denied avc's for hald, hpiod and mplayer plugin

Daniel J Walsh dwalsh at redhat.com
Thu Oct 19 14:10:23 UTC 2006 

Antonio Olivares wrote:
> SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
> SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
> audit(1161244617.541:4): avc:  denied  { name_bind } for  pid=2074 comm="hpiod" src=2208 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
> eth0: no IPv6 routers present
> audit(1161244622.801:5): avc:  denied  { search } for  pid=2232 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1161244622.801:6): avc:  denied  { search } for  pid=2232 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1161244622.801:7): avc:  denied  { search } for  pid=2232 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1161244622.801:8): avc:  denied  { search } for  pid=2232 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1161244622.801:9): avc:  denied  { search } for  pid=2232 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1161246948.355:10): avc:  denied  { execmem } for  pid=5945 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246948.355:11): avc:  denied  { execmem } for  pid=5945 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246948.391:12): avc:  denied  { execmem } for  pid=5945 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246948.391:13): avc:  denied  { execmem } for  pid=5945 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246948.403:14): avc:  denied  { execmem } for  pid=5945 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246948.403:15): avc:  denied  { execmem } for  pid=5945 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246948.415:16): avc:  denied  { execmem } for  pid=5945 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246948.415:17): avc:  denied  { execmem } for  pid=5945 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246981.941:18): avc:  denied  { execmem } for  pid=5950 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246981.941:19): avc:  denied  { execmem } for  pid=5950 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246981.941:20): avc:  denied  { execmem } for  pid=5950 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246981.941:21): avc:  denied  { execmem } for  pid=5950 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246981.941:22): avc:  denied  { execmem } for  pid=5950 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246981.941:23): avc:  denied  { execmem } for  pid=5950 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246981.941:24): avc:  denied  { execmem } for  pid=5950 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161246981.941:25): avc:  denied  { execmem } for  pid=5950 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247003.070:26): avc:  denied  { execmem } for  pid=5953 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247003.070:27): avc:  denied  { execmem } for  pid=5953 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247003.074:28): avc:  denied  { execmem } for  pid=5953 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247003.074:29): avc:  denied  { execmem } for  pid=5953 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247003.074:30): avc:  denied  { execmem } for  pid=5953 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247003.074:31): avc:  denied  { execmem } for  pid=5953 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247003.074:32): avc:  denied  { execmem } for  pid=5953 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247003.074:33): avc:  denied  { execmem } for  pid=5953 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247021.299:34): avc:  denied  { execmem } for  pid=5956 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247021.299:35): avc:  denied  { execmem } for  pid=5956 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247021.299:36): avc:  denied  { execmem } for  pid=5956 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247021.299:37): avc:  denied  { execmem } for  pid=5956 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247021.299:38): avc:  denied  { execmem } for  pid=5956 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247021.299:39): avc:  denied  { execmem } for  pid=5956 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247021.299:40): avc:  denied  { execmem } for  pid=5956 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> audit(1161247021.299:41): avc:  denied  { execmem } for  pid=5956 comm="mplayer" scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>
> I have tried audit2allow but returns the following 
>
> [olivares at localhost ~]$ grep avc /var/log/audit/audit.log | audit2allow -M local
> grep: /var/log/audit/audit.log: No such file or directory
> Generating type enforcment file: local.te
> /usr/bin/audit2allow: No AVC messages found.
>
> I have run yum update and it should have fixed the hald and hpiod but it has not.  
>
> as for the mplayer plugin, I installed from source code, and did not want to disable selinux just to install it.  I want to know how to enable it the hard way.  
>
> Thanks,
>
> Antonio 
>   
chcon -t unconfined_execmem_t MPLAYERBINARY

Where is the MPLAYERBINARY installed?
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>

More information about the selinux mailing list