On Thu, 2010-04-08 at 00:20 +0200, Dominick Grift wrote:
Alright we are on the right track now. the mlogc process runs in its
own mlogc domain.
Now to add some more policy to mlogc.te
see comments below:
[snip]
I did this quickly off the top of my head, so might be some syntax
errors.
It is getting late and i am tired. I will respond to any emails tomorrow morning.
It's 11:30pm here... I really appreciate your help - Thanks!
we are on the right track.
Yes.
A half-dozen AVCs sinc that last update to policy:
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270679719.656:45083): avc: denied { create } for
pid=949 comm="httpd" name="20100407-2335"
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_log_t:s0
tclass=dir
node=troodos.org.uk type=SYSCALL msg=audit(1270679719.656:45083): arch=40000003 syscall=39
success=yes exit=0 a0=24e17a8 a1=1e8 a2=80a1e4 a3=24e1748 items=0 ppid=937 pid=949
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none)
ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270679719.705:45084): avc: denied { write } for
pid=949 comm="httpd" name="20100407-233519-S70IpVIrkOUAAAO1OuQAAAAF"
dev=sda5 ino=658634 scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_log_t:s0 tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1270679719.705:45084): arch=40000003 syscall=5
success=yes exit=19 a0=24e1748 a1=8241 a2=1a0 a3=836 items=0 ppid=937 pid=949
auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none)
ses=4294967295 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270679720.128:45085): avc: denied { name_connect }
for pid=1869 comm="mlogc" dest=8888 scontext=unconfined_u:system_r:mlogc_t:s0
tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
node=troodos.org.uk type=SYSCALL msg=audit(1270679720.128:45085): arch=40000003
syscall=102 success=no exit=-115 a0=3 a1=b62fa910 a2=4cb9a8 a3=0 items=0 ppid=937 pid=1869
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc"
subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270679720.298:45086): avc: denied { getattr } for
pid=1869 comm="mlogc" path="/var/run/pcscd.pub" dev=sda5 ino=362221
scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0
tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1270679720.298:45086): arch=40000003
syscall=195 success=yes exit=0 a0=1c85ab a1=b62f89ac a2=d1eff4 a3=3 items=0 ppid=937
pid=1869 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc"
subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270679720.301:45087): avc: denied { read } for
pid=1869 comm="mlogc" name="pcscd.pid" dev=sda5 ino=362220
scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0
tclass=file
node=troodos.org.uk type=AVC msg=audit(1270679720.301:45087): avc: denied { open } for
pid=1869 comm="mlogc" name="pcscd.pid" dev=sda5 ino=362220
scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0
tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1270679720.301:45087): arch=40000003 syscall=5
success=yes exit=13 a0=1c88ea a1=0 a2=1b6 a3=1c88e8 items=0 ppid=937 pid=1869
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc"
subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270679720.301:45087): avc: denied { read } for
pid=1869 comm="mlogc" name="pcscd.pid" dev=sda5 ino=362220
scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0
tclass=file
node=troodos.org.uk type=AVC msg=audit(1270679720.301:45087): avc: denied { open } for
pid=1869 comm="mlogc" name="pcscd.pid" dev=sda5 ino=362220
scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:pcscd_var_run_t:s0
tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1270679720.301:45087): arch=40000003 syscall=5
success=yes exit=13 a0=1c88ea a1=0 a2=1b6 a3=1c88e8 items=0 ppid=937 pid=1869
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc"
subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
And as I was copying the above, this one came in...
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1270680011.472:45102): avc: denied { dac_override }
for pid=952 comm="mlogc" capability=1 scontext=unconfined_u:system_r:mlogc_t:s0
tcontext=unconfined_u:system_r:mlogc_t:s0 tclass=capability
node=troodos.org.uk type=SYSCALL msg=audit(1270680011.472:45102): arch=40000003 syscall=5
success=yes exit=6 a0=b76fd170 a1=82c1 a2=1b6 a3=856 items=0 ppid=937 pid=952
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc"
subj=unconfined_u:system_r:mlogc_t:s0 key=(null)