
denied { getattr } for pid=4883 comm="ps" name="1" dev=proc ino=65538
scontext=user_u:user_r:user_mozilla_t tcontext=system_u:system_r:init_t
tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2568): avc:
denied { getattr } for pid=4883 comm="ps" name="2" dev=proc ino=131074
scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2569): avc:
denied { getattr } for pid=4883 comm="ps" name="3" dev=proc ino=196610
scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2570): avc:
denied { getattr } for pid=4883 comm="ps" name="4" dev=proc ino=262146
scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2571): avc:
denied { getattr } for pid=4883 comm="ps" name="5" dev=proc ino=327682
scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2572): avc:
denied { getattr } for pid=4883 comm="ps" name="9" dev=proc ino=589826
scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2573): avc:
denied { getattr } for pid=4883 comm="ps" name="10" dev=proc
ino=655362 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2574): avc:
denied { getattr } for pid=4883 comm="ps" name="242" dev=proc
ino=15859714 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2575): avc:
denied { getattr } for pid=4883 comm="ps" name="296" dev=proc
ino=19398658 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2576): avc:
denied { getattr } for pid=4883 comm="ps" name="297" dev=proc
ino=19464194 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2577): avc:
denied { getattr } for pid=4883 comm="ps" name="299" dev=proc
ino=19595266 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2578): avc:
denied { getattr } for pid=4883 comm="ps" name="298" dev=proc
ino=19529730 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.469:2579): avc:
denied { getattr } for pid=4883 comm="ps" name="386" dev=proc
ino=25296898 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2580): avc:
denied { getattr } for pid=4883 comm="ps" name="466" dev=proc
ino=30539778 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2581): avc:
denied { getattr } for pid=4883 comm="ps" name="485" dev=proc
ino=31784962 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2582): avc:
denied { getattr } for pid=4883 comm="ps" name="539" dev=proc
ino=35323906 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2583): avc:
denied { getattr } for pid=4883 comm="ps" name="681" dev=proc
ino=44630018 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:udev_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2584): avc:
denied { getattr } for pid=4883 comm="ps" name="1212" dev=proc
ino=79429634 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2585): avc:
denied { getattr } for pid=4883 comm="ps" name="1213" dev=proc
ino=79495170 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2586): avc:
denied { getattr } for pid=4883 comm="ps" name="1655" dev=proc
ino=108462082 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2587): avc:
denied { getattr } for pid=4883 comm="ps" name="1658" dev=proc
ino=108658690 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2588): avc:
denied { getattr } for pid=4883 comm="ps" name="1661" dev=proc
ino=108855298 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2589): avc:
denied { getattr } for pid=4883 comm="ps" name="1664" dev=proc
ino=109051906 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2590): avc:
denied { getattr } for pid=4883 comm="ps" name="1667" dev=proc
ino=109248514 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2591): avc:
denied { getattr } for pid=4883 comm="ps" name="2103" dev=proc
ino=137822210 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:syslogd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2592): avc:
denied { getattr } for pid=4883 comm="ps" name="2239" dev=proc
ino=146735106 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:automount_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2593): avc:
denied { getattr } for pid=4883 comm="ps" name="2253" dev=proc
ino=147652610 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:fsdaemon_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2594): avc:
denied { getattr } for pid=4883 comm="ps" name="2261" dev=proc
ino=148176898 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:apmd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2595): avc:
denied { getattr } for pid=4883 comm="ps" name="2269" dev=proc
ino=148701186 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:hplip_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2596): avc:
denied { getattr } for pid=4883 comm="ps" name="2273" dev=proc
ino=148963330 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:hplip_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2597): avc:
granted { getattr } for pid=4883 comm="ps" name="2284" dev=proc
ino=149684226 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:cupsd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2598): avc:
granted { search } for pid=4883 comm="ps" name="2284" dev=proc
ino=149684226 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:cupsd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2599): avc:
granted { read } for pid=4883 comm="ps" name="stat" dev=proc
ino=149684237 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:cupsd_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.473:2600): avc:
granted { read } for pid=4883 comm="ps" name="stat" dev=proc
ino=149684237 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:cupsd_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2601): avc:
granted { search } for pid=4883 comm="ps" name="2284" dev=proc
ino=149684226 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:cupsd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2602): avc:
granted { read } for pid=4883 comm="ps" name="status" dev=proc
ino=149684228 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:cupsd_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2603): avc:
granted { read } for pid=4883 comm="ps" name="status" dev=proc
ino=149684228 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:cupsd_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2604): avc:
granted { search } for pid=4883 comm="ps" name="2284" dev=proc
ino=149684226 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:cupsd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2605): avc:
granted { read } for pid=4883 comm="ps" name="cmdline" dev=proc
ino=149684236 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:cupsd_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2606): avc:
granted { read } for pid=4883 comm="ps" name="cmdline" dev=proc
ino=149684236 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:cupsd_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2607): avc:
denied { getattr } for pid=4883 comm="ps" name="2341" dev=proc
ino=153419778 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:ntpd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2608): avc:
denied { getattr } for pid=4883 comm="ps" name="2363" dev=proc
ino=154861570 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:sendmail_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2609): avc:
denied { getattr } for pid=4883 comm="ps" name="2369" dev=proc
ino=155254786 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:sendmail_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2610): avc:
denied { getattr } for pid=4883 comm="ps" name="2379" dev=proc
ino=155910146 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:sendmail_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2611): avc:
denied { getattr } for pid=4883 comm="ps" name="2390" dev=proc
ino=156631042 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:spamd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2612): avc:
denied { getattr } for pid=4883 comm="ps" name="2399" dev=proc
ino=157220866 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:gpm_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2613): avc:
denied { getattr } for pid=4883 comm="ps" name="2407" dev=proc
ino=157745154 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2614): avc:
denied { getattr } for pid=4883 comm="ps" name="2419" dev=proc
ino=158531586 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:spamd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2615): avc:
denied { getattr } for pid=4883 comm="ps" name="2420" dev=proc
ino=158597122 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:spamd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2616): avc:
denied { getattr } for pid=4883 comm="ps" name="2421" dev=proc
ino=158662658 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:spamd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.477:2617): avc:
denied { getattr } for pid=4883 comm="ps" name="2422" dev=proc
ino=158728194 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:spamd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2618): avc:
denied { getattr } for pid=4883 comm="ps" name="2423" dev=proc
ino=158793730 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:spamd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2619): avc:
denied { getattr } for pid=4883 comm="ps" name="2441" dev=proc
ino=159973378 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:xfs_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2620): avc:
denied { getattr } for pid=4883 comm="ps" name="2449" dev=proc
ino=160497666 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:smbd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2621): avc:
denied { getattr } for pid=4883 comm="ps" name="2451" dev=proc
ino=160628738 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:smbd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2622): avc:
denied { getattr } for pid=4883 comm="ps" name="2452" dev=proc
ino=160694274 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:nmbd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2623): avc:
denied { getattr } for pid=4883 comm="ps" name="2468" dev=proc
ino=161742850 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2624): avc:
denied { getattr } for pid=4883 comm="ps" name="2484" dev=proc
ino=162791426 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:system_dbusd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2625): avc:
denied { getattr } for pid=4883 comm="ps" name="2496" dev=proc
ino=163577858 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:cupsd_config_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2626): avc:
denied { getattr } for pid=4883 comm="ps" name="2505" dev=proc
ino=164167682 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:hald_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2627): avc:
denied { getattr } for pid=4883 comm="ps" name="2510" dev=proc
ino=164495362 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:hald_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2628): avc:
denied { getattr } for pid=4883 comm="ps" name="2518" dev=proc
ino=165019650 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:hald_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2629): avc:
denied { getattr } for pid=4883 comm="ps" name="2520" dev=proc
ino=165150722 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:hald_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2630): avc:
denied { getattr } for pid=4883 comm="ps" name="2526" dev=proc
ino=165543938 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:hald_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2631): avc:
denied { getattr } for pid=4883 comm="ps" name="2538" dev=proc
ino=166330370 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:kernel_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2632): avc:
denied { getattr } for pid=4883 comm="ps" name="2542" dev=proc
ino=166592514 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:hald_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2633): avc:
denied { getattr } for pid=4883 comm="ps" name="2581" dev=proc
ino=169148418 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:mdadm_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2634): avc:
denied { getattr } for pid=4883 comm="ps" name="2588" dev=proc
ino=169607170 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:getty_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2635): avc:
denied { getattr } for pid=4883 comm="ps" name="2589" dev=proc
ino=169672706 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:getty_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2636): avc:
denied { getattr } for pid=4883 comm="ps" name="2590" dev=proc
ino=169738242 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:getty_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2637): avc:
denied { getattr } for pid=4883 comm="ps" name="2591" dev=proc
ino=169803778 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:getty_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.481:2638): avc:
denied { getattr } for pid=4883 comm="ps" name="2592" dev=proc
ino=169869314 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:getty_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2639): avc:
denied { getattr } for pid=4883 comm="ps" name="2593" dev=proc
ino=169934850 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:getty_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2640): avc:
denied { getattr } for pid=4883 comm="ps" name="2594" dev=proc
ino=170000386 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:initrc_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2641): avc:
denied { getattr } for pid=4883 comm="ps" name="2798" dev=proc
ino=183369730 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:xdm_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2642): avc:
denied { getattr } for pid=4883 comm="ps" name="2855" dev=proc
ino=187105282 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:xdm_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2643): avc:
denied { getattr } for pid=4883 comm="ps" name="2865" dev=proc
ino=187760642 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:xdm_xserver_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2644): avc:
denied { getattr } for pid=4883 comm="ps" name="3721" dev=proc
ino=243859458 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2645): avc:
denied { getattr } for pid=4883 comm="ps" name="3723" dev=proc
ino=243990530 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2646): avc:
denied { getattr } for pid=4883 comm="ps" name="3724" dev=proc
ino=244056066 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2647): avc:
denied { getattr } for pid=4883 comm="ps" name="3726" dev=proc
ino=244187138 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2648): avc:
denied { getattr } for pid=4883 comm="ps" name="3727" dev=proc
ino=244252674 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2649): avc:
denied { getattr } for pid=4883 comm="ps" name="3728" dev=proc
ino=244318210 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2650): avc:
denied { getattr } for pid=4883 comm="ps" name="3729" dev=proc
ino=244383746 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2651): avc:
denied { getattr } for pid=4883 comm="ps" name="3730" dev=proc
ino=244449282 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2652): avc:
denied { getattr } for pid=4883 comm="ps" name="3731" dev=proc
ino=244514818 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2653): avc:
denied { getattr } for pid=4883 comm="ps" name="3754" dev=proc
ino=246022146 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2654): avc:
denied { getattr } for pid=4883 comm="ps" name="3756" dev=proc
ino=246153218 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2655): avc:
denied { getattr } for pid=4883 comm="ps" name="3760" dev=proc
ino=246415362 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2656): avc:
denied { getattr } for pid=4883 comm="ps" name="3761" dev=proc
ino=246480898 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2657): avc:
denied { getattr } for pid=4883 comm="ps" name="3763" dev=proc
ino=246611970 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2658): avc:
denied { getattr } for pid=4883 comm="ps" name="3764" dev=proc
ino=246677506 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2659): avc:
denied { getattr } for pid=4883 comm="ps" name="3765" dev=proc
ino=246743042 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.485:2660): avc:
denied { getattr } for pid=4883 comm="ps" name="3767" dev=proc
ino=246874114 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2661): avc:
denied { getattr } for pid=4883 comm="ps" name="3768" dev=proc
ino=246939650 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2662): avc:
denied { getattr } for pid=4883 comm="ps" name="3769" dev=proc
ino=247005186 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2663): avc:
denied { getattr } for pid=4883 comm="ps" name="3770" dev=proc
ino=247070722 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2664): avc:
denied { getattr } for pid=4883 comm="ps" name="3772" dev=proc
ino=247201794 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2665): avc:
denied { getattr } for pid=4883 comm="ps" name="3773" dev=proc
ino=247267330 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2666): avc:
denied { getattr } for pid=4883 comm="ps" name="3797" dev=proc
ino=248840194 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2667): avc:
denied { getattr } for pid=4883 comm="ps" name="3799" dev=proc
ino=248971266 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2668): avc:
denied { getattr } for pid=4883 comm="ps" name="3800" dev=proc
ino=249036802 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2669): avc:
denied { getattr } for pid=4883 comm="ps" name="3802" dev=proc
ino=249167874 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2670): avc:
denied { getattr } for pid=4883 comm="ps" name="3803" dev=proc
ino=249233410 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2671): avc:
denied { getattr } for pid=4883 comm="ps" name="3804" dev=proc
ino=249298946 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2672): avc:
denied { getattr } for pid=4883 comm="ps" name="3805" dev=proc
ino=249364482 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2673): avc:
denied { getattr } for pid=4883 comm="ps" name="3806" dev=proc
ino=249430018 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2674): avc:
denied { getattr } for pid=4883 comm="ps" name="3807" dev=proc
ino=249495554 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2675): avc:
denied { getattr } for pid=4883 comm="ps" name="3833" dev=proc
ino=251199490 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2676): avc:
denied { getattr } for pid=4883 comm="ps" name="3835" dev=proc
ino=251330562 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2677): avc:
denied { getattr } for pid=4883 comm="ps" name="3836" dev=proc
ino=251396098 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2678): avc:
denied { getattr } for pid=4883 comm="ps" name="3838" dev=proc
ino=251527170 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.489:2679): avc:
denied { getattr } for pid=4883 comm="ps" name="3839" dev=proc
ino=251592706 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2680): avc:
denied { getattr } for pid=4883 comm="ps" name="3840" dev=proc
ino=251658242 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2681): avc:
denied { getattr } for pid=4883 comm="ps" name="3841" dev=proc
ino=251723778 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2682): avc:
denied { getattr } for pid=4883 comm="ps" name="3842" dev=proc
ino=251789314 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2683): avc:
denied { getattr } for pid=4883 comm="ps" name="3843" dev=proc
ino=251854850 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2684): avc:
denied { getattr } for pid=4883 comm="ps" name="3866" dev=proc
ino=253362178 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2685): avc:
denied { getattr } for pid=4883 comm="ps" name="3868" dev=proc
ino=253493250 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2686): avc:
denied { getattr } for pid=4883 comm="ps" name="3869" dev=proc
ino=253558786 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2687): avc:
denied { getattr } for pid=4883 comm="ps" name="3871" dev=proc
ino=253689858 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2688): avc:
denied { getattr } for pid=4883 comm="ps" name="3872" dev=proc
ino=253755394 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2689): avc:
denied { getattr } for pid=4883 comm="ps" name="3873" dev=proc
ino=253820930 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2690): avc:
denied { getattr } for pid=4883 comm="ps" name="3874" dev=proc
ino=253886466 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2691): avc:
denied { getattr } for pid=4883 comm="ps" name="3875" dev=proc
ino=253952002 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2692): avc:
denied { getattr } for pid=4883 comm="ps" name="3876" dev=proc
ino=254017538 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2693): avc:
denied { getattr } for pid=4883 comm="ps" name="3900" dev=proc
ino=255590402 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2694): avc:
denied { getattr } for pid=4883 comm="ps" name="3902" dev=proc
ino=255721474 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2695): avc:
denied { getattr } for pid=4883 comm="ps" name="3903" dev=proc
ino=255787010 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2696): avc:
denied { getattr } for pid=4883 comm="ps" name="3905" dev=proc
ino=255918082 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2697): avc:
denied { getattr } for pid=4883 comm="ps" name="3906" dev=proc
ino=255983618 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2698): avc:
denied { getattr } for pid=4883 comm="ps" name="3907" dev=proc
ino=256049154 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2699): avc:
denied { getattr } for pid=4883 comm="ps" name="3908" dev=proc
ino=256114690 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.493:2700): avc:
denied { getattr } for pid=4883 comm="ps" name="3911" dev=proc
ino=256311298 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2701): avc:
denied { getattr } for pid=4883 comm="ps" name="3912" dev=proc
ino=256376834 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2702): avc:
denied { getattr } for pid=4883 comm="ps" name="3934" dev=proc
ino=257818626 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2703): avc:
denied { getattr } for pid=4883 comm="ps" name="3936" dev=proc
ino=257949698 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2704): avc:
denied { getattr } for pid=4883 comm="ps" name="3937" dev=proc
ino=258015234 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2705): avc:
denied { getattr } for pid=4883 comm="ps" name="3939" dev=proc
ino=258146306 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2706): avc:
denied { getattr } for pid=4883 comm="ps" name="3940" dev=proc
ino=258211842 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2707): avc:
denied { getattr } for pid=4883 comm="ps" name="3941" dev=proc
ino=258277378 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2708): avc:
denied { getattr } for pid=4883 comm="ps" name="3942" dev=proc
ino=258342914 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2709): avc:
denied { getattr } for pid=4883 comm="ps" name="3943" dev=proc
ino=258408450 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2710): avc:
denied { getattr } for pid=4883 comm="ps" name="3944" dev=proc
ino=258473986 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2711): avc:
denied { getattr } for pid=4883 comm="ps" name="3958" dev=proc
ino=259391490 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2712): avc:
denied { getattr } for pid=4883 comm="ps" name="4028" dev=proc
ino=263979010 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_ssh_agent_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2713): avc:
denied { getattr } for pid=4883 comm="ps" name="4031" dev=proc
ino=264175618 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_dbusd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2714): avc:
denied { getattr } for pid=4883 comm="ps" name="4032" dev=proc
ino=264241154 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2715): avc:
denied { getattr } for pid=4883 comm="ps" name="4039" dev=proc
ino=264699906 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_gconfd_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2716): avc:
denied { getattr } for pid=4883 comm="ps" name="4044" dev=proc
ino=265027586 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2717): avc:
denied { getattr } for pid=4883 comm="ps" name="4046" dev=proc
ino=265158658 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_bonobo_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2718): avc:
denied { getattr } for pid=4883 comm="ps" name="4048" dev=proc
ino=265289730 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2719): avc:
denied { getattr } for pid=4883 comm="ps" name="4050" dev=proc
ino=265420802 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2720): avc:
denied { getattr } for pid=4883 comm="ps" name="4052" dev=proc
ino=265551874 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2721): avc:
denied { getattr } for pid=4883 comm="ps" name="4054" dev=proc
ino=265682946 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.497:2722): avc:
denied { getattr } for pid=4883 comm="ps" name="4056" dev=proc
ino=265814018 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2723): avc:
denied { getattr } for pid=4883 comm="ps" name="4072" dev=proc
ino=266862594 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2724): avc:
denied { getattr } for pid=4883 comm="ps" name="4080" dev=proc
ino=267386882 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2725): avc:
denied { getattr } for pid=4883 comm="ps" name="4086" dev=proc
ino=267780098 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2726): avc:
denied { getattr } for pid=4883 comm="ps" name="4090" dev=proc
ino=268042242 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2727): avc:
denied { getattr } for pid=4883 comm="ps" name="4092" dev=proc
ino=268173314 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2728): avc:
denied { getattr } for pid=4883 comm="ps" name="4094" dev=proc
ino=268304386 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2729): avc:
denied { getattr } for pid=4883 comm="ps" name="4098" dev=proc
ino=268566530 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2730): avc:
denied { getattr } for pid=4883 comm="ps" name="4100" dev=proc
ino=268697602 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_evolution_alarm_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2731): avc:
denied { getattr } for pid=4883 comm="ps" name="4103" dev=proc
ino=268894210 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_gnome_vfs_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2732): avc:
denied { getattr } for pid=4883 comm="ps" name="4115" dev=proc
ino=269680642 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2733): avc:
denied { getattr } for pid=4883 comm="ps" name="4121" dev=proc
ino=270073858 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2734): avc:
denied { getattr } for pid=4883 comm="ps" name="4124" dev=proc
ino=270270466 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2735): avc:
denied { getattr } for pid=4883 comm="ps" name="4130" dev=proc
ino=270663682 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:pam_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2736): avc:
denied { getattr } for pid=4883 comm="ps" name="4147" dev=proc
ino=271777794 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_evolution_server_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2737): avc:
denied { getattr } for pid=4883 comm="ps" name="4178" dev=proc
ino=273809410 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_gph_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.501:2738): avc:
denied { getattr } for pid=4883 comm="ps" name="4179" dev=proc
ino=273874946 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2739): avc:
denied { getattr } for pid=4883 comm="ps" name="4195" dev=proc
ino=274923522 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2740): avc:
denied { getattr } for pid=4883 comm="ps" name="4308" dev=proc
ino=282329090 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_evolution_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2741): avc:
denied { getattr } for pid=4883 comm="ps" name="4341" dev=proc
ino=284491778 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2742): avc:
denied { getattr } for pid=4883 comm="ps" name="4342" dev=proc
ino=284557314 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2743): avc:
denied { getattr } for pid=4883 comm="ps" name="4345" dev=proc
ino=284753922 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2744): avc:
denied { getattr } for pid=4883 comm="ps" name="4346" dev=proc
ino=284819458 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2745): avc:
denied { getattr } for pid=4883 comm="ps" name="4347" dev=proc
ino=284884994 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2746): avc:
denied { getattr } for pid=4883 comm="ps" name="4348" dev=proc
ino=284950530 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2747): avc:
denied { getattr } for pid=4883 comm="ps" name="4350" dev=proc
ino=285081602 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2748): avc:
denied { getattr } for pid=4883 comm="ps" name="4351" dev=proc
ino=285147138 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2749): avc:
denied { getattr } for pid=4883 comm="ps" name="4352" dev=proc
ino=285212674 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2750): avc:
denied { getattr } for pid=4883 comm="ps" name="4353" dev=proc
ino=285278210 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2751): avc:
denied { getattr } for pid=4883 comm="ps" name="4354" dev=proc
ino=285343746 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2752): avc:
denied { getattr } for pid=4883 comm="ps" name="4355" dev=proc
ino=285409282 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2753): avc:
denied { getattr } for pid=4883 comm="ps" name="4357" dev=proc
ino=285540354 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.505:2754): avc:
denied { getattr } for pid=4883 comm="ps" name="4414" dev=proc
ino=289275906 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_ssh_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2755): avc:
denied { getattr } for pid=4883 comm="ps" name="4426" dev=proc
ino=290062338 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2756): avc:
denied { getattr } for pid=4883 comm="ps" name="4428" dev=proc
ino=290193410 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2757): avc:
denied { getattr } for pid=4883 comm="ps" name="4429" dev=proc
ino=290258946 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2758): avc:
denied { getattr } for pid=4883 comm="ps" name="4431" dev=proc
ino=290390018 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2759): avc:
denied { getattr } for pid=4883 comm="ps" name="4432" dev=proc
ino=290455554 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2760): avc:
denied { getattr } for pid=4883 comm="ps" name="4433" dev=proc
ino=290521090 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2761): avc:
denied { getattr } for pid=4883 comm="ps" name="4434" dev=proc
ino=290586626 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2762): avc:
denied { getattr } for pid=4883 comm="ps" name="4435" dev=proc
ino=290652162 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2763): avc:
denied { getattr } for pid=4883 comm="ps" name="4436" dev=proc
ino=290717698 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2764): avc:
denied { getattr } for pid=4883 comm="ps" name="4532" dev=proc
ino=297009154 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2765): avc:
denied { getattr } for pid=4883 comm="ps" name="4534" dev=proc
ino=297140226 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2766): avc:
denied { getattr } for pid=4883 comm="ps" name="4535" dev=proc
ino=297205762 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2767): avc:
denied { getattr } for pid=4883 comm="ps" name="4537" dev=proc
ino=297336834 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2768): avc:
denied { getattr } for pid=4883 comm="ps" name="4538" dev=proc
ino=297402370 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2769): avc:
denied { getattr } for pid=4883 comm="ps" name="4539" dev=proc
ino=297467906 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2770): avc:
denied { getattr } for pid=4883 comm="ps" name="4540" dev=proc
ino=297533442 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2771): avc:
denied { getattr } for pid=4883 comm="ps" name="4543" dev=proc
ino=297730050 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2772): avc:
denied { getattr } for pid=4883 comm="ps" name="4544" dev=proc
ino=297795586 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2773): avc:
denied { getattr } for pid=4883 comm="ps" name="4591" dev=proc
ino=300875778 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2774): avc:
denied { getattr } for pid=4883 comm="ps" name="4593" dev=proc
ino=301006850 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2775): avc:
denied { getattr } for pid=4883 comm="ps" name="4594" dev=proc
ino=301072386 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.509:2776): avc:
denied { getattr } for pid=4883 comm="ps" name="4596" dev=proc
ino=301203458 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2777): avc:
denied { getattr } for pid=4883 comm="ps" name="4597" dev=proc
ino=301268994 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2778): avc:
denied { getattr } for pid=4883 comm="ps" name="4598" dev=proc
ino=301334530 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2779): avc:
denied { getattr } for pid=4883 comm="ps" name="4599" dev=proc
ino=301400066 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2780): avc:
denied { getattr } for pid=4883 comm="ps" name="4600" dev=proc
ino=301465602 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2781): avc:
denied { getattr } for pid=4883 comm="ps" name="4601" dev=proc
ino=301531138 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2782): avc:
denied { getattr } for pid=4883 comm="ps" name="4641" dev=proc
ino=304152578 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2783): avc:
denied { getattr } for pid=4883 comm="ps" name="4645" dev=proc
ino=304414722 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2784): avc:
denied { getattr } for pid=4883 comm="ps" name="4646" dev=proc
ino=304480258 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2785): avc:
denied { getattr } for pid=4883 comm="ps" name="4648" dev=proc
ino=304611330 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2786): avc:
denied { getattr } for pid=4883 comm="ps" name="4649" dev=proc
ino=304676866 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2787): avc:
denied { getattr } for pid=4883 comm="ps" name="4650" dev=proc
ino=304742402 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2788): avc:
denied { getattr } for pid=4883 comm="ps" name="4651" dev=proc
ino=304807938 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2789): avc:
denied { getattr } for pid=4883 comm="ps" name="4653" dev=proc
ino=304939010 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2790): avc:
denied { getattr } for pid=4883 comm="ps" name="4654" dev=proc
ino=305004546 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2791): avc:
denied { getattr } for pid=4883 comm="ps" name="4682" dev=proc
ino=306839554 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_su_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2792): avc:
denied { getattr } for pid=4883 comm="ps" name="4687" dev=proc
ino=307167234 scontext=user_u:user_r:user_mozilla_t
tcontext=root:sysadm_r:sysadm_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2793): avc:
denied { getattr } for pid=4883 comm="ps" name="4733" dev=proc
ino=310181890 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2794): avc:
denied { getattr } for pid=4883 comm="ps" name="4786" dev=proc
ino=313655298 scontext=user_u:user_r:user_mozilla_t
tcontext=system_u:system_r:crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2795): avc:
denied { getattr } for pid=4883 comm="ps" name="4788" dev=proc
ino=313786370 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.513:2796): avc:
denied { getattr } for pid=4883 comm="ps" name="4789" dev=proc
ino=313851906 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.517:2797): avc:
denied { getattr } for pid=4883 comm="ps" name="4791" dev=proc
ino=313982978 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.517:2798): avc:
denied { getattr } for pid=4883 comm="ps" name="4792" dev=proc
ino=314048514 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.517:2799): avc:
denied { getattr } for pid=4883 comm="ps" name="4793" dev=proc
ino=314114050 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.517:2800): avc:
denied { getattr } for pid=4883 comm="ps" name="4794" dev=proc
ino=314179586 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.517:2801): avc:
denied { getattr } for pid=4883 comm="ps" name="4795" dev=proc
ino=314245122 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.517:2802): avc:
denied { getattr } for pid=4883 comm="ps" name="4796" dev=proc
ino=314310658 scontext=user_u:user_r:user_mozilla_t
tcontext=user_u:user_r:user_crond_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.517:2803): avc:
denied { getattr } for pid=4883 comm="ps" name="4800" dev=proc
ino=314572802 scontext=user_u:user_r:user_mozilla_t
tcontext=root:sysadm_r:sysadm_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.517:2804): avc:
denied { getattr } for pid=4883 comm="ps" name="4801" dev=proc
ino=314638338 scontext=user_u:user_r:user_mozilla_t
tcontext=root:sysadm_r:sysadm_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2807): avc:
denied { read write } for pid=4881 comm="lpr" name="_CACHE_MAP_"
dev=hda8 ino=727273 scontext=user_u:user_r:user_lpr_t
tcontext=user_u:object_r:user_mozilla_home_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2808): avc:
denied { read write } for pid=4881 comm="lpr" name="history.dat"
dev=hda8 ino=323465 scontext=user_u:user_r:user_lpr_t
tcontext=user_u:object_r:user_mozilla_home_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2809): avc:
denied { read write } for pid=4881 comm="lpr" name="_CACHE_001_"
dev=hda8 ino=727274 scontext=user_u:user_r:user_lpr_t
tcontext=user_u:object_r:user_mozilla_home_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2810): avc:
denied { read write } for pid=4881 comm="lpr" name="_CACHE_002_"
dev=hda8 ino=727275 scontext=user_u:user_r:user_lpr_t
tcontext=user_u:object_r:user_mozilla_home_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2811): avc:
denied { read write } for pid=4881 comm="lpr" name="_CACHE_003_"
dev=hda8 ino=727276 scontext=user_u:user_r:user_lpr_t
tcontext=user_u:object_r:user_mozilla_home_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2812): avc:
denied { read write } for pid=4881 comm="lpr" name="mixer" dev=tmpfs
ino=4206 scontext=user_u:user_r:user_lpr_t
tcontext=system_u:object_r:sound_device_t tclass=chr_file
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2813): avc:
denied { read } for pid=4881 comm="lpr" name="XUL.mfasl" dev=hda8
ino=323401 scontext=user_u:user_r:user_lpr_t
tcontext=user_u:object_r:user_mozilla_home_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2814): avc:
denied { read write } for pid=4881 comm="lpr" name="7A1B3157d01"
dev=hda8 ino=727747 scontext=user_u:user_r:user_lpr_t
tcontext=user_u:object_r:user_mozilla_home_t tclass=file
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2815): avc:
denied { read write } for pid=4881 comm="lpr" name="[14195]"
dev=sockfs ino=14195 scontext=user_u:user_r:user_lpr_t
tcontext=user_u:user_r:user_mozilla_t tclass=unix_stream_socket
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2816): avc:
denied { read write } for pid=4881 comm="lpr" name="[14197]"
dev=sockfs ino=14197 scontext=user_u:user_r:user_lpr_t
tcontext=user_u:user_r:user_mozilla_t tclass=unix_stream_socket
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2817): avc:
denied { siginh } for pid=4881 comm="lpr"
scontext=user_u:user_r:user_mozilla_t tcontext=user_u:user_r:user_lpr_t
tclass=process
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2818): avc:
denied { rlimitinh } for pid=4881 comm="lpr"
scontext=user_u:user_r:user_mozilla_t tcontext=user_u:user_r:user_lpr_t
tclass=process
Apr 23 10:57:26 workstation kernel: audit(1145786246.549:2819): avc:
denied { noatsecure } for pid=4881 comm="lpr"
scontext=user_u:user_r:user_mozilla_t tcontext=user_u:user_r:user_lpr_t
tclass=process
Apr 23 10:57:26 workstation kernel: audit(1145786246.557:2820): avc:
denied { search } for pid=4881 comm="lpr" name="nscd" dev=hda7
ino=258574 scontext=user_u:user_r:user_lpr_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:26 workstation kernel: audit(1145786246.561:2821): avc:
denied { search } for pid=4881 comm="lpr" name="nscd" dev=hda7
ino=258574 scontext=user_u:user_r:user_lpr_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:28 workstation kernel: audit(1145786247.997:2822): avc:
denied { search } for pid=4881 comm="lpr" name="nscd" dev=hda7
ino=258574 scontext=user_u:user_r:user_lpr_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:28 workstation kernel: audit(1145786247.997:2823): avc:
denied { search } for pid=4881 comm="lpr" name="nscd" dev=hda7
ino=258574 scontext=user_u:user_r:user_lpr_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:32 workstation kernel: audit(1145786252.002:2824): avc:
denied { search } for pid=4893 comm="sh" name="nscd" dev=hda7
ino=258574 scontext=system_u:system_r:cupsd_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:32 workstation kernel: audit(1145786252.006:2825): avc:
denied { search } for pid=4893 comm="sh" name="nscd" dev=hda7
ino=258574 scontext=system_u:system_r:cupsd_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:32 workstation kernel: audit(1145786252.070:2826): avc:
denied { search } for pid=4893 comm="sh" name="nscd" dev=hda7
ino=258574 scontext=system_u:system_r:cupsd_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:32 workstation kernel: audit(1145786252.070:2827): avc:
denied { search } for pid=4893 comm="sh" name="nscd" dev=hda7
ino=258574 scontext=system_u:system_r:cupsd_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:34 workstation kernel: audit(1145786254.714:2828): avc:
denied { search } for pid=4896 comm="sh" name="nscd" dev=hda7
ino=258574 scontext=system_u:system_r:cupsd_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:34 workstation kernel: audit(1145786254.714:2829): avc:
denied { search } for pid=4896 comm="sh" name="nscd" dev=hda7
ino=258574 scontext=system_u:system_r:cupsd_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:34 workstation kernel: audit(1145786254.730:2830): avc:
denied { search } for pid=4898 comm="sh" name="nscd" dev=hda7
ino=258574 scontext=system_u:system_r:cupsd_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:34 workstation kernel: audit(1145786254.730:2831): avc:
denied { search } for pid=4898 comm="sh" name="nscd" dev=hda7
ino=258574 scontext=system_u:system_r:cupsd_t
tcontext=system_u:object_r:nscd_var_run_t tclass=dir
Apr 23 10:57:42 workstation kernel: audit(1145786262.103:2832): avc:
denied { name_connect } for pid=4199 comm="firefox-bin" dest=5000
scontext=user_u:user_r:user_mozilla_t tcontext=system_u:object_r:port_t
tclass=tcp_socket
--
Ted Rule
Director, Layer3 Systems Ltd
W: http://www.layer3.co.uk/
17 years, 12 months
Add SELinux protection to Pure-FTPd
by Aurelien Bompard
Hi,
I'm trying to add SELinux protection to Pure-FTPd. It's an FTP server, so
labelling the binary to ftpd_t did 99% of the job ! Well done SELinux
devs !
But this server has additional features, like the possibility to get its
user list from MySQL, PostgreSQL or LDAP. So I've written this te file :
==========================
module pureftpd 1.0;
require {
class dir { getattr search };
class file { read write };
class tcp_socket name_connect;
class sock_file { getattr read write append ioctl lock };
class unix_stream_socket { read write connectto };
type ftpd_t;
type initrc_var_run_t;
type mysqld_port_t;
type ldap_port_t;
};
# Write to /var/run/utmp
allow ftpd_t initrc_var_run_t:file { read write };
### Allow connect to mysql
# Network connect
corenet_tcp_connect_mysqld_port(ftpd_t)
# Socket file connect
mysql_stream_connect(ftpd_t);
mysql_rw_db_sockets(ftpd_t)
### Allow connect to postgresql
# Network connect
corenet_tcp_connect_postgresql_port(ftpd_t)
# Socket file connect
postgresql_stream_connect(ftpd_t)
# Allow connect to ldap
allow ftpd_t ldap_port_t:tcp_socket name_connect;
==========================
I figured that out mainly by reading the policy source (mainly apache's),
and with the help of the wiki :
http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow explains
how to let SpamAssassin connect to LDAP.
I have a few questions:
- Does this look OK to you ?
- Is it better to use the macros ( like mysql_stream_connect(ftpd_t)) or to
write the policies explicitely (allow ftpd_t mysqld_port_t:tcp_socket
name_connect) ?
- The apache policy source used the sysnet_use_ldap macro to let it access
LDAP. It looks like it does much more and requires much more than the
simple allow tcp_socket name_connect. Yet, this is the one advertised in
the wiki. Which solution should I choose ?
- I'll build the module in %install and load it in %post. Any preferred
place for the .pp file ? /usr/share/pure-ftpd is OK, or would it be better
to put it in /usr/share/selinux/targeted ?
When this is verified, I'll add it to the wiki page
(http://fedoraproject.org/wiki/Packaging/SELinux).
Thanks a lot for your help !
Aurélien
--
http://aurelien.bompard.org ~~~~ Jabber : abompard(a)jabber.fr
For external use only
17 years, 12 months
enforcing reset to disabled on update
by Richard Hally
When I updated to the latest targeted policy (see below), the
configuration was changed to disabled! This is the second update that
has made this change. The previous policy update was the first time that
has happened and was reported by both myself and Tom London.
Apparently the change listed in the 04/26 rawhide report (also below)
needs further attention.
installed on an updated rawhide system:
selinux-policy-2.2.35-2
selinux-policy-targeted-2.2.35-2
libselinux-devel-1.30.3-1
libselinux-python-1.30.3-1
selinux-doc-1.25.2-1
selinux-policy-mls-2.2.35-2
libselinux-1.30.3-1
selinux-policy-strict-2.2.35-2
selinux-policy-2.2.35-2
-----------------------
* Tue Apr 25 2006 James Antill <jantill(a)redhat.com> 2.2.35-2
- Add xm policy
- Fix policygentool
* Mon Apr 24 2006 Dan Walsh <dwalsh(a)redhat.com> 2.2.35-1
- Update to upstream
- Fix postun to only disable selinux on full removal of the packages <-------
17 years, 12 months