SELinux kerneloops and dhclient issues

Stephen Croll sdcroll at verizon.net
Sun Sep 7 22:10:52 UTC 2008 

Note: Originally posted to fedora-list.

The "setroubleshoot browser" is reporting the following issues on Fedora 9:

 SELinux is preventing kerneloops (kerneloops_t) "signal" to <Unknown> 
(kerneloops_t).
 SELinux is preventing dhclient (dhcpc_t) "read write" to socket 
(unconfined_t).

The first issue occurred on boot, but no longer seems to be happening.  
The second
issue occurs when I bring up eth0.

Should I file a bug report, or might there be something more sinister 
going on?

For reference, the complete reports are as follows:

Summary:

SELinux is preventing kerneloops (kerneloops_t) "signal" to <Unknown>
(kerneloops_t).

Detailed Description:

SELinux denied access requested by kerneloops. It is not expected that this
access is required by kerneloops and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration 
of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can 
disable
SELinux protection altogether. Disabling SELinux protection is not 
recommended.
Please file a bug report 
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:kerneloops_t:s0
Target Context                system_u:system_r:kerneloops_t:s0
Target Objects                None [ process ]
Source                        kerneloops
Source Path                   /usr/sbin/kerneloops
Port                          <Unknown>
Host                          gerbil
Source RPM Packages           kerneloops-0.11-1.fc9
Target RPM Packages            Policy RPM                    
selinux-policy-3.3.1-84.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     gerbil
Platform                      Linux gerbil 2.6.25.14-108.fc9.x86_64 #1 
SMP Mon
                             Aug 4 13:46:35 EDT 2008 x86_64 x86_64
Alert Count                   2
First Seen                    Sun 07 Sep 2008 03:21:55 AM CDT
Last Seen                     Sun 07 Sep 2008 03:21:55 AM CDT
Local ID                      fa4c1bd0-faf1-48ba-ba55-74285538ef90
Line Numbers                   Raw Audit Messages             
host=gerbil type=AVC msg=audit(1220775715.59:8): avc:  denied  { signal 
} for  pid=2363 comm="kerneloops" 
scontext=system_u:system_r:kerneloops_t:s0 
tcontext=system_u:system_r:kerneloops_t:s0 tclass=process

host=gerbil type=SYSCALL msg=audit(1220775715.59:8): arch=c000003e 
syscall=234 success=no exit=-13 a0=93b a1=93b a2=6 a3=8 items=0 ppid=1 
pid=2363 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 tty=(none) ses=4294967295 comm="kerneloops" 
exe="/usr/sbin/kerneloops" subj=system_u:system_r:kerneloops_t:s0 
key=(null)

-and-

Summary:

SELinux is preventing dhclient (dhcpc_t) "read write" to socket 
(unconfined_t).

Detailed Description:

SELinux denied access requested by dhclient. It is not expected that 
this access
is required by dhclient and this access may signal an intrusion attempt. 
It is
also possible that the specific version or configuration of the 
application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can 
disable
SELinux protection altogether. Disabling SELinux protection is not 
recommended.
Please file a bug report 
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023
Target Context                
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                             023
Target Objects                socket [ unix_stream_socket ]
Source                        dhclient
Source Path                   /sbin/dhclient
Port                          <Unknown>
Host                          gerbil
Source RPM Packages           dhclient-4.0.0-14.fc9
Target RPM Packages            Policy RPM                    
selinux-policy-3.3.1-84.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     gerbil
Platform                      Linux gerbil 2.6.25.14-108.fc9.x86_64 #1 
SMP Mon
                             Aug 4 13:46:35 EDT 2008 x86_64 x86_64
Alert Count                   16
First Seen                    Sun 07 Sep 2008 12:56:48 AM CDT
Last Seen                     Sun 07 Sep 2008 03:23:07 AM CDT
Local ID                      a3b5492a-0ef2-4cc3-bdd0-4c06696bae70
Line Numbers                   Raw Audit Messages             
host=gerbil type=AVC msg=audit(1220775787.407:21): avc:  denied  { read 
write } for  pid=3069 comm="dhclient" path="socket:[68728]" dev=sockfs 
ino=68728 scontext=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 
tclass=unix_stream_socket

host=gerbil type=SYSCALL msg=audit(1220775787.407:21): arch=c000003e 
syscall=59 success=yes exit=0 a0=948530 a1=94ad90 a2=8f0d70 
a3=3f48f67a70 items=0 ppid=2970 pid=3069 auid=500 uid=0 gid=0 euid=0 
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="dhclient" 
exe="/sbin/dhclient" subj=unconfined_u:system_r:dhcpc_t:s0-s0:c0.c1023 
key=(null)

-- 
Steve Croll

More information about the selinux mailing list