Mod-security (mlogc) problem
Arthur Dent
misc.lists at blueyonder.co.uk
Sun Apr 25 18:20:12 UTC 2010
Hello Dominick,
I don't know if you remember all the painful details of the thread where
you helped me solve my mlogc problems but, after running for a couple of
weeks in enforcing mode I occasionally get these AVCs when my
ModSecurity rule triggers a block which is reported in mlogc:
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1271810736.442:85299): avc: denied { read } for pid=30941 comm="mlogc" name="stat" dev=proc ino=4026531985 scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1271810736.442:85299): arch=40000003 syscall=5 success=no exit=-13 a0=ceeb6e a1=80000 a2=0 a3=2000 items=0 ppid=32219 pid=30941 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1271810736.446:85300): avc: denied { read } for pid=30941 comm="mlogc" name="cpuinfo" dev=proc ino=4026531980 scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1271810736.446:85300): arch=40000003 syscall=5 success=no exit=-13 a0=ceeb79 a1=80000 a2=0 a3=2000 items=0 ppid=32219 pid=30941 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1272206914.57:99302): avc: denied { read } for pid=2650 comm="mlogc" name="stat" dev=proc ino=4026531985 scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1272206914.57:99302): arch=40000003 syscall=5 success=no exit=-13 a0=24bb6e a1=80000 a2=0 a3=2000 items=0 ppid=32219 pid=2650 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
Raw Audit Messages :
node=troodos.org.uk type=AVC msg=audit(1272206914.61:99303): avc: denied { read } for pid=2650 comm="mlogc" name="cpuinfo" dev=proc ino=4026531980 scontext=unconfined_u:system_r:mlogc_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1272206914.61:99303): arch=40000003 syscall=5 success=no exit=-13 a0=24bb79 a1=80000 a2=0 a3=2000 items=0 ppid=32219 pid=2650 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="mlogc" exe="/usr/bin/mlogc" subj=unconfined_u:system_r:mlogc_t:s0 key=(null)
Audit2allow suggests:
require {
type mlogc_t;
type proc_t;
class file read;
}
#============= mlogc_t ==============
allow mlogc_t proc_t:file read;
But when I try to add that to my mlogc.te it chokes during the build
process...
I should point out that, as far as I can tell, everything still works
despite the AVC denial...
Thanks yet again for your patient help!
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100425/a439b820/attachment.bin
More information about the selinux
mailing list