-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dan Thurman wrote:
> Again, more issues. Suggested fix?
> ============================
> Summary:
>
> SELinux is preventing gam_server (gamin_t) "dac_override" to
<Unknown>
> (gamin_t).
>
> Detailed Description:
>
> SELinux denied access requested by gam_server. It is not expected that this
> access is required by gam_server and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context system_u:system_r:gamin_t:s0
> Target Context system_u:system_r:gamin_t:s0
> Target Objects None [ capability ]
> Source gam_server
> Source Path /usr/libexec/gam_server
> Port <Unknown>
> Host
bronze.cdkkt.com
> Source RPM Packages gamin-0.1.9-5.fc9
> Target RPM Packages Policy RPM
> selinux-policy-3.3.1-74.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name
bronze.cdkkt.com
> Platform Linux
bronze.cdkkt.com
> 2.6.25.9-76.fc9.i686 #1 SMP
> Fri Jun 27 16:14:35 EDT 2008 i686 i686
> Alert Count 20
> First Seen Thu 10 Jul 2008 10:35:43 AM PDT
> Last Seen Thu 10 Jul 2008 11:11:40 AM PDT
> Local ID 5eb1bf77-5c10-4071-9892-bac42ca11adb
> Line Numbers
> Raw Audit Messages
>
host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc:
> denied { dac_override } for pid=11637 comm="gam_server" capability=1
> scontext=system_u:system_r:gamin_t:s0
> tcontext=system_u:system_r:gamin_t:s0 tclass=capability
>
>
host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc:
> denied { dac_read_search } for pid=11637 comm="gam_server"
> capability=2 scontext=system_u:system_r:gamin_t:s0
> tcontext=system_u:system_r:gamin_t:s0 tclass=capability
>
>
host=bronze.cdkkt.com type=SYSCALL msg=audit(1215713500.169:272):
> arch=40000003 syscall=33 success=no exit=-13 a0=96ca580 a1=0 a2=4b9264
> a3=10 items=0 ppid=1 pid=11637 auid=4294967295 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
> comm="gam_server" exe="/usr/libexec/gam_server"
> subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
This is a bad domain and will be fixed in the next update. For now it
is probably best to just relabel the gamin_exec_t to bin_t and stop the
transition.
After updating today I'm seeing thousands of these, to the extent that I
had to stop the setroubleshoot service:
Source RPM Packages gamin-0.1.9-5.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-78.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
2.6.25.10-86.fc9.x86_64 #1 SMP Mon Jul 7
20:23:46
EDT 2008 x86_64 x86_64
Alert Count 2565
First Seen Mon 21 Jul 2008 12:32:35 BST
Last Seen Mon 21 Jul 2008 12:38:10 BST
Local ID 6ec7acfe-2373-4bb0-b598-ed8c37265ac9
Line Numbers
Raw Audit Messages
type=AVC msg=audit(1216640290.738:969906): avc: denied { read } for
pid=3319 comm="gam_server" path="inotify" dev=inotifyfs ino=1
scontext=system_u:object_r:unlabeled_t:s0
tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1216640290.738:969906): arch=c000003e syscall=0
success=no exit=-13 a0=3 a1=23d9210 a2=400 a3=0 items=0 ppid=1 pid=3319
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="gam_server"
exe="/usr/libexec/gam_server" subj=system_u:object_r:unlabeled_t:s0
key=(null)