tzdata AVC

Tony Molloy tony.molloy at ul.ie
Wed Oct 27 10:28:54 UTC 2010 

Hi,

I'm running SELinux in enforcing mode on fully updated CentOS-5 servers.
selinux-policy-2.4.6-279.el5_5.1.noarch

After the latest "possibly glibc" update I've seen the following AVC on 
several of my servers. 



Summary:

SELinux is preventing tzdata-update (tzdata_t) "getattr" to / (fs_t).

Detailed Description:

SELinux denied access requested by tzdata-update. It is not expected that this
access is required by tzdata-update and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not 
recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                root:system_r:tzdata_t:SystemLow-SystemHigh
Target Context                system_u:object_r:fs_t
Target Objects                / [ filesystem ]
Source                        tzdata-update
Source Path                   <Unknown>
Port                          <Unknown>
Host                          remote-backup.x.y.z
Source RPM Packages           
Target RPM Packages           filesystem-2.4.0-3.el5
Policy RPM                    selinux-policy-2.4.6-279.el5_5.1
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     remote-backup.x.y.z
Platform                      Linux remote-backup.x.y.z 2.6.18-194.17.1.el5
                              #1 SMP Wed Sep 29 12:50:31 EDT 2010 x86_64 
x86_64
Alert Count                   3
First Seen                    Fri Oct 22 06:31:14 2010
Last Seen                     Wed Oct 27 06:39:14 2010
Local ID                      ec15ac2d-b644-40fb-809a-2b3809b001e5
Line Numbers                  

Raw Audit Messages            

host=remote-backup.csis.ul.ie type=AVC msg=audit(1288157954.817:16502): avc:  
denied  { getattr } for  pid=2135 comm="tzdata-update" name="/" dev=sda5 ino=2 
scontext=root:system_r:tzdata_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem


Regards,

Tony

More information about the selinux mailing list