nscd AVC

Dominick Grift domg472 at gmail.com
Mon Jan 10 17:55:34 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/10/2011 06:52 PM, Dominick Grift wrote:
> On 01/10/2011 06:40 PM, Vadym Chepkov wrote:
>> Hi,
> 
>> Is it safe to permit these?
> 
> Safe yes. It wants to read the /usr/tmp symlink which is labelled usr_t.
> The question is:
> 
> Should this /usr/tmp symlink be labelled usr_t in the first place, or
> should it be labelled tmp_t.
> 
> That is a matter of opinion.
> 
> I decided to label it tmp_t and then call:
> 
> files_read_generic_tmp_symlinks(nscd_t)
> 
> But in Fedora i guess you would call:
> 
> files_read_usr_symlinks(nscd_t)
> 
> Either is fine i believe.

Whoops and it also wants to list /var/tmp ( the target of the /usr/tmp
symlink)

i guess that would be:

files_list_tmp(nscd_t)

>> selinux-policy-3.9.7-18.fc14.noarch
> 
>> # ausearch -m avc -ts yesterday
>> ----
>> time->Sun Jan  9 11:23:14 2011
>> type=SYSCALL msg=audit(1294590194.604:12): arch=40000003 syscall=5 success=yes exit=18 a0=57b497 a1=0 a2=1b6 a3=58856a items=0 ppid=1 pid=997 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null)
>> type=AVC msg=audit(1294590194.604:12): avc:  denied  { read } for  pid=997 comm="nscd" name="/" dev=dm-2 ino=2 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
>> ----
>> time->Sun Jan  9 11:23:14 2011
>> type=SYSCALL msg=audit(1294590194.604:13): arch=40000003 syscall=195 success=yes exit=0 a0=57b49c a1=ae2f16bc a2=29fff4 a3=3 items=0 ppid=1 pid=997 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null)
>> type=AVC msg=audit(1294590194.604:13): avc:  denied  { read } for  pid=997 comm="nscd" name="tmp" dev=dm-0 ino=15581 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
>> ----
>> time->Sun Jan  9 11:41:04 2011
>> type=SYSCALL msg=audit(1294591264.449:7): arch=40000003 syscall=195 success=yes exit=0 a0=3f049c a1=ae9f964c a2=38bff4 a3=3 items=0 ppid=1 pid=973 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null)
>> type=AVC msg=audit(1294591264.449:7): avc:  denied  { read } for  pid=973 comm="nscd" name="tmp" dev=dm-0 ino=15581 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=lnk_file
>> ----
>> time->Sun Jan  9 11:41:04 2011
>> type=SYSCALL msg=audit(1294591264.448:6): arch=40000003 syscall=5 success=yes exit=16 a0=3f0497 a1=0 a2=1b6 a3=3fd56a items=0 ppid=1 pid=973 auid=4294967295 uid=28 gid=28 euid=28 suid=28 fsuid=28 egid=28 sgid=28 fsgid=28 tty=(none) ses=4294967295 comm="nscd" exe="/usr/sbin/nscd" subj=system_u:system_r:nscd_t:s0 key=(null)
>> type=AVC msg=audit(1294591264.448:6): avc:  denied  { read } for  pid=973 comm="nscd" name="/" dev=dm-2 ino=2 scontext=system_u:system_r:nscd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir
> 
> 
> 
> 
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk0rSBUACgkQMlxVo39jgT8j0QCgzRF/SWu0SdxdfCMdsKZC4uEM
tvEAoL8TDTCOCaFxoN11s9/GSL+4KaeE
=Qx16
-----END PGP SIGNATURE-----

More information about the selinux mailing list