Back to FC 19 AVCs
by mark
I did a full relabel of the system.
getsebool reports
use_nfs_home_dirs --> on
The dated subdirectory is in motion's home directory, owned by motion, and
NFS mounted.
And yet I get this from sealert:
SELinux is preventing /usr/bin/mplayer from read access on the directory
2013-08-14.
***** Plugin catchall (100. confidence) suggests
***************************
If you believe that mplayer should be allowed read access on the
2013-08-14 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep mplayer /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:zoneminder_t:s0
Target Context system_u:object_r:nfs_t:s0
Target Objects 2013-08-14 [ dir ]
Source mplayer
Source Path /usr/bin/mplayer
Port <Unknown>
<snip>
Platform Linux argo 3.10.4-300.fc19.x86_64 #1 SMP Tue
Jul
30 11:29:05 UTC 2013 x86_64 x86_64
Alert Count 62
First Seen 2013-01-02 11:26:28 EST
Last Seen 2013-08-14 14:09:34 EDT
Local ID a01e1306-2704-45c0-813d-9bffa97c7bd1
Raw Audit Messages
type=AVC msg=audit(1376503774.334:31452): avc: denied { read } for
pid=17414 comm="mplayer" name="2013-08-14" dev="0:38" ino=29229148
scontext=system_u:system_r:zoneminder_t:s0
tcontext=system_u:object_r:nfs_t:s0 tclass=dir
type=AVC msg=audit(1376503774.334:31452): avc: denied { open } for
pid=17414 comm="mplayer" path="/home/motion/camera/2013-08-14" dev="0:38"
ino=29229148 scontext=system_u:system_r:zoneminder_t:s0
tcontext=system_u:object_r:nfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1376503774.334:31452): arch=x86_64 syscall=openat
success=yes exit=EINTR a0=ffffffffffffff9c a1=7f3f37f3d540 a2=90800 a3=0
items=0 ppid=17413 pid=17414 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=mplayer
exe=/usr/bin/mplayer subj=system_u:system_r:zoneminder_t:s0 key=(null)
Hash: mplayer,zoneminder_t,nfs_t,dir,read
10 years, 7 months
Sosreport Fedora 19
by David Highley
Lots of avc for sosreport in Fedora 19.
type=SYSCALL msg=audit(1376177902.497:110): arch=c000003e syscall=16
success=no exit=-65 a0=3 a1=8940 a2=7fff72ed5bf0 a3=7fff72ed59a0 items=0
ppid=3710 pid=3736 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="brctl"
exe="/usr/sbin/brctl" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1376177902.497:110): avc: denied { module_request }
for pid=3736 comm="brctl" kmod="bridge"
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:kernel_t:s0 tclass=system
type=SYSCALL msg=audit(1376177902.968:111): arch=c000003e syscall=6
success=no exit=-13 a0=7fff425f9af0 a1=1dcd140 a2=1dcd140 a3=fffff800
items=0 ppid=3710 pid=3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ls"
exe="/usr/bin/ls" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1376177902.968:111): avc: denied { getattr } for
pid=3764 comm="ls" path="/dev/initctl" dev="devtmpfs" ino=8906
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:object_r:initctl_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1376177902.980:112): arch=c000003e syscall=6
success=no exit=-13 a0=7fff425f9af0 a1=1ddbb30 a2=1ddbb30 a3=fffffff8
items=0 ppid=3710 pid=3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ls"
exe="/usr/bin/ls" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1376177902.980:112): avc: denied { getattr } for
pid=3764
comm="ls" path="/dev/pts/ptmx" dev="devpts" ino=2
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
type=SYSCALL msg=audit(1376177903.375:113): arch=c000003e syscall=4
success=no exit=-13 a0=2051cb0 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0
items=0 ppid=3710 pid=3772 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="df"
exe="/usr/bin/df" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1376177903.375:113): avc: denied { getattr } for
pid=3772 comm="df" path="/sys/fs/pstore" dev="pstore" ino=9238
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:object_r:pstorefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1376177903.408:114): arch=c000003e syscall=4
success=no exit=-13 a0=2052470 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0
items=0 ppid=3710 pid=3772 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="df"
exe="/usr/bin/df" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1376177903.408:114): avc: denied { getattr } for
pid=3772 comm="df" path="/sys/kernel/config" dev="configfs" ino=15409
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:object_r:configfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1376177904.575:115): arch=c000003e syscall=41
success=no exit=-13 a0=10 a1=80803 a2=f a3=d2be50 items=0 ppid=3710
pid=3803 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm="lsusb" exe="/usr/bin/lsusb"
subj=system_u:system_r:sosreport_t:s0-s0:c
0.c1023 key=(null)
type=AVC msg=audit(1376177904.575:115): avc: denied { create } for
pid=3803 comm="lsusb"
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tclass=netlink_kobject_uevent_socket
type=SYSCALL msg=audit(1376177904.650:116): arch=c000003e syscall=41
success=no exit=-13 a0=10 a1=80803 a2=f a3=1697e50 items=0 ppid=3710
pid=3804 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm="lsusb" exe="/usr/bin/lsusb"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1376177904.650:116): avc: denied { create } for
pid=3804 comm="lsusb"
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tclass=netlink_kobject_uevent_socket
type=SYSCALL msg=audit(1376180405.316:271): arch=c000003e syscall=41
success=no exit=-13 a0=2 a1=3 a2=ff a3=7fffde20a870 items=0 ppid=3710
pid=6315 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm="iptables"
exe="/usr/sbin/xtables-multi"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1376180405.316:271): avc: denied { create } for
pid=6315 comm="iptables"
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tclass=rawip_socket
type=SYSCALL msg=audit(1376180405.317:272): arch=c000003e syscall=41
success=no exit=-13 a0=2 a1=3 a2=ff a3=7fffde20a810 items=0 ppid=3710
pid=6315 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(
none) comm="iptables" exe="/usr/sbin/xtables-multi"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1376180405.317:272): avc: denied { create } for
pid=6315 comm="iptables"
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tclass=rawip_socket
type=SYSCALL msg=audit(1376180405.323:273): arch=c000003e syscall=41
success=no exit=-13 a0=2 a1=3 a2=ff a3=7fffec93d130 items=0 ppid=3710
pid=6316 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm="iptables"
exe="/usr/sbin/xtables-multi"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1376180405.323:273): avc: denied { create } for
pid=6316 comm="iptables"
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tclass=rawip_socket
type=SYSCALL msg=audit(1376180405.323:274): arch=c000003e syscall=41
success=no exit=-13 a0=2 a1=3 a2=ff a3=7fffec93d0d0 items=0 ppid=3710
pid=6316 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm="iptables"
exe="/usr/sbin/xtables-multi"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1376180405.323:274): avc: denied { create } for
pid=6316 comm="iptables"
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tclass=rawip_socket
type=SYSCALL msg=audit(1376180405.697:281): arch=c000003e syscall=89
success=no exit=-13 a0=7fffa26e89e0 a1=7fffa26e87c0 a2=1d a3=3 items=0
ppid=3710 pid=6324 a
10 years, 7 months
FC19, AVC mailx
by mark
SELinux is preventing /usr/bin/mailx from ioctl access on the
unix_stream_socket unix_stream_socket.
***** Plugin catchall (100. confidence) suggests
***************************
If you believe that mailx should be allowed ioctl access on the
unix_stream_socket unix_stream_socket by default.
<snip>
Additional Information:
Source Context system_u:system_r:system_mail_t:s0
Target Context system_u:system_r:init_t:s0
Target Objects unix_stream_socket [ unix_stream_socket ]
Source mail
Source Path /usr/bin/mailx
Port <Unknown>
<snip>
Source RPM Packages mailx-12.5-8.fc19.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-69.fc19.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Permissive
<snip>
Platform Linux <...> 3.10.4-300.fc19.x86_64 #1 SMP
Tue Jul
30 11:29:05 UTC 2013 x86_64 x86_64
Alert Count 53
First Seen 2013-07-31 09:17:16 EDT
Last Seen 2013-08-20 09:06:53 EDT
Local ID c515e3ea-2126-47ac-9d89-5295777101e7
Raw Audit Messages
type=AVC msg=audit(1377004013.420:62309): avc: denied { ioctl } for
pid=31047 comm="mail" path="socket:[12915]" dev="sockfs" ino=12915
scontext=system_u:system_r:system_mail_t:s0
tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket
type=SYSCALL msg=audit(1377004013.420:62309): arch=x86_64 syscall=ioctl
success=no exit=ENOTTY a0=1 a1=5401 a2=7fff8006f380 a3=7fff8006f1d0
items=0 ppid=31031 pid=31047 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=mail
exe=/usr/bin/mailx subj=system_u:system_r:system_mail_t:s0 key=(null)
Hash: mail,system_mail_t,init_t,unix_stream_socket,ioctl
mark "call me befuddled"
10 years, 7 months
Nonstandard Homedir Label
by Robert Gabriel
Hi,
If I have in /etc/passwd
splunk:x:101:101:Splunk User:/opt/splunkdashboards/var/lib/splunk:/sbin/
nologin
and in splunkdashboards.fc:
/opt/splunkdashboards/var/lib(/.*)? gen_context(system_u:object_r:
splunkdashboards_var_lib_t,s0)
then following label:
guest_u:object_r:usr_home_dir_t.
If in /etc/passwd
splunk:x:101:101:Splunk User:/nonexistant:/sbin/nologin
then label as expected.
I see Apache and Postfix have homedirs in various directories and are
labelled correctly.
Please why?
Thank you.
10 years, 7 months