December 2008 - selinux - Fedora Mailing-Lists

boot in permissive mode to boot 2.6.28-0.106.rc6.git4.fc11.i686

by Antonio Olivares

Dear fellow selinux experts, Thanks to Tom London for the tip to boot the new kernel, using enforcing=0, I see some denied avc's at startup SELinux: initialized (dev sda3, type ext3), uses xattr SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs Adding 1574328k swap on /dev/sda5. Priority:-1 extents:1 across:1574328k Adding 1540088k swap on /dev/mapper/VolGroup00-LogVol01. Priority:-2 extents:1 across:1540088k SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts type=1400 audit(1228436635.068:4): avc: denied { sys_tty_config } for pid=1536 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability NET: Registered protocol family 10 lo: Disabled Privacy Extensions ip6_tables: (C) 2000-2006 Netfilter Core Team type=1400 audit(1228436636.405:5): avc: denied { write } for pid=1562 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file eth0: no IPv6 routers present eth1: setting full-duplex. SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 RPC: Registered udp transport module. RPC: Registered tcp transport module. SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses genfs_contexts SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: initialized (dev autofs, type autofs), uses genfs_contexts SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: initialized (dev autofs, type autofs), uses genfs_contexts SELinux: initialized (dev autofs, type autofs), uses genfs_contexts SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 Bluetooth: Core ver 2.13 NET: Registered protocol family 31 Bluetooth: HCI device and connection manager initialized Bluetooth: HCI socket layer initialized SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff Bluetooth: L2CAP ver 2.11 Bluetooth: L2CAP socket layer initialized Bluetooth: BNEP (Ethernet Emulation) ver 1.3 Bluetooth: BNEP filters: protocol multicast Bridge firewalling registered Bluetooth: SCO (Voice Link) ver 0.6 Bluetooth: SCO socket layer initialized SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff eth1: no IPv6 routers present SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b0 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff fuse init (API version 7.10) SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: initialized (dev fuse, type fuse), uses genfs_contexts SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff type=1400 audit(1228436728.479:6): avc: denied { read open } for pid=3011 comm="kded4" name="Trolltech.conf" dev=dm-0 ino=6064321 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=file type=1400 audit(1228436728.500:7): avc: denied { lock } for pid=3011 comm="kded4" path="/home/olivares/.config/Trolltech.conf" dev=dm-0 ino=6064321 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=file SELinux: WARNING: inside open_file_mask_to_av with unknown mode:a1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:a1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff type=1400 audit(1228436734.312:8): avc: denied { search open } for pid=3018 comm="polkit-read-aut" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff type=1400 audit(1228436734.312:9): avc: denied { write } for pid=3018 comm="polkit-read-aut" name="system_bus_socket" dev=dm-0 ino=3276857 scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=sock_file type=1400 audit(1228436734.312:10): avc: denied { connectto } for pid=3018 comm="polkit-read-aut" path="/var/run/dbus/system_bus_socket" scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c180 type=1400 audit(1228436738.188:11): avc: denied { write } for pid=3009 comm="klauncher" name="gkrellm.desktop" dev=dm-0 ino=6161169 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=file SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 type=1400 audit(1228436768.597:12): avc: denied { read open } for pid=3092 comm="gkrellm" name="eth0" dev=dm-0 ino=6062973 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=file type=1400 audit(1228436769.217:13): avc: denied { write } for pid=3092 comm="gkrellm" name="eth0" dev=dm-0 ino=6062973 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=file type=1400 audit(1228436770.787:14): avc: denied { lock } for pid=3100 comm="python" path="/home/olivares/.config/Trolltech.conf" dev=dm-0 ino=6064321 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=file SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:a1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:a1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff type=1400 audit(1228436860.935:15): avc: denied { write } for pid=3092 comm="gkrellm" name=".gkrellm2" dev=dm-0 ino=6062959 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=dir type=1400 audit(1228436860.935:16): avc: denied { add_name } for pid=3092 comm="gkrellm" name="user-config.new" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=dir type=1400 audit(1228436860.954:17): avc: denied { remove_name } for pid=3092 comm="gkrellm" name="user-config.new" dev=dm-0 ino=15368195 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=dir SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ed SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1fd SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1b6 SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff type=1400 audit(1228437353.337:18): avc: denied { read open } for pid=3525 comm="bash" name=".bash_history" dev=dm-0 ino=1507343 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=root:object_r:user_home_t:s0 tclass=file type=1400 audit(1228437402.855:19): avc: denied { read open } for pid=3488 comm="konsole" name="Trolltech.conf" dev=dm-0 ino=6064321 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=user_u:object_r:user_home_t:s0 tclass=file SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff [root@localhost ~]# tail -f /var/log/messages Dec 4 18:35:48 localhost kernel: SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff Dec 4 18:35:48 localhost kernel: SELinux: WARNING: inside open_file_mask_to_av with unknown mode:c1ff Dec 4 18:35:48 localhost kernel: SELinux: WARNING: inside open_file_mask_to_avwith unknown mode:c1ff Dec 4 18:35:48 localhost kernel: SELinux: WARNING: inside open_file_mask_to_avwith unknown mode:c1ff Dec 4 18:35:48 localhost kernel: SELinux: WARNING: inside open_file_mask_to_avwith unknown mode:c1ff Dec 4 18:35:52 localhost kernel: SELinux: WARNING: inside open_file_mask_to_avwith unknown mode:c1b6 Dec 4 18:35:53 localhost kernel: SELinux: WARNING: inside open_file_mask_to_avwith unknown mode:c1ff Dec 4 18:35:53 localhost kernel: SELinux: WARNING: inside open_file_mask_to_avwith unknown mode:c1ff Dec 4 18:35:53 localhost kernel: SELinux: WARNING: inside open_file_mask_to_avwith unknown mode:c1ff Dec 4 18:35:53 localhost kernel: type=1400 audit(1228437353.337:18): avc: denied { read open } for pid=3525 comm="bash" name=".bash_history" dev=dm-0 ino=1507343 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=root:object_r:user_home_t:s0 tclass=file Hope this helps in some way if the policies have not been loaded. Thanks also to Mr. Dan Walsh in the troubles with iptables and selinux: [olivares@localhost ~]$ dmesg | grep 'iptables' type=1400 audit(1228436636.405:5): avc: denied { write } for pid=1562 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file I hope this also gets fixed to get the dhcp server going :) Regards, Antonio

15 years, 4 months

3
2
0 / 0

Re: browser_confine_xguest

by John Griffiths

15 years, 4 months

2
1
0 / 0

selinux is denying iptables still :(

by Antonio Olivares

Dear fellow selinux experts, selinux is still denying iptables :( type=1400 audit(1228351277.178:4): avc: denied { write } for pid=1351 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file It also interferes with the booting of newer kernel with many messages of denying stuff with Permission denied. I'm just reporting this, I have this machine running rawhide and it was also to serve as a mini-dhcp server to get internet to the machines in the classroom. I got help from fedora-list to get the correct file and all, but selinux is denying this, and I have to keep trying to get it right, and for other people it just works . Thanks, Antonio

15 years, 4 months

2
3
0 / 0

How can i call a function which is usually used by root?

by wk

I want write a c program.And a common user(not in root group) will run this program. In this program,I call fread(/dev/sdc...) and fwrite(/dev/sdc),but this call will return "permission no allow".If I use the root user,will be ok. How to change to the authority to root's? I know the root's password.

15 years, 4 months

3
2
0 / 0

spamc / spamd communication problem

by Bob Richmond

I'm trying to make spamd listen on a unix domain socket, and let spamc connect to it. The question is, I can't figure out the intended destination for the spamd socket file (as specified via --socketpath passed to spamd and -U to spamc). I see that spamc_t has permission to connect to a socket with a type of spamd_tmp_t, but there doesn't appear to be an fc rule for where a new socket file would inherit that type. It makes sense to me that the socket file should exist in /var/run/spamassassin/spamd.sock to be consistent, but /var/run/spamassassin has a type of spamd_var_run_t, where spamc has no permission to connect to a sock_file under. Any help? I'm running F10, policy version selinux-policy-targeted-3.5.13-18.fc10. Thanks!

15 years, 4 months

2
1
0 / 0

selinux denying a cups printer

by Gene Heskett

Greetings; Uptodate F8, targeted setting host=coyote.coyote.den type=AVC msg=audit(1227891049.940:679): avc: denied { execute } for pid=6486 comm="cupsd" name="lp3" dev=sda3 ino=104400725 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file host=coyote.coyote.den type=SYSCALL msg=audit(1227891049.940:679): arch=40000003 syscall=33 success=no exit=-13 a0=bff13656 a1=1 a2=b7f17ff4 a3=b7f18a3c items=0 ppid=6485 pid=6486 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="cupsd" exe="/usr/sbin/cupsd" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) The troubleshooters recommended fix is a restorecon -v './lp3' The only ./lp3 I could find was in /etc/cups.d/interfaces/lp3, and while it did change the context of the file, it does not fix the problem. This particular driver ppd is the lpr and cupswrapper of the HL2140 driver kit from Brother, and apparently is installed in a /usr/local/Brother subdir by their rpms. All this did work flawlessly before I had a drive failure, and it worked after an Fu8 install, but failed sometime in the nearly 2 weeks uptime, as did all my other printer profiles, which I have now deleted and rebuilt, and work except for this one. I am going to try touching /.autorelabel and reboot again see if that helps. However, nothing happened the last time I tried that 2 weeks ago... -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Q: How many IBM CPU's does it take to do a logical right shift? A: 33. 1 to hold the bits and 32 to push the register.

15 years, 4 months

2
2
0 / 0

SELinux is preventing npviewer.bin (nsplugin_t) "read" to ./pulse-shm-4180703699

by Antonio Olivares

Dear fellow selinux experts, Net avc for npviewer :( Summary: SELinux is preventing npviewer.bin (nsplugin_t) "read" to ./pulse-shm-4180703699 (tmpfs_t). Detailed Description: SELinux denied access requested by npviewer.bin. It is not expected that this access is required by npviewer.bin and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./pulse-shm-4180703699, restorecon -v './pulse-shm-4180703699' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 3 Target Context unconfined_u:object_r:tmpfs_t:s0 Target Objects ./pulse-shm-4180703699 [ file ] Source npviewer.bin Source Path /usr/lib/nspluginwrapper/npviewer.bin Port <Unknown> Host riohigh Source RPM Packages nspluginwrapper-1.1.4-1.fc11 Target RPM Packages Policy RPM selinux-policy-3.5.13-18.fc10 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name riohigh Platform Linux riohigh 2.6.27.5-117.fc10.i686 #1 SMP Tue Nov 18 12:19:59 EST 2008 i686 athlon Alert Count 1 First Seen Tue 02 Dec 2008 06:57:09 AM CST Last Seen Tue 02 Dec 2008 06:57:09 AM CST Local ID c049e765-9d3b-4384-927a-19797fb78d8d Line Numbers Raw Audit Messages node=riohigh type=AVC msg=audit(1228222629.565:217): avc: denied { read } for pid=4625 comm="npviewer.bin" name="pulse-shm-4180703699" dev=tmpfs ino=36988 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file node=riohigh type=SYSCALL msg=audit(1228222629.565:217): arch=40000003 syscall=5 success=no exit=-13 a0=bfda08d0 a1=a0000 a2=0 a3=bfda08d0 items=0 ppid=4427 pid=4625 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=13 comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) I try the fix and i get: [olivares@riohigh ~]$ su - Password: [root@riohigh ~]# restorecon -v './pulse-shm-4180703699' restorecon: stat error on ./pulse-shm-4180703699: No such file or directory [root@riohigh ~]# Thanks, Antonio

15 years, 4 months

2
1
0 / 0

iptables denials on Centos

by Tony Molloy

Hi, I'm running several fully updated CentOS 5.2 servers and am trying to get all the SELinux denials sorted out. Here are two of the ones that I've got left. I can generate local policy to allow these but is that the best way. The full sealert messages have been cut. 1. SELinux is preventing iptables (iptables_t) "read write" to socket (initrc_t). For complete SELinux messages. run sealert -l 80760bb0-da8f-4fe8-855a-1cfc5789a597 [root@garryowen ~]# sealert -l 80760bb0-da8f-4fe8-855a-1cfc5789a597 Summary: SELinux is preventing iptables (iptables_t) "read write" to socket (initrc_t). Detailed Description: SELinux denied access requested by iptables. It is not expected that this ... Allowing Access: You can generate a local policy module to allow this access - see FAQ ... Additional Information: Source Context system_u:system_r:iptables_t Target Context system_u:system_r:initrc_t Target Objects socket [ packet_socket ] Source iptables Source Path /sbin/iptables Port <Unknown> Host garryowen.xx.xx.xx Source RPM Packages iptables-1.3.5-4.el5 Target RPM Packages Policy RPM selinux-policy-2.4.6-137.1.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall Host Name garryowen.xx.xx.xx Platform Linux garryowen.xx.xx.xx 2.6.18-92.1.18.el5 Raw Audit Messages host=garryowen.xx.xx.xx type=AVC msg=audit(1227684250.838:20268): avc: denied { read write } for pid=22829 comm="iptables" path="socket:[18015]" dev=sockfs ino=18015 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=packet_socket host=garryowen.xx.xx.xx type=SYSCALL msg=audit(1227684250.838:20268): arch=40000003 syscall=11 success=yes exit=0 a0=9c95470 a1=9c956f8 a2=9c95610 a3=40 items=0 ppid=5571 pid=22829 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables" subj=system_u:system_r:iptables_t:s0 key=(null) 2. SELinux is preventing iptables (iptables_t) "read" to pipe (crond_t). For complete SELinux messages. run sealert -l 879c2152-44ee-4594-96c6-96716fda722b [root@garryowen ~]# sealert -l 879c2152-44ee-4594-96c6-96716fda722b Summary: SELinux is preventing iptables (iptables_t) "read" to pipe (crond_t). Detailed Description: SELinux denied access requested by iptables. It is not expected that this ... Allowing Access: You can generate a local policy module to allow this access - see FAQ ... Additional Information: Source Context root:system_r:iptables_t Target Context system_u:system_r:crond_t:SystemLow-SystemHigh Target Objects pipe [ fifo_file ] Source iptables Source Path /sbin/iptables Port <Unknown> Host garryowen.xx.xx.xx Source RPM Packages iptables-1.3.5-4.el5 Target RPM Packages Policy RPM selinux-policy-2.4.6-137.1.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall Host Name garryowen.xx.xx.xx Platform Linux garryowen.xx.xx.xx 2.6.18-92.1.18.el5 Raw Audit Messages host=garryowen.xx.xx.xx type=AVC msg=audit(1228007101.709:31231): avc: denied { read } for pid=14428 comm="iptables" path="pipe:[1462004]" dev=pipefs ino=1462004 scontext=root:system_r:iptables_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=fifo_file host=garryowen.xx.xx.xx type=AVC msg=audit(1228007101.709:31231): avc: denied { write } for pid=14428 comm="iptables" path="pipe:[1462005]" dev=pipefs ino=1462005 scontext=root:system_r:iptables_t:s0 tcontext=system_u:system_r:crond_t:s0-s0:c0.c1023 tclass=fifo_file host=garryowen.xx.xx.xx type=SYSCALL msg=audit(1228007101.709:31231): arch=40000003 syscall=11 success=yes exit=0 a0=9985ab8 a1=9985698 a2=996d5d0 a3=0 items=0 ppid=14416 pid=14428 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5147 comm="iptables" exe="/sbin/iptables" subj=root:system_r:iptables_t:s0 key=(null) Thanks, Tony

15 years, 4 months

2
1
0 / 0

nspluginwrapper and .PDF files

by Paul C. Rauser

Over the past several days, I have begin to experiment with enabling the allow_unconfined_nsplugin_transition boolean in a F10 test environment. One of the most consistent demands from my test users/potential security threats is the ability to open .PDF files. Using mozplugger to do this launches evince, which throws AVCs all over and is probably undesirable anyway for the reasons listed in Dan Walsh's Nov 4 blog post on http://danwalsh.livejournal.com/ On the other hand, removing mozplugger and using the Adobe Acrobat 8.1.3 Firefox plugin throws lots of AVCs of its own -- and even more when doing things like printing -- and thus may not be the way to go. If allow_unconfined_nsplugin_transition is to be useful in user land, it seems that the boolean should allow .PDF opening/saving/printing out of the box using either evince or Adobe's reader. I am happy to bugzilla the AVCs for one or the other and help with testing -- any preference in the community for which one? Paul C. Rauser ægis law group LLP 901 F Street, N.W. Suite 500 Washington, D.C. 20004 T: 202 737 3375 F: 202 737 3330 E: prauser(a)aegislawgroup.com NOTICE: This communication from Aegis Law Group LLP may contain information that is legally privileged, confidential, or exempt from disclosure. If you are not the intended recipient, please note that any disclosure, copying, distribution, or use of the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify the sender immediately by telephone or by return e-mail and delete all copies.

15 years, 4 months

2
1
0 / 0

interface file

by Konrad Azzopardi

hi there, A simple question - if i want to create some interface like corenet_tcp_connect_yule_port(), would it be ok to put it in the interface file cause i saw a lot of similar macros depracated inside the interface files ?. If it is not the right place, would the corenetwork.if.in be the right place ? what is the best way to go about it ? tnx a lot

15 years, 4 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux December 2008