gdb and avc

David P. Quigley dpquigl at tycho.nsa.gov
Tue Jul 27 18:38:37 UTC 2010 

On Tue, 2010-07-27 at 13:55 -0400, Genes MailLists wrote:
> When I debug (local compiled executable) as user with gdb I get this d:
> 
> [selinux-policy-3.7.19-39.fc13.noarch]
> 
> gene/
> ------------------------------
> 
> Summary:
> 
> SELinux is preventing /usr/bin/gdb "write" access on
> /usr/share/glib-2.0/gdb.
> 
> Detailed Description:
> 
> SELinux denied access requested by gdb. It is not expected that this
> access is
> required by gdb and this access may signal an intrusion attempt. It is also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
> 
> 
> ...
> 
> Additional Information:
> 
> Source Context                system_u:system_r:xdm_t:s0-s0:c0.c1023
> Target Context                system_u:object_r:usr_t:s0
> Target Objects                /usr/share/glib-2.0/gdb [ dir ]
> Source                        gdb
> Source Path                   /usr/bin/gdb
> Port                          <Unknown>
> Host                          lap1.prv.sapience.com
> Source RPM Packages           gdb-7.1-23.fc13
> Target RPM Packages           glib2-devel-2.24.1-1.fc13
> Policy RPM                    selinux-policy-3.7.19-21.fc13
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     lap1.prv.sapience.com
> Platform                      Linux lap1.prv.sapience.com
>                               2.6.33.5-112.fc13.x86_64 #1 SMP Thu May 27
>                               02:28:31 UTC 2010 x86_64 x86_64
> Alert Count                   2
> First Seen                    Mon 31 May 2010 06:39:33 PM EDT
> Last Seen                     Mon 31 May 2010 06:39:33 PM EDT
> Local ID                      93cf7fa2-26ba-4ce9-8bec-2d73222d4602
> Line Numbers
> 
> Raw Audit Messages
> 
> node=lap1.prv.sapience.com type=AVC msg=audit(1275345573.390:33574):
> avc:  denied  { write } for  pid=6060 comm="gdb" name="gdb" dev=sda8
> ino=929092 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:usr_t:s0 tclass=dir
> 
> node=lap1.prv.sapience.com type=SYSCALL msg=audit(1275345573.390:33574):
> arch=c000003e syscall=2 success=no exit=-13 a0=7fffc10c7b30 a1=2c1
> a2=81a4 a3=7fcbd6e98ad0 items=0 ppid=6058 pid=6060 auid=4294967295 uid=0
> gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
> ses=4294967295 comm="gdb" exe="/usr/bin/gdb"
> subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
> 
> 
> 
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

It seems odd to me that gdb is running as xdm_t. Can you give the output
of ls -Z /usr/bin/gdb and also matchpathcon /usr/bin/gdb

Dave

More information about the selinux mailing list