Running the latest packages from the development tree.
I configured mozilla to connect to privoxy (through the usual port 8118). All works OK until I try to 'add a URL pattern' to one of privoxy's config files through the browser. I get the following AVC (notice the blank space/empty fields):
Jun 21 14:20:30 dell kernel: audit(1087852830.344:0): avc: denied { write } for pid=13411 exe=/usr/sbin/privoxy
and a privoxy err page reporting the write error. Retrying after 'setenforce 0' produces the same AVC (but the 'write' succeeds).
Haven't seen an AVC like this before..... is this the expected behavior?
tom
On Tue, 22 Jun 2004 07:38, Tom London selinux@comcast.net wrote:
Jun 21 14:20:30 dell kernel: audit(1087852830.344:0): avc: denied { write } for pid=13411 exe=/usr/sbin/privoxy
http://www.redhat.com/archives/fedora-selinux-list/2004-June/msg00109.html
This looks similar to an issue I previously reported. Please check the message at the above URL and let us know if it's the same.
Yes. /var/log/messages looks pretty much the same. (sorry, I didn't realize that mail/list stuff would munge the white space). The white space looks very similar.
I can reproduce at will from privoxy or gnome-session (gaim, I think). Other AVCs look 'normal'.....
Let me know if you need more log data on this.
I'm running kernel-2.6.7-1.441 from Arjan's tree, and the latest pkgs from the development tree.
tom
Russell Coker wrote:
On Tue, 22 Jun 2004 07:38, Tom London selinux@comcast.net wrote:
Jun 21 14:20:30 dell kernel: audit(1087852830.344:0): avc: denied { write } for pid=13411 exe=/usr/sbin/privoxy
http://www.redhat.com/archives/fedora-selinux-list/2004-June/msg00109.html
This looks similar to an issue I previously reported. Please check the message at the above URL and let us know if it's the same.
On Mon, 2004-06-21 at 22:31, Russell Coker wrote:
On Tue, 22 Jun 2004 07:38, Tom London selinux@comcast.net wrote:
Jun 21 14:20:30 dell kernel: audit(1087852830.344:0): avc: denied { write } for pid=13411 exe=/usr/sbin/privoxy
http://www.redhat.com/archives/fedora-selinux-list/2004-June/msg00109.html
This looks similar to an issue I previously reported. Please check the message at the above URL and let us know if it's the same.
I also see such messages in my /var/log/messages, but do not know the cause. I've forward the mail to Rik Faith, who wrote the kernel audit framework; he may have a better idea as to what is happening. It would be interesting to revert to using printk for avc_audit and see whether the same error occurs.
I couldn't find a bugzilla on this to attach my log...
Is there one open?
tom
Stephen Smalley wrote:
On Mon, 2004-06-21 at 22:31, Russell Coker wrote:
On Tue, 22 Jun 2004 07:38, Tom London selinux@comcast.net wrote:
Jun 21 14:20:30 dell kernel: audit(1087852830.344:0): avc: denied { write } for pid=13411 exe=/usr/sbin/privoxy
http://www.redhat.com/archives/fedora-selinux-list/2004-June/msg00109.html
This looks similar to an issue I previously reported. Please check the message at the above URL and let us know if it's the same.
I also see such messages in my /var/log/messages, but do not know the cause. I've forward the mail to Rik Faith, who wrote the kernel audit framework; he may have a better idea as to what is happening. It would be interesting to revert to using printk for avc_audit and see whether the same error occurs.
On Tue, 2004-06-22 at 14:05, Tom London wrote:
I couldn't find a bugzilla on this to attach my log...
Is there one open?
Not AFAIK.
I've bugzilla'ed it here so it doesn't get lost: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126515
Interesting....the privoxy AVC now logs correctly, but I found older and newer ones in my log and logrotated logs. Seems to be pretty irregular. Sigh.
tom
Stephen Smalley wrote:
On Tue, 2004-06-22 at 14:05, Tom London wrote:
I couldn't find a bugzilla on this to attach my log...
Is there one open?
Not AFAIK.
selinux@lists.fedoraproject.org