After updating my system to todays rawhide I see alot selinux related messages. I am running selinux-policy-targeted-1.27.1-21. I see these messages during boot and shutdown. I did a touch /autorelabel and reboot to see if things got better but they remained the same. The first and third messages (hwclock and fsck) have me concerned the most. Here are the messages:
Oct 20 15:52:47 pcjason kernel: audit(1129823524.869:2): avc: denied { use } for pid=417 comm="hwclock" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:hwclock_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:50 pcjason kernel: audit(1129841541.911:3): avc: denied { read } for pid=1164 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841544.332:4): avc: denied { use } for pid=1204 comm="fsck" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841544.660:5): avc: denied { read } for pid=1214 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841544.948:6): avc: denied { read } for pid=1215 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841546.084:7): avc: denied { read } for pid=1257 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841546.456:8): avc: denied { read } for pid=1262 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841546.772:9): avc: denied { use } for pid=1263 comm="swapon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841551.160:10): avc: denied { read } for pid=1439 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.228:11): avc: denied { read } for pid=1441 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.256:12): avc: denied { read } for pid=1443 comm="iwconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.320:13): avc: denied { read } for pid=1445 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.360:14): avc: denied { read } for pid=1448 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.388:15): avc: denied { use } for pid=1449 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841551.392:16): avc: denied { read } for pid=1450 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.424:17): avc: denied { use } for pid=1452 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841551.436:18): avc: denied { read } for pid=1456 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.444:19): avc: denied { read } for pid=1458 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.584:20): avc: denied { read } for pid=1470 comm="ifconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.816:21): avc: denied { read } for pid=1508 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.828:22): avc: denied { read } for pid=1511 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.844:23): avc: denied { read } for pid=1514 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.856:24): avc: denied { read } for pid=1516 comm="iwconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.868:25): avc: denied { read } for pid=1518 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.884:26): avc: denied { read } for pid=1521 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841551.892:27): avc: denied { use } for pid=1522 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841553.480:28): avc: denied { use } for pid=1523 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:51 pcjason kernel: audit(1129841555.920:29): avc: denied { read } for pid=1524 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841555.932:30): avc: denied { read } for pid=1526 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:51 pcjason kernel: audit(1129841555.936:31): avc: denied { use } for pid=1527 comm="arping" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:52 pcjason kernel: audit(1129841555.960:32): avc: denied { read } for pid=1532 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:52 pcjason kernel: audit(1129841555.968:33): avc: denied { read } for pid=1533 comm="ethtool" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:52 pcjason kernel: audit(1129841555.976:34): avc: denied { read } for pid=1535 comm="ip" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:52 pcjason kernel: audit(1129841556.048:35): avc: denied { read } for pid=1546 comm="ifconfig" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Oct 20 15:52:52 pcjason kernel: audit(1129841556.308:36): avc: denied { use } for pid=1563 comm="syslogd" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:syslogd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:52 pcjason kernel: audit(1129841556.444:37): avc: denied { use } for pid=1566 comm="klogd" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:klogd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:52 pcjason kernel: audit(1129841556.748:38): avc: denied { use } for pid=1583 comm="portmap" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:portmap_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:52 pcjason kernel: audit(1129841557.492:39): avc: denied { use } for pid=1592 comm="auditd" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:auditd_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Thanks, Jason
On Thu, 2005-10-20 at 16:19 -0500, Jason Dravet wrote:
After updating my system to todays rawhide I see alot selinux related messages. I am running selinux-policy-targeted-1.27.1-21. I see these messages during boot and shutdown. I did a touch /autorelabel and reboot to see if things got better but they remained the same. The first and third messages (hwclock and fsck) have me concerned the most. Here are the messages:
Oct 20 15:52:47 pcjason kernel: audit(1129823524.869:2): avc: denied { use } for pid=417 comm="hwclock" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:hwclock_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:50 pcjason kernel: audit(1129841541.911:3): avc: denied { read } for pid=1164 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
This means that the kernel (or early userspace prior to initial policy load) is leaking a descriptor to that device to all descendants. SELinux is then correctly denying access to the descriptor and device and closing it on each domain transition. Someone needs to track down the offending entity that is leaking the descriptor and fix it. In the absence of SELinux, this kind of bug would likely never be noticed (unless some program tried using the inherited descriptor for some reason).
From: Stephen Smalley sds@tycho.nsa.gov To: Jason Dravet dravet@hotmail.com CC: James Morris jmorris@namei.org, fedora-selinux-list@redhat.com Subject: Re: alot of selinux messages after todays rawhide update Date: Fri, 21 Oct 2005 07:56:34 -0400
On Thu, 2005-10-20 at 16:19 -0500, Jason Dravet wrote:
After updating my system to todays rawhide I see alot selinux related messages. I am running selinux-policy-targeted-1.27.1-21. I see these messages during boot and shutdown. I did a touch /autorelabel and
reboot to
see if things got better but they remained the same. The first and
third
messages (hwclock and fsck) have me concerned the most. Here are the messages:
Oct 20 15:52:47 pcjason kernel: audit(1129823524.869:2): avc: denied {
use
} for pid=417 comm="hwclock" name="VolGroup00-LogVol01" dev=tmpfs
ino=760
scontext=system_u:system_r:hwclock_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=fd
Oct 20 15:52:50 pcjason kernel: audit(1129841541.911:3): avc: denied { read } for pid=1164 comm="restorecon" name="VolGroup00-LogVol01"
dev=tmpfs
ino=760 scontext=system_u:system_r:restorecon_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
This means that the kernel (or early userspace prior to initial policy load) is leaking a descriptor to that device to all descendants. SELinux is then correctly denying access to the descriptor and device and closing it on each domain transition. Someone needs to track down the offending entity that is leaking the descriptor and fix it. In the absence of SELinux, this kind of bug would likely never be noticed (unless some program tried using the inherited descriptor for some reason).
-- Stephen Smalley National Security Agency
Thank you for the information. It was informative. How do you suggest one track down the offending process? Please keep in mind I am not a kernel programmer, but I would like to help if I can. Should I open a bugzilla entry? If so what package should these messages be reported too?
Thanks, Jason Dravet
On Fri, 2005-10-21 at 08:41 -0500, Jason Dravet wrote:
Thank you for the information. It was informative. How do you suggest one track down the offending process? Please keep in mind I am not a kernel programmer, but I would like to help if I can. Should I open a bugzilla entry? If so what package should these messages be reported too?
You could add a comment to https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165912 with your audit messages, kernel info, etc.
From: Stephen Smalley sds@tycho.nsa.gov To: Jason Dravet dravet@hotmail.com CC: jmorris@namei.org, fedora-selinux-list@redhat.com Subject: Re: alot of selinux messages after todays rawhide update Date: Fri, 21 Oct 2005 10:06:22 -0400
On Fri, 2005-10-21 at 08:41 -0500, Jason Dravet wrote:
Thank you for the information. It was informative. How do you suggest
one
track down the offending process? Please keep in mind I am not a kernel programmer, but I would like to help if I can. Should I open a bugzilla entry? If so what package should these messages be reported too?
You could add a comment to https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165912 with your audit messages, kernel info, etc.
-- Stephen Smalley National Security Agency
Thank you, I did add a comment and the audit messages.
Thanks again, Jason
selinux@lists.fedoraproject.org
-
Jason Dravet -
Stephen Smalley