Dear list(s),
currently running Rawhide and setroubleshoot browser
fires up with a denial
Summary
SELinux is preventing /usr/sbin/semodule
(semanage_t) "getattr" to /
(security_t).
Detailed Description
SELinux denied access requested by
/usr/sbin/semodule. It is not expected
that this access is required by /usr/sbin/semodule
and this access may
signal an intrusion attempt. It is also possible
that the specific version
or configuration of the application is causing it
to require additional
access.
Allowing Access
You can generate a local policy module to allow
this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you can disable
SELinux protection altogether. Disabling SELinux
protection is not
recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context
user_u:system_r:semanage_t
Target Context
system_u:object_r:security_t
Target Objects / [ filesystem ]
Affected RPM Packages
policycoreutils-2.0.2-3.fc7
[application]filesystem-2.4.2-1.fc7 [target]
Policy RPM
selinux-policy-2.5.4-1.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall
Host Name localhost
Platform Linux localhost
2.6.20-1.2949.fc7 #1 SMP Mon Feb
26 18:37:35 EST 2007
i686 athlon
Alert Count 1
First Seen Wed 04 Apr 2007 06:46:19
AM CDT
Last Seen Wed 04 Apr 2007 06:46:19
AM CDT
Local ID
32e2ac76-301c-4f3f-b971-e8b7da4fff73
Line Numbers
Raw Audit Messages
avc: denied { getattr } for comm="semodule"
dev=selinuxfs egid=0 euid=0
exe="/usr/sbin/semodule" exit=-13 fsgid=0 fsuid=0
gid=0 items=0 name="/"
pid=8883 scontext=user_u:system_r:semanage_t:s0 sgid=0
subj=user_u:system_r:semanage_t:s0 suid=0
tclass=filesystem
tcontext=system_u:object_r:security_t:s0 tty=pts1
uid=0
Summary
SELinux is preventing /usr/sbin/useradd
(useradd_t) "read write" to faillog
(var_log_t).
Detailed Description
SELinux denied access requested by
/usr/sbin/useradd. It is not expected
that this access is required by /usr/sbin/useradd
and this access may signal
an intrusion attempt. It is also possible that the
specific version or
configuration of the application is causing it to
require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux
denials. You could try to
restore the default system file context for
faillog, restorecon -v faillog
If this does not work, there is currently no
automatic way to allow this
access. Instead, you can generate a local policy
module to allow this
access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
Or you
can disable SELinux protection altogether.
Disabling SELinux protection is
not recommended. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context
user_u:system_r:useradd_t
Target Context
system_u:object_r:var_log_t
Target Objects faillog [ file ]
Affected RPM Packages
shadow-utils-4.0.18.1-13.fc7 [application]
Policy RPM
selinux-policy-2.5.12-5.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name localhost
Platform Linux localhost
2.6.20-1.3088.fc7 #1 SMP Wed Apr
18 15:12:44 EDT 2007
i686 athlon
Alert Count 1
First Seen Thu 19 Apr 2007 06:19:42
PM CDT
Last Seen Thu 19 Apr 2007 06:19:42
PM CDT
Local ID
2eacf14b-bf35-4d12-bb8e-13e35aeaaf6a
Line Numbers
Raw Audit Messages
avc: denied { read, write } for comm="useradd"
dev=dm-0 egid=0 euid=0
exe="/usr/sbin/useradd" exit=-13 fsgid=0 fsuid=0 gid=0
items=0 name="faillog"
pid=3370 scontext=user_u:system_r:useradd_t:s0 sgid=0
subj=user_u:system_r:useradd_t:s0 suid=0 tclass=file
tcontext=system_u:object_r:var_log_t:s0 tty=pts0 uid=0
Thanks for any help/suggestions on this.
Regards,
Antonio
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com