F12: "mac_admin"

Daniel B. Thurman dant at cdkkt.com
Sun Mar 7 20:21:56 UTC 2010


I have no idea what this is, but it is new:

================================================
Summary:

SELinux is preventing /usr/bin/chcon "mac_admin" access .

Detailed Description:

SELinux denied access requested by chcon. It is not expected that this 
access is
required by chcon and this access may signal an intrusion attempt. It is 
also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                               023
Target Context                
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                               023
Target Objects                None [ capability2 ]
Source                        chcon
Source Path                   /usr/bin/chcon
Port <Unknown>
Host                          host.domain.com
Source RPM Packages           coreutils-7.6-9.fc12
Target RPM Packages
Policy RPM                    selinux-policy-3.6.32-92.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     host.domain.com
Platform                      Linux host.domain.com 
2.6.31.12-174.2.22.fc12.i686
                               #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
Alert Count                   1
First Seen                    Fri 05 Mar 2010 11:24:27 AM PST
Last Seen                     Fri 05 Mar 2010 11:24:27 AM PST
Local ID                      73c77171-b9bb-44f9-98bb-68a6d3ee1e96
Line Numbers

Raw Audit Messages

node=host.domain.com type=AVC msg=audit(1267817067.517:43791): avc:  
denied  { mac_admin } for  pid=28356 comm="chcon" capability=33 
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 
tclass=capability2

node=host.domain.com type=SYSCALL msg=audit(1267817067.517:43791): 
arch=40000003 syscall=226 success=no exit=-22 a0=834b8d0 a1=7fd69ed 
a2=834cc90 a3=23 items=0 ppid=28098 pid=28356 auid=500 uid=0 gid=0 
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=1 comm="chcon" 
exe="/usr/bin/chcon" 
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)




More information about the selinux mailing list