On Thu, Apr 08, 2010 at 07:30:04PM +0100, Arthur Dent wrote:
On Thu, 2010-04-08 at 19:35 +0200, Dominick Grift wrote:
> On Thu, Apr 08, 2010 at 06:15:37PM +0100, Arthur Dent wrote:
> > On Thu, 2010-04-08 at 18:10 +0200, Dominick Grift wrote:
> >
> > > Alright lets try and wrap this up.
> >
> > [snipped lots of stuff to wrap things up]
> >
> > Well Dominick, I triggered a Mod-Sec alert nearly 20 minutes ago and so
> > far (touching wood here) there are no reported AVCs!
> >
Spoke too soon!...
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270750990.203:47741): avc: denied { signal } for
pid=10852 comm="httpd" scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:system_r:mlogc_t:s0 tclass=process
node=troodos.org.uk type=SYSCALL msg=audit(1270750990.203:47741): arch=40000003
syscall=37 success=yes exit=0 a0=ffffd59c a1=f a2=9b6ff4 a3=1 items=0 ppid=1 pid=10852
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
in mlogc.if:
#######################################
## <summary>
## Send a generic signal to MLOGC.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mlogc_signal',`
gen_require(`
type mlogc_t;
')
allow $1 mlogc_t:process signal;
')
in myapache.te:
mlogc_signal(httpd_t)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270750996.408:47742): avc: denied { destroy } for
pid=10884 comm="mlogc" key=0 scontext=unconfined_u:system_r:mlogc_t:s0
tcontext=unconfined_u:system_r:mlogc_t:s0 tclass=sem
node=troodos.org.uk type=SYSCALL msg=audit(1270750996.408:47742): arch=40000003
syscall=117 success=yes exit=0 a0=3 a1=698012 a2=0 a3=100 items=0 ppid=10852 pid=10884
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc"
subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
mlogc.te:
instead of rw_sem_perms use create_sem_perms.
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270751004.197:47743): avc: denied { read write }
for pid=14112 comm="mlogc" name="1" dev=devpts ino=4
scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=unconfined_u:object_r:user_devpts_t:s0
tclass=chr_file
node=troodos.org.uk type=SYSCALL msg=audit(1270751004.197:47743): arch=40000003
syscall=11 success=yes exit=0 a0=9dd3288 a1=9dd32b8 a2=9dd2900 a3=9dd32b8 items=0
ppid=14111 pid=14112 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts1 ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc"
subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
mlogc.te:
userdom_use_user_terminals(mlogc_t)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270751009.399:47744): avc: denied { create } for
pid=14112 comm="mlogc" key=0 scontext=unconfined_u:system_r:mlogc_t:s0
tcontext=unconfined_u:system_r:mlogc_t:s0 tclass=sem
node=troodos.org.uk type=SYSCALL msg=audit(1270751009.399:47744): arch=40000003
syscall=117 success=yes exit=7143448 a0=2 a1=0 a2=1 a3=380 items=0 ppid=1 pid=14112
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1
ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc"
subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
mlogc.te:
instead of rw_sem_perms use create_sem_perms.
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux