October 2016 - selinux - Fedora Mailing-Lists

by Philip Seeley

Hi all, Quick question is: In the targeted policy should init run SystemHigh as it does in the mls policy? The background: We're setting up a targeted system where we confine all users and remove the unconfined policy module, but we also enable polyinstantiation of /tmp and /var/tmp. If we ssh in as a staff_u user phil and elevate to root/sysadm_r then we have a context of: staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 And therefore /var/tmp is: drwxrwxrwt. root root system_u:object_r:tmp_t:s0-s0:c0.c1023 /var/tmp Which is really: drwxrwxrwt. root root system_u:object_r:tmp_t:s0-s0:c0.c1023 /var/tmp-inst/system_u:object_r:tmp_t:s0-s0:c0.c1023_phil The real /var/tmp is: drwxrwxrwt. root root system_u:object_r:tmp_t:s0 /var/tmp Now if we use run_init to update an RPM that contains a post install script, rpm can't create the temporary script file: # run_init bash -c 'rpm -i --force /root/libselinux-2.0.94-7.el6.x86_64.rpm' Authenticating phil. Password: error: error creating temporary file /var/tmp/rpm-tmp.atkHTf: Permission denied error: Couldn't create temporary file for %post (libselinux-2.0.94-7.el6.x86_64): Permission denied Note: you need to use run_init as the rpm might restart a service, e.g. the sssd rpm. We've traced this to the /etc/selinux/targeted/contexts/initrc_context file which contains: system_u:system_r:initrc_t:s0 So we transition to initrc_t and then to rpm_t without any categories, but because the polyinstantiated /var/tmp directory has c0.c1023 we get denied. Normally in targeted init runs unconfined, but we've removed this. type=AVC msg=audit(1467342325.016:716): avc: denied { read } for pid=2779 comm="rpm" name="system_u:object_r:tmp_t:s0-s0:c0.c1023_phil" dev=dm-0 ino=1966082 scontext=system_u:system_r:rpm_t:s0 tcontext=system_u:object_r:tmp_t:s0-s0:c0.c1023 tclass=dir It works if we change initrc_context to: system_u:system_r:initrc_t:s0-s0:c0.c1023 We don't see the issue under mls because the default initrc_context is: system_u:system_r:initrc_t:s0-s15:c0.c1023 We've traces this back through the selinux-policy src RPM and to the upstream refpolicy and see that config/appconfig-mcs/initrc_context is: system_u:system_r:initrc_t:s0 whereas config/appconfig-mls/initrc_context is: system_u:system_r:initrc_t:s0-mls_systemhigh So under mls init's context is SystemHigh, but under mcs/targeted it doesn't have any categories. So the long question is should config/appconfig-mcs/initrc_context really be: system_u:system_r:initrc_t:mcs_systemhigh as it seems odd that the more secure mls policy would run init at SystemHigh but targeted doesn't. Thanks Phil Seeley

4 years, 2 months

3
3
0 / 0

Re: RHEL 7 consoletype_exec interface issue

by Douglas Brown

Hi, In RHEL 7 when using the userdom_unpriv_user_template interface to create a new role, it in turn uses the consoletype_exec interface; but when I attempt to insert a policy compiled with this, it says the type consoletype_exec_t doesn’t exist. N.B. This works on RHEL 6. Thanks, Doug

6 years, 6 months

3
2
0 / 0

Re: autorelabel => reboot loop

by Robin Lee Powell

On Sun, Oct 23, 2016 at 07:54:26PM +0100, Trevor Hemsley wrote: > On 23/10/16 19:40, Robin Lee Powell wrote: > > This is on a rawhide machine on which I just ran dnf upgrade, touch > > /.autorelabel, and rebooted. It's now stuck in a reboot loop. > > > > The important part is probably: > > > > rm: cannot remove '/.autorelabel': Permission denied > > Try passing enforcing=0 as part of the kernel parameters. If I have to do that, isn't that a bug?

6 years, 11 months

3
2
0 / 0

Anyone know anything about slurm on CentOS 7?

by mark

The recently-left programmer did *something*, and he didn't know what, and the guy who picked it up is working with me to find out why /var/log/messages is getting flooded with Oct 26 11:01:06 <servername> kernel: type=1105 audit(1477494066.569:642430): pid=108551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_krb5,pam_xauth acct="<user>" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success' Oct 26 11:01:06 <servername> kernel: type=1106 audit(1477494066.620:642431): pid=108548 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:session_close grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_krb5,pam_xauth acct="<user>" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success' Oct 26 11:01:06 <servername> kernel: type=1104 audit(1477494066.620:642432): pid=108548 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:setcred grantors=pam_rootok acct="<user>" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success' Oct 26 11:01:11 <servername> su: (to <user>) root on none Oct 26 11:01:11 <servername> su: (to <user>) root on none Oct 26 11:01:11 <servername> systemd: Started Session c21839 of user <user>. Other folks can submit jobs to slurm, and we don't get anything like this. Feel free to contact me offlist.... mark Oct 26 11:01:11 <servername> systemd: Starting Session c21839 of user <user>.

6 years, 11 months

1
0
0 / 0

autorelabel => reboot loop

by Robin Lee Powell

This is on a rawhide machine on which I just ran dnf upgrade, touch /.autorelabel, and rebooted. It's now stuck in a reboot loop. The important part is probably: rm: cannot remove '/.autorelabel': Permission denied But here's the whole thing: Starting Update UTMP about System Boot/Shutdown... [ OK ] Started Update UTMP about System Boot/Shutdown. [ OK ] Reached target System Initialization. Starting Relabel all filesystems... /usr/libexec/selinux/selinux-autorelabel: line 13: echo: write error: Permission denied *** Warning -- SELinux targeted policy relabel is required. *** Relabeling could take a very long time, depending on file *** system size and speed of hard drives. Warning: Skipping the following R/O filesystems: /sys/fs/cgroup [ 20.821700] random: crng init done [ 108.937834] audit_printk_skb: 411 callbacks suppressed [ 108.939943] audit: type=1400 audit(1477247187.074:109): avc: denied { wake_alarm } for pid=337 comm="systemd-udevd" capability=35 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability2 permissive=0 [ 108.950307] audit: type=1300 audit(1477247187.074:109): arch=c000003e syscall=286 success=yes exit=0 a0=c a1=1 a2=7ffc122478c0 a3=0 items=0 ppid=1 pid=337 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-udevd" exe="/usr/lib/systemd/systemd-udevd" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null) [ 108.965180] audit: type=1327 audit(1477247187.074:109): proctitle="/usr/lib/systemd/systemd-udevd" filespec_add: conflicting specifications for /usr/sbin/sln and /usr/sbin/ldconfig, using system_u:object_r:ldconfig_exec_t:s0. [ 228.937107] audit: type=1400 audit(1477247307.074:110): avc: denied { wake_alarm } for pid=337 comm="systemd-udevd" capability=35 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability2 permissive=0 [ 228.945910] audit: type=1300 audit(1477247307.074:110): arch=c000003e syscall=286 success=yes exit=0 a0=c a1=1 a2=7ffc122478c0 a3=0 items=0 ppid=1 pid=337 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-udevd" exe="/usr/lib/systemd/systemd-udevd" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null) [ 228.957723] audit: type=1327 audit(1477247307.074:110): proctitle="/usr/lib/systemd/systemd-udevd" [ 348.936968] audit: type=1400 audit(1477247427.073:111): avc: denied { wake_alarm } for pid=337 comm="systemd-udevd" capability=35 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability2 permissive=0 [ 348.945338] audit: type=1300 audit(1477247427.073:111): arch=c000003e syscall=286 success=yes exit=0 a0=c a1=1 a2=7ffc122478c0 a3=0 items=0 ppid=1 pid=337 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-udevd" exe="/usr/lib/systemd/systemd-udevd" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null) [ 348.953817] audit: type=1327 audit(1477247427.073:111): proctitle="/usr/lib/systemd/systemd-udevd" [ 468.936952] audit: type=1400 audit(1477247547.074:112): avc: denied { wake_alarm } for pid=337 comm="systemd-udevd" capability=35 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability2 permissive=0 [ 468.943154] audit: type=1300 audit(1477247547.074:112): arch=c000003e syscall=286 success=yes exit=0 a0=c a1=1 a2=7ffc122478c0 a3=0 items=0 ppid=1 pid=337 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-udevd" exe="/usr/lib/systemd/systemd-udevd" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null) [ 468.951301] audit: type=1327 audit(1477247547.074:112): proctitle="/usr/lib/systemd/systemd-udevd" filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/f6/b29f1b2412ec473190991e94d18afba5a82cfa and /home/dag/vlasisku.ru/.git/objects/f6/b29f1b2412ec473190991e94d18afba5a82cfa, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/8c/99ed54e7926a7951502fb73b9021776960a9ec and /home/dag/vlasisku.ru/.git/objects/8c/99ed54e7926a7951502fb73b9021776960a9ec, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/2b/65bdb88b165d3182b76a6c5910f042eb254d6e and /home/dag/vlasisku.ru/.git/objects/2b/65bdb88b165d3182b76a6c5910f042eb254d6e, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/6c/2949fbc36cb243e80d5d4c3ddd2de43344d861 and /home/dag/vlasisku.ru/.git/objects/6c/2949fbc36cb243e80d5d4c3ddd2de43344d861, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/4b/af4777f66554c3d70568716175428c6ef842b6 and /home/dag/vlasisku.ru/.git/objects/4b/af4777f66554c3d70568716175428c6ef842b6, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/ae/e1c76971ae86373463a9932d9f8cc063498b43 and /home/dag/vlasisku.ru/.git/objects/ae/e1c76971ae86373463a9932d9f8cc063498b43, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/bb/508b26a2d05b6814866a20d0b475ffbb93c219 and /home/dag/vlasisku.ru/.git/objects/bb/508b26a2d05b6814866a20d0b475ffbb93c219, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/4d/05e69852aa875725a3bb9cc997c43be88e3449 and /home/dag/vlasisku.ru/.git/objects/4d/05e69852aa875725a3bb9cc997c43be88e3449, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/7c/90715d8b5c5baed13d4dd4c25b9085b801fadb and /home/dag/vlasisku.ru/.git/objects/7c/90715d8b5c5baed13d4dd4c25b9085b801fadb, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/98/177b39fdd48e92897714a04abbf4754d455649 and /home/dag/vlasisku.ru/.git/objects/98/177b39fdd48e92897714a04abbf4754d455649, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/57/d03b1960997f999fd655750ec6d5ffdd4bdfea and /home/dag/vlasisku.ru/.git/objects/57/d03b1960997f999fd655750ec6d5ffdd4bdfea, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/4e/91f970a61c8b9208ffe0dca943683fa89c8ed6 and /home/dag/vlasisku.ru/.git/objects/4e/91f970a61c8b9208ffe0dca943683fa89c8ed6, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/eb/b4e5400f45dac2a1b3d41d41e5ee46ee62a598 and /home/dag/vlasisku.ru/.git/objects/eb/b4e5400f45dac2a1b3d41d41e5ee46ee62a598, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/1c/cabd1f7d62a8229086b9d55cd116573fd6d9fa and /home/dag/vlasisku.ru/.git/objects/1c/cabd1f7d62a8229086b9d55cd116573fd6d9fa, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/4f/21905356c857d9e86701e6010523ad690fefd9 and /home/dag/vlasisku.ru/.git/objects/4f/21905356c857d9e86701e6010523ad690fefd9, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/b5/b2a053fff2b5e8dd5dc122991f673e6592080f and /home/dag/vlasisku.ru/.git/objects/b5/b2a053fff2b5e8dd5dc122991f673e6592080f, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/95/89870bdfba13333ef9ca1265560c3e3f917756 and /home/dag/vlasisku.ru/.git/objects/95/89870bdfba13333ef9ca1265560c3e3f917756, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/56/64273dc705ea6670fe7dca9de2fc332184f64c and /home/dag/vlasisku.ru/.git/objects/56/64273dc705ea6670fe7dca9de2fc332184f64c, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/c5/13cb9f5f94caf75308976fcff1b0b46736f4a2 and /home/dag/vlasisku.ru/.git/objects/c5/13cb9f5f94caf75308976fcff1b0b46736f4a2, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/07/a5ffdf3d37dc2d3c2d0a4ebb52c39118dffef9 and /home/dag/vlasisku.ru/.git/objects/07/a5ffdf3d37dc2d3c2d0a4ebb52c39118dffef9, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/a1/9030f03416567b6acc64a6a05cddef0be8df95 and /home/dag/vlasisku.ru/.git/objects/a1/9030f03416567b6acc64a6a05cddef0be8df95, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/08/0f0a8b076ded5a3e3350863089adce37dde0b4 and /home/dag/vlasisku.ru/.git/objects/08/0f0a8b076ded5a3e3350863089adce37dde0b4, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/94/e2ce2a4ff2bb254168f43f638ef3b3b7793ccf and /home/dag/vlasisku.ru/.git/objects/94/e2ce2a4ff2bb254168f43f638ef3b3b7793ccf, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/94/6f2b5d0f5eedfdcd72edde2e44e920c84e49d0 and /home/dag/vlasisku.ru/.git/objects/94/6f2b5d0f5eedfdcd72edde2e44e920c84e49d0, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/c0/474f111ae14f4d37c2de462b86d7b006cf9b11 and /home/dag/vlasisku.ru/.git/objects/c0/474f111ae14f4d37c2de462b86d7b006cf9b11, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/f7/97844c80261e4a14d255b09ddf738e50810a80 and /home/dag/vlasisku.ru/.git/objects/f7/97844c80261e4a14d255b09ddf738e50810a80, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/ea/45a23160a6832cd5d518f4f341f1eb7133ea3a and /home/dag/vlasisku.ru/.git/objects/ea/45a23160a6832cd5d518f4f341f1eb7133ea3a, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/8e/1134e12f06d1319d3c93bbb716282e43b750d7 and /home/dag/vlasisku.ru/.git/objects/8e/1134e12f06d1319d3c93bbb716282e43b750d7, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/c1/c2ae8435ff4df7d75d4750677fcad94b7320e7 and /home/dag/vlasisku.ru/.git/objects/c1/c2ae8435ff4df7d75d4750677fcad94b7320e7, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/02/628cf656cf31d3ca1e09140b7c24e1e01bf99f and /home/dag/vlasisku.ru/.git/objects/02/628cf656cf31d3ca1e09140b7c24e1e01bf99f, using staff_u:[ 524.039744] serial8250: too much work for irq4 object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/31/0f145cf3d59b4fb1a87958db8535b0218459e7 and /home/dag/vlasisku.ru/.git/objects/31/0f145cf3d59b4fb1a87958db8535b0218459e7, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/c7/e69eed9b492effae340443d19a1651f7130abf and /home/dag/vlasisku.ru/.git/objects/c7/e69eed9b492effae340443d19a1651f7130abf, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/c7/f6f943a7ae0da83f2206a378fddda5b7f8b58f and /home/dag/vlasisku.ru/.git/objects/c7/f6f943a7ae0da83f2206a378fddda5b7f8b58f, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/8f/40cca30cbde939f951661256a7629c3ce4c250 and /home/dag/vlasisku.ru/.git/objects/8f/40cca30cbde939f951661256a7629c3ce4c250, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/d9/6bbd00cc297443a92d0c8c2425da9a69b6792e and /home/dag/vlasisku.ru/.git/objects/d9/6bbd00cc297443a92d0c8c2425da9a69b6792e, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/b3/c5c3af63f844cd6d350ae5e01518805de1f564 and /home/dag/vlasisku.ru/.git/objects/b3/c5c3af63f844cd6d350ae5e01518805de1f564, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/b3/c9f02a2761f8f88ffe050a3770aa266c9fd08a and /home/dag/vlasisku.ru/.git/objects/b3/c9f02a2761f8f88ffe050a3770aa266c9fd08a, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/3a/38a0fea69435b0e595d6f1e825bf48b88da350 and /home/dag/vlasisku.ru/.git/objects/3a/38a0fea69435b0e595d6f1e825bf48b88da350, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/3e/1bdbd12d3f33f541c59f86d4f7283867e5e352 and /home/dag/vlasisku.ru/.git/objects/3e/1bdbd12d3f33f541c59f86d4f7283867e5e352, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/05/18ba2cbd3b325823c8474abd630ea50b392fa1 and /home/dag/vlasisku.ru/.git/objects/05/18ba2cbd3b325823c8474abd630ea50b392fa1, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/49/1d97a3e4c5d564e2532df5cc2b1061ce8e62c4 and /home/dag/vlasisku.ru/.git/objects/49/1d97a3e4c5d564e2532df5cc2b1061ce8e62c4, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/3d/cce5cb4657bef092815a5cbad0e1b838c857f4 and /home/dag/vlasisku.ru/.git/objects/3d/cce5cb4657bef092815a5cbad0e1b838c857f4, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/5b/0733f9b6a6980a4577c50c98092ef4f77d4482 and /home/dag/vlasisku.ru/.git/objects/5b/0733f9b6a6980a4577c50c98092ef4f77d4482, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/23/3df111e6ceb710b2518b37d4555cd67335ae0b and /home/dag/vlasisku.ru/.git/objects/23/3df111e6ceb710b2518b37d4555cd67335ae0b, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/9b/ee5da207c654b5989f04f994e1a3ab335b2eae and /home/dag/vlasisku.ru/.git/objects/9b/ee5da207c654b5989f04f994e1a3ab335b2eae, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/fe/6fe7575c523f0a132927df5ad77b4eb7bce169 and /home/dag/vlasisku.ru/.git/objects/fe/6fe7575c523f0a132927df5ad77b4eb7bce169, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/5f/2c0447afe00db558068296afe8770aa88a31cd and /home/dag/vlasisku.ru/.git/objects/5f/2c0447afe00db558068296afe8770aa88a31cd, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/f1/dcd3ff2fae81affc0d3060770f62efe2827cd9 and /home/dag/vlasisku.ru/.git/objects/f1/dcd3ff2fae81affc0d3060770f62efe2827cd9, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/6e/3ea6604e705adffc9d41eecaf418f1a34df90a and /home/dag/vlasisku.ru/.git/objects/6e/3ea6604e705adffc9d41eecaf418f1a34df90a, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/50/c650567fc776834e8ba80ea6bf848930f7955b and /home/dag/vlasisku.ru/.git/objects/50/c650567fc776834e8ba80ea6bf848930f7955b, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/18/99af1cc64d16ca3d11cbdb6ce17c3dcfd2fe9d and /home/dag/vlasisku.ru/.git/objects/18/99af1cc64d16ca3d11cbdb6ce17c3dcfd2fe9d, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/18/b34fcc298063e9bb6d9e70d265112b83c6acf7 and /home/dag/vlasisku.ru/.git/objects/18/b34fcc298063e9bb6d9e70d265112b83c6acf7, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/9e/e675af16c2fef9c4cedf9da0803524b8310287 and /home/dag/vlasisku.ru/.git/objects/9e/e675af16c2fef9c4cedf9da0803524b8310287, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/04/1274b06240329e99190d8a7eddc248fb53fe5e and /home/dag/vlasisku.ru/.git/objects/04/1274b06240329e99190d8a7eddc248fb53fe5e, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/86/322ae995e686d3c69e9ca5075cd3b38305aa64 and /home/dag/vlasisku.ru/.git/objects/86/322ae995e686d3c69e9ca5075cd3b38305aa64, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/86/3f21b9b1ea0d47e3a38005fa6b31cc87e4c607 and /home/dag/vlasisku.ru/.git/objects/86/3f21b9b1ea0d47e3a38005fa6b31cc87e4c607, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/24/033e5ec396254491c6c7edbcd883d4e0255d31 and /home/dag/vlasisku.ru/.git/objects/24/033e5ec396254491c6c7edbcd883d4e0255d31, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/b9/69360c58416e3e3df2bf150f5df5c54c050a93 and /home/dag/vlasisku.ru/.git/objects/b9/69360c58416e3e3df2bf150f5df5c54c050a93, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/a7/627c1c1254a808950df2367b14f33db47d7092 and /home/dag/vlasisku.ru/.git/objects/a7/627c1c1254a808950df2367b14f33db47d7092, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/a4/10f430ab62d7747482d588e008faf640bfa605 and /home/dag/vlasisku.ru/.git/objects/a4/10f430ab62d7747482d588e008faf640bfa605, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/0d/d6c2b46beb7aa89c3fd04bdfc73943677eb1b0 and /home/dag/vlasisku.ru/.git/objects/0d/d6c2b46beb7aa89c3fd04bdfc73943677eb1b0, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/37/2026c6a03260c9546123cbebb25e3d251257a9 and /home/dag/vlasisku.ru/.git/objects/37/2026c6a03260c9546123cbebb25e3d251257a9, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/61/f24f0be108354fc983f2111c9ae77e06f327ca and /home/dag/vlasisku.ru/.git/objects/61/f24f0be108354fc983f2111c9ae77e06f327ca, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/61/c02c0677b61e02b55f664c118d0b9e108d5652 and /home/dag/vlasisku.ru/.git/objects/61/c02c0677b61e02b55f664c118d0b9e108d5652, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/pack/pack-0c134b9a801d4cb76fe479f156e4d71a5683b4c7.pack and /home/dag/vlasisku.ru/.git/objects/pack/pack-0c134b9a801d4cb76fe479f156e4d71a5683b4c7.pack, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/pack/pack-0c134b9a801d4cb76fe479f156e4d71a5683b4c7.idx and /home/dag/vlasisku.ru/.git/objects/pack/pack-0c134b9a801d4cb76fe479f156e4d71a5683b4c7.idx, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/4c/c62fac523553a347cf3d5c94664049b69cb801 and /home/dag/vlasisku.ru/.git/objects/4c/c62fac523553a347cf3d5c94664049b69cb801, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/b2/b3813fc30ece84d08c7b6009a13436b5fbc41d and /home/dag/vlasisku.ru/.git/objects/b2/b3813fc30ece84d08c7b6009a13436b5fbc41d, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/45/63b8a708cc84a3bae43c6c351769ca16969bc7 and /home/dag/vlasisku.ru/.git/objects/45/63b8a708cc84a3bae43c6c351769ca16969bc7, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/45/8cb3752861ebf9321ca0d4812bfceee89cb6f7 and /home/dag/vlasisku.ru/.git/objects/45/8cb3752861ebf9321ca0d4812bfceee89cb6f7, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/45/95f4699946cc56027bb772e245d6563c95700e and /home/dag/vlasisku.ru/.git/objects/45/95f4699946cc56027bb772e245d6563c95700e, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/1d/f1a6362500d3e08247b7c2da3f0752b1d735ca and /home/dag/vlasisku.ru/.git/objects/1d/f1a6362500d3e08247b7c2da3f0752b1d735ca, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/0c/ee2065484c9070ebd605dfea6ebbf015eafc4c and /home/dag/vlasisku.ru/.git/objects/0c/ee2065484c9070ebd605dfea6ebbf015eafc4c, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/0c/8c77cbb0a39dbda122b089f6faab9cdea92b3a and /home/dag/vlasisku.ru/.git/objects/0c/8c77cbb0a39dbda122b089f6faab9cdea92b3a, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/43/bc62e30f9c5109abd0e8aa5c357aa17b70f3b3 and /home/dag/vlasisku.ru/.git/objects/43/bc62e30f9c5109abd0e8aa5c357aa17b70f3b3, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/43/308f8c28a42cd87bbe2845acba4968145ba652 and /home/dag/vlasisku.ru/.git/objects/43/308f8c28a42cd87bbe2845acba4968145ba652, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/2c/c0eff56638142e38892b957e43de1d87bd2e99 and /home/dag/vlasisku.ru/.git/objects/2c/c0eff56638142e38892b957e43de1d87bd2e99, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/2c/795c48bab05f5200ea2a9e800120843af2de27 and /home/dag/vlasisku.ru/.git/objects/2c/795c48bab05f5200ea2a9e800120843af2de27, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/8a/56d4fd4b06824c169ba3bd38396482f6f7fdb0 and /home/dag/vlasisku.ru/.git/objects/8a/56d4fd4b06824c169ba3bd38396482f6f7fdb0, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/df/dc2cbbde0f1be31e5d62b00521fc7fc9efdd9c and /home/dag/vlasisku.ru/.git/objects/df/dc2cbbde0f1be31e5d62b00521fc7fc9efdd9c, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/5a/f2d39980407ae2c95435120278b279aa325e66 and /home/dag/vlasisku.ru/.git/objects/5a/f2d39980407ae2c95435120278b279aa325e66, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/5a/f57effc9a227582506f70c9d43b14dbce58aa7 and /home/dag/vlasisku.ru/.git/objects/5a/f57effc9a227582506f70c9d43b14dbce58aa7, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/5a/31b210d39b1af71cf28573414723850fdefb18 and /home/dag/vlasisku.ru/.git/objects/5a/31b210d39b1af71cf28573414723850fdefb18, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/51/5ea1bba835f292c4abcea35d109ca9ed369de4 and /home/dag/vlasisku.ru/.git/objects/51/5ea1bba835f292c4abcea35d109ca9ed369de4, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/b0/8e3d69f83fd43c2c2f7a1b4adb17562bab8adf and /home/dag/vlasisku.ru/.git/objects/b0/8e3d69f83fd43c2c2f7a1b4adb17562bab8adf, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/58/8f648647772ed9e833117c2a4e68bce09fdd9a and /home/dag/vlasisku.ru/.git/objects/58/8f648647772ed9e833117c2a4e68bce09fdd9a, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/8b/b8780bd241d6cb152e31dadb89f9c205a056b5 and /home/dag/vlasisku.ru/.git/objects/8b/b8780bd241d6cb152e31dadb89f9c205a056b5, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/a8/57a317d546558b09c965fceb0ab795c5934237 and /home/dag/vlasisku.ru/.git/objects/a8/57a317d546558b09c965fceb0ab795c5934237, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/0b/81c6ca339dcacfedb9fe8e8b7d2ebd75d7d568 and /home/dag/vlasisku.ru/.git/objects/0b/81c6ca339dcacfedb9fe8e8b7d2ebd75d7d568, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/f0/fec6a9646cdf48072ebf49ab177717b473f2dc and /home/dag/vlasisku.ru/.git/objects/f0/fec6a9646cdf48072ebf49ab177717b473f2dc, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/64/ae52a7027ab1638ac4d37aa12e232b7823400b and /home/dag/vlasisku.ru/.git/objects/64/ae52a7027ab1638ac4d37aa12e232b7823400b, using staff_u:object_r:user_home_t:s0. filespec_add: conflicting specifications for /home/dag/.local/share/Trash/files/vlasisku.old.jbo/.git/objects/2e/50f3997e921a1caa6e9e9e00b8dad772e37803 and /home/dag/vlasisku.ru/.git/objects/2e/50f3997e921a1caa6e9e9e00b8dad772e37803, using staff_u:object_r:user_home_t:s0. [ 588.981041] audit: type=1400 audit(1477247667.118:113): avc: denied { wake_alarm } for pid=337 comm="systemd-udevd" capability=35 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability2 permissive=0 [ 588.988347] audit: type=1300 audit(1477247667.118:113): arch=c000003e syscall=286 success=yes exit=0 a0=c a1=1 a2=7ffc122478c0 a3=0 items=0 ppid=1 pid=337 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-udevd" exe="/usr/lib/systemd/systemd-udevd" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null) [ 588.998441] audit: type=1327 audit(1477247667.118:113): proctitle="/usr/lib/systemd/systemd-udevd" /sbin/setfiles: unable to read directory /home/lost+found/#1584103 [ 708.936896] audit: type=1400 audit(1477247787.073:114): avc: denied { wake_alarm } for pid=337 comm="systemd-udevd" capability=35 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability2 permissive=0 [ 708.950075] audit: type=1300 audit(1477247787.073:114): arch=c000003e syscall=286 success=yes exit=0 a0=c a1=1 a2=7ffc122478c0 a3=0 items=0 ppid=1 pid=337 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-udevd" exe="/usr/lib/systemd/systemd-udevd" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null) [ 708.963125] audit: type=1327 audit(1477247787.073:114): proctitle="/usr/lib/systemd/systemd-udevd" [ 744.561228] audit: type=2309 audit(1477247822.698:115): pid=1020 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:setfiles_t:s0 msg='op=mass relabel exe="/usr/sbin/setfiles" hostname=? addr=? terminal=console res=success' [ 746.457744] audit: type=1400 audit(1477247824.594:116): avc: denied { read } for pid=1039 comm="find" name="tmp.yCPDse2iDR" dev="vda2" ino=493064 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:container_runtime_tmp_t:s0 tclass=dir permissive=0 [ 746.471723] audit: type=1300 audit(1477247824.594:116): arch=c000003e syscall=257 success=no exit=-13 a0=5 a1=5633f2400348 a2=30900 a3=0 items=0 ppid=454 pid=1039 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:init_t:s0 key=(null) [ 746.483783] audit: type=1327 audit(1477247824.594:116): proctitle=66696E64002F746D700028002D636F6E74657874002A3A756E6C6162656C65645F742A002D6F002D636F6E74657874002A3A756E6C6162656C65645F742A00290028002D747970650073002D6F002D7479706500700029002D64656C657465 [ 746.496915] audit: type=1400 audit(1477247824.633:117): avc: denied { read } for pid=1039 comm="find" name="ssh-TBH1ascuZBgv" dev="vda2" ino=386206 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:ssh_agent_tmp_t:s0 tclass=dir permissive=0 [ 746.507522] audit: type=1300 audit(1477247824.633:117): arch=c000003e syscall=257 success=no exit=-13 a0=5 a1=5633f24016e8 a2=30900 a3=0 items=0 ppid=454 pid=1039 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:init_t:s0 key=(null) [ 746.519516] audit: type=1327 audit(1477247824.633:117): proctitle=66696E64002F746D700028002D636F6E74657874002A3A756E6C6162656C65645F742A002D6F002D636F6E74657874002A3A756E6C6162656C65645F742A00290028002D747970650073002D6F002D7479706500700029002D64656C657465 [ 748.018698] audit: type=1400 audit(1477247826.155:118): avc: denied { read } for pid=1039 comm="find" name="ssh-FWAzsgI95yDm" dev="vda2" ino=528549 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:ssh_agent_tmp_t:s0 tclass=dir permissive=0 [ 748.029802] audit: type=1300 audit(1477247826.155:118): arch=c000003e syscall=257 success=no exit=-13 a0=5 a1=5633f2412858 a2=30900 a3=0 items=0 ppid=454 pid=1039 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:init_t:s0 key=(null) [ 748.041834] audit: type=1327 audit(1477247826.155:118): proctitle=66696E64002F746D700028002D636F6E74657874002A3A756E6C6162656C65645F742A002D6F002D636F6E74657874002A3A756E6C6162656C65645F742A00290028002D747970650073002D6F002D7479706500700029002D64656C657465 [ 750.565159] audit_printk_skb: 18 callbacks suppressed [ 750.568929] audit: type=1400 audit(1477247828.702:121): avc: denied { read } for pid=1039 comm="find" name="tmp.dJzLvcOalL" dev="vda2" ino=385641 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:container_runtime_tmp_t:s0 tclass=dir permissive=0 [ 750.581061] audit: type=1300 audit(1477247828.702:121): arch=c000003e syscall=257 success=no exit=-13 a0=6 a1=5633f242ec58 a2=30900 a3=0 items=0 ppid=454 pid=1039 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:init_t:s0 key=(null) [ 750.593276] audit: type=1327 audit(1477247828.702:121): proctitle=66696E64002F746D700028002D636F6E74657874002A3A756E6C6162656C65645F742A002D6F002D636F6E74657874002A3A756E6C6162656C65645F742A00290028002D747970650073002D6F002D7479706500700029002D64656C657465 [ 750.619277] audit: type=1400 audit(1477247828.756:122): avc: denied { read } for pid=1039 comm="find" name=".font-unix" dev="vda2" ino=276817 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:user_fonts_t:s0 tclass=dir permissive=0 [ 750.626851] audit: type=1300 audit(1477247828.756:122): arch=c000003e syscall=257 success=no exit=-13 a0=6 a1=5633f24308c8 a2=30900 a3=0 items=0 ppid=454 pid=1039 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:init_t:s0 key=(null) [ 750.636833] audit: type=1327 audit(1477247828.756:122): proctitle=66696E64002F746D700028002D636F6E74657874002A3A756E6C6162656C65645F742A002D6F002D636F6E74657874002A3A756E6C6162656C65645F742A00290028002D747970650073002D6F002D7479706500700029002D64656C657465 [ 752.062928] audit: type=1400 audit(1477247830.199:123): avc: denied { read } for pid=1039 comm="find" name="ssh-O5XwsqVtF1jO" dev="vda2" ino=386146 scontext=system_u:system_r:init_t:s0 tcontext=staff_u:object_r:ssh_agent_tmp_t:s0 tclass=dir permissive=0 [ 752.075475] audit: type=1300 audit(1477247830.199:123): arch=c000003e syscall=257 success=no exit=-13 a0=5 a1=5633f24391c8 a2=30900 a3=0 items=0 ppid=454 pid=1039 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:init_t:s0 key=(null) [ 752.086363] audit: type=1327 audit(1477247830.199:123): proctitle=66696E64002F746D700028002D636F6E74657874002A3A756E6C6162656C65645F742A002D6F002D636F6E74657874002A3A756E6C6162656C65645F742A00290028002D747970650073002D6F002D7479706500700029002D64656C657465 [ 752.608147] audit: type=1400 audit(1477247830.745:124): avc: denied { read } for pid=1040 comm="find" name="tmp.yCPDse2iDR" dev="vda2" ino=493064 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:container_runtime_tmp_t:s0 tclass=dir permissive=0 rm: cannot remove '/.autorelabel': Permission denied [ 755.517504] systemd-shutdown[1]: Sending SIGTERM to remaining processes... [ 755.572824] systemd-journald[305]: Received SIGTERM from PID 1 (systemd-shutdow). [ 755.578703] audit_printk_skb: 303 callbacks suppressed [ 755.581774] audit: type=1400 audit(1477247833.715:158): avc: denied { wake_alarm } for pid=337 comm="systemd-udevd" capability=35 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=capability2 permissive=0 [ 755.590710] audit: type=1300 audit(1477247833.715:158): arch=c000003e syscall=286 success=yes exit=0 a0=d a1=1 a2=7ffc12247a30 a3=0 items=0 ppid=1 pid=337 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="systemd-udevd" exe="/usr/lib/systemd/systemd-udevd" subj=system_u:system_r:udev_t:s0-s0:c0.c1023 key=(null) [ 755.602559] audit: type=1327 audit(1477247833.715:158): proctitle="/usr/lib/systemd/systemd-udevd" [ 755.926887] systemd-shutdown[1]: Sending SIGKILL to remaining processes... [ 755.935769] systemd-shutdown[1]: Process 212 (plymouthd) has been marked to be excluded from killing. It is running from the root file system, and thus likely to block re-mounting of the root file system to read-only. Please consider moving it into an initrd file system instead. [ 755.951252] systemd-shutdown[1]: Unmounting file systems. [ 755.954804] systemd-shutdown[1]: Remounting '/boot' read-only with options 'seclabel,data=ordered'. [ 755.998048] EXT4-fs (vda1): re-mounted. Opts: data=ordered [ 756.001721] systemd-shutdown[1]: Unmounting /boot. [ 756.014576] systemd-shutdown[1]: Remounting '/home' read-only with options 'seclabel,data=ordered'. [ 759.511391] EXT4-fs (vdd1): re-mounted. Opts: data=ordered [ 760.171535] systemd-shutdown[1]: Unmounting /home. [ 767.377311] systemd-shutdown[1]: Remounting '/var/lib/docker' read-only with options 'seclabel,data=ordered'. [ 767.545311] EXT4-fs (dm-0): re-mounted. Opts: data=ordered [ 767.575973] systemd-shutdown[1]: Unmounting /var/lib/docker. [ 767.814297] systemd-shutdown[1]: Remounting '/srv' read-only with options 'seclabel,data=ordered'. [ 767.922274] EXT4-fs (vdb1): re-mounted. Opts: data=ordered [ 767.924695] systemd-shutdown[1]: Unmounting /srv. [ 768.006201] systemd-shutdown[1]: Remounting '/' read-only with options 'seclabel,data=ordered'. [ 768.047519] systemd-shutdown[1]: Remounting '/' read-only with options 'seclabel,data=ordered'. [ 768.050118] systemd-shutdown[1]: Remounting '/' read-only with options 'seclabel,data=ordered'. [ 768.053212] systemd-shutdown[1]: All filesystems unmounted. [ 768.055541] systemd-shutdown[1]: Deactivating swaps. [ 768.058134] systemd-shutdown[1]: Deactivating swap /dev/vdc1. [ 769.884575] Unregister pv shared memory for cpu 2 [ 769.884576] Unregister pv shared memory for cpu 1 [ 769.884583] Unregister pv shared memory for cpu 3 [ 769.897592] Unregister pv shared memory for cpu 0 [ 769.905019] reboot: Restarting system [ 769.908277] reboot: machine restart

6 years, 11 months

1
0
0 / 0

Revisiting an issue: changing the log level of audit

by mark

We have a new CentOS 7 server, and it's flooding our logs with completely useless, as far as we're concerned, success messages. Is there *any* way, short of filtering the logging itself, to set it to only log WARN or above error messages, not the INFO level, as it would be referred to with most other software? mark

6 years, 11 months

1
0
0 / 0

Transitioning out of a confined user domain

by Mark Montague

I'm using Fedora 23 with confined users: [root@earth ~]# semanage user -l | egrep '^(SELinux|staff_u)' SELinux User Prefix MCS Level MCS Range SELinux Roles staff_u user s0 s0-s0:c0.c1023 staff_r system_r unconfined_r I'd like to allow this user to start a process running as themselves under a targeted policy, nodejswebserver_t, but when I try to run the executable, I get "Permission denied": [markmont@earth ~]$ id -Z staff_u:staff_r:staff_t:s0 [markmont@earth ~]$ ls -lZ /sw/sbin/node -rwxr-xr-x. 1 markmont markmont system_u:object_r:nodejswebserver_exec_t:s0 29949360 Oct 4 16:39 /sw/sbin/node [markmont@earth ~]$ /sw/sbin/node -bash: /sw/sbin/node: Permission denied [markmont@earth ~]$ The following denials appear in the audit log: 2016-10-12 18:05:29 type=AVC msg=audit(1476295529.526:48313): avc: denied { transition } for pid=1034 comm="bash" path="/sw/sbin/node" dev="dm-0" ino=294783 scontext=staff_u:staff_r:staff_t:s0 tcontext=staff_u:system_r:nodejswebserver_t:s0 tclass=process permissive=0 2016-10-12 18:05:29 type=PATH msg=audit(1476295529.526:48313): item=0 name="/sw/sbin/node" inode=294783 dev=fc:00 mode=0100755 ouid=1000 ogid=1000 rdev=00:00 obj=system_u:object_r:nodejswebserver_exec_t:s0 nametype=NORMAL audit2allow suggests the following: allow staff_t nodejswebserver_t:process transition; ...but this is already in my local policy: domain_system_change_exemption(staff_t); domtrans_pattern(staff_t, nodejswebserver_exec_t, nodejswebserver_t); type_transition staff_t nodejswebserver_exec_t:process nodejswebserver_t; role_transition staff_r nodejswebserver_exec_t system_r; allow staff_t nodejswebserver_t:process transition; allow staff_t nodejswebserver_t:process { noatsecure rlimitinh siginh }; I feel like I'm overlooking something fundamental regarding transitioning out of a confined user domain to another domain. Any ideas? -- Mark Montague mark(a)catseye.org

6 years, 11 months

3
4
0 / 0

Help finding typical requests (queries) to SELinux policy

by kambiz kambiz

Hi , I would like to ask helping me forming two specific requests to SELinux policy. I am researching on SELinux and need to find typical requests (Queries) with different decisions from SELinux policy that have following property: -- Two real-world sample requests that one of them just include more information that the other and will result in different decisions? (Example: R1: X --> Grant , R2: X+Y --> Deny) Thank you,

6 years, 12 months

2
1
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux October 2016