ifconfig SELinux alert in Fedora 11
Stephen Smalley
sds at tycho.nsa.gov
Mon Jun 22 15:05:22 UTC 2009
On Thu, 2009-06-18 at 15:31 -0400, Daniel J Walsh wrote:
> On 06/17/2009 02:10 PM, Rahul Sundaram wrote:
> > Hi
> >
> > SELinux is preventing ifconfig (ifconfig_t) "read" security_t.
> >
> > Audit message:
> >
> > node=localhost.localdomain type=AVC msg=audit(1245262097.577:19): avc:
> > denied { read } for pid=3269 comm="ifconfig" name="mls" dev=selinuxfs
> > ino=12 scontext=unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:security_t:s0 tclass=file
> > node=localhost.localdomain type=SYSCALL msg=audit(1245262097.577:19):
> > arch=40000003 syscall=5 success=no exit=-13 a0=bfbcfdb8 a1=8000 a2=0
> > a3=bfbcfdb8 items=0 ppid=3253 pid=3269 auid=500 uid=0 gid=0 euid=0
> > suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=1 comm="ifconfig"
> > exe="/sbin/ifconfig"
> > subj=unconfined_u:unconfined_r:ifconfig_t:s0-s0:c0.c1023 key=(null)
> >
> > ---
> >
> > Rahul
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Why would ifconfig be reading the /selinux/mls?
>
> Did this app get execed from a different application? Might be a leaked
> file descriptor
ldd /sbin/ifconfig shows that ifconfig is now linked against libselinux,
and thus runs its constructors. So that is why it is trying to
open /selinux/mls.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list