Troubleshootng the Selunix troubleshooter
Richard Chapman
rchapman at aardvark.com.au
Sun Jan 4 07:24:05 UTC 2009
Hi.. When I first installed Centos 5.0 - I disabled SELinux at the first
sign of trouble. I have now seen the light - and have enabled SELinux
on the system which is now updated to Centos 5.2 with Kernel Linux
2.6.18-92.1.22.el5 on x86_64. I initially enabled Selinux in permissive
mode - and tried looking at the GUI SELinux Troubleshooter - but it
shows no problems. This may be OK - because there are no "type=avc"
messages in the audit.log file. However there are thousands of "type=
user_avc". Here are the last 20 while in permissive mode:
type=USER_AVC msg=audit(1231052785.984:833): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=AddMatch dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.984:834): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=GetNameOwner dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.985:835): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.986:836): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820 scontext=system_u:system_r:init_t:s0 tcontext=user_u:system_r:initrc_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.987:837): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=RemoveMatch dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.987:838): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=AddMatch dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.987:839): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=GetNameOwner dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.988:840): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.989:841): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820 scontext=system_u:system_r:init_t:s0 tcontext=user_u:system_r:initrc_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.990:842): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=RemoveMatch dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.990:843): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=AddMatch dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.990:844): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=GetNameOwner dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.991:845): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.991:846): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820 scontext=system_u:system_r:init_t:s0 tcontext=user_u:system_r:initrc_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.992:847): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=RemoveMatch dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.992:848): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=AddMatch dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.992:849): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=GetNameOwner dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.992:850): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.Hal.Device member=Rescan dest=org.freedesktop.Hal spid=7820 tpid=3667 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.993:851): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_return dest=:1.14 spid=3667 tpid=7820 scontext=system_u:system_r:init_t:s0 tcontext=user_u:system_r:initrc_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
type=USER_AVC msg=audit(1231052785.994:852): user pid=2489 uid=81 auid=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=RemoveMatch dest=org.freedesktop.DBus spid=7820 scontext=user_u:system_r:initrc_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=dbus : exe="/bin/dbus-daemon" (sauid=81, hostname=?, addr=?, terminal=?)'
If I set the system to Enforcing mode - and log out and log back in -
the login seems to run very slowly. If I try to run the gui SELinux
Troubleshooter - the application window doesn't come up - but I see the
following errors in the boot.log file.
Jan 3 16:55:54 C5 dbus: avc: received setenforce notice (enforcing=1)
Jan 3 16:56:23 C5 userhelper[24703]: running
'/usr/share/system-config-securitylevel/system-config-securitylevel.py'
with system_u:system_r:unconfined_t context
Jan 3 16:56:23 C5 userhelper[24703]: running
'/usr/share/system-config-securitylevel/system-config-securitylevel.py'
with root privileges on behalf of 'root'
Jan 3 16:58:02 C5 gconfd (root-21790): Exiting
Jan 3 16:58:02 C5 sshd[21044]: pam_unix(sshd:session): session closed
for user nx
Jan 3 16:58:02 C5 su: pam_unix(su-l:session): session closed for user root
Jan 3 16:58:23 C5 sshd[24747]: Accepted publickey for nx from
192.168.0.2 port 33869 ssh2
Jan 3 16:58:23 C5 sshd[24747]: pam_unix(sshd:session): session opened
for user nx by (uid=0)
Jan 3 16:58:25 C5 su: pam_unix(su-l:session): session opened for user
root by (uid=102)
Jan 3 16:58:28 C5 dovecot: IMAP(tim): Disconnected: Logged out
Jan 3 16:58:30 C5 gconfd (root-25493): starting (version 2.14.0), pid
25493 user 'root'
Jan 3 16:58:30 C5 gconfd (root-25493): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only
configuration source at position 0
Jan 3 16:58:30 C5 gconfd (root-25493): Resolved address
"xml:readwrite:/root/.gconf" to a writable configuration source at
position 1
Jan 3 16:58:30 C5 gconfd (root-25493): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only
configuration source at position 2
Jan 3 16:58:33 C5 pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0
Not Found
Jan 3 16:58:33 C5 last message repeated 4 times
Jan 3 16:58:33 C5 gconfd (root-25493): Resolved address
"xml:readwrite:/root/.gconf" to a writable configuration source at
position 0
Jan 3 16:59:46 C5 gdm[4045]: pam_unix(gdm:session): session opened for
user root by (uid=0)
Jan 3 16:59:59 C5 pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0
Not Found
Jan 3 16:59:59 C5 last message repeated 4 times
Jan 3 17:00:01 C5 crond[25738]: (root) CMD (/var/www/sarg/sarg.cron >
/dev/null 2>&1)
Jan 3 17:00:01 C5 crond[25740]: (root) CMD
(/etc/webmin/webalizer/webalizer.pl /var/log/squid/access.log)
Jan 3 17:00:01 C5 crond[25742]: (root) CMD (/etc/webmin/status/monitor.pl)
Jan 3 17:00:01 C5 crond[25743]: (root) CMD
(/etc/webmin/fetchmail/check.pl --mail rchapman\@aardvark\.com\.au --errors)
Jan 3 17:00:01 C5 su: pam_unix(su:session): session opened for user
richard by (uid=0)
Jan 3 17:00:04 C5 su: pam_unix(su:session): session opened for user
postgres by (uid=0)
Jan 3 17:00:04 C5 su: pam_unix(su:session): session closed for user postgres
Jan 3 17:00:13 C5 su: pam_unix(su:session): session closed for user richard
Jan 3 17:01:01 C5 crond[25911]: (root) CMD (run-parts /etc/cron.hourly)
Jan 3 17:01:15 C5 userhelper[25928]: running
'/usr/share/system-config-securitylevel/system-config-securitylevel.py'
with system_u:system_r:unconfined_t context
Jan 3 17:01:15 C5 userhelper[25928]: running
'/usr/share/system-config-securitylevel/system-config-securitylevel.py'
with root privileges on behalf of 'root'
Jan 3 17:02:18 C5 setroubleshoot: [dbus.ERROR] could not start dbus: Did
not receive a reply. Possible causes include: the remote application did
not send a reply, the message bus security policy blocked the reply, the
reply timeout expired, or the network connection was broken.
Jan 3 17:03:06 C5 dovecot: imap-login: Login: user=<tim>, method=PLAIN,
rip=192.168.0.199, lip=192.168.0.201
Jan 3 17:03:37 C5 dovecot: IMAP(tim): Disconnected: Logged out
Jan 3 17:04:14 C5 setroubleshoot: [dbus.ERROR] could not start dbus: Did
not receive a reply. Possible causes include: the remote application did
not send a reply, the message bus security policy blocked the reply, the
reply timeout expired, or the network connection was broken.
I have also tried the comand line sealert application - which runs fine
- but shows no problems:
[root at C5 <mailto:root at C5> ~]# sealert -a /var/log/audit/audit.log
100% donefound 0 alerts in /var/log/audit/audit.log
[root at C5 <mailto:root at C5> ~]#
It looks to me as if there is some problem (possibly a policy issue)
with my dbus connection. and this is preventing the selinux
troubleshooter operating in enforcing mode - and also probably causing
some other problems in enforcing mode - though no "type-avc" problems
show up int eh audit logs.
Can anyone explain to me what "type=user_avc" messages are - and why
they are not reported by teh gui SELinux troubleshooter or sealert? How
should I debug the remainig issues in theis system?
All adice appreciated.
Richard.
More information about the selinux
mailing list