updpwd AVC
Tony Molloy
tony.molloy at ul.ie
Mon Sep 26 14:00:26 UTC 2011
Hi,
On a fully updated CentOS 5.7 box I get the following AVC
Summary:
SELinux is preventing unix_update (updpwd_t) "getattr" to / (fs_t).
Detailed Description:
SELinux denied access requested by unix_update. It is not expected
that this
access is required by unix_update and this access may signal an
intrusion
attempt. It is also possible that the specific version or
configuration of the
application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context system_u:system_r:updpwd_t
Target Context system_u:object_r:fs_t
Target Objects / [ filesystem ]
Source unix_update
Source Path <Unknown>
Port <Unknown>
Host a.b.c.d
Source RPM Packages
Target RPM Packages filesystem-2.4.0-3.el5.centos
Policy RPM selinux-policy-2.4.6-316.el5
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name a.b.c.d
Platform Linuxl a.b.c.d 2.6.18-274.3.1.el5
#1 SMP Tue Sep 6 20:13:52 EDT 2011
x86_64 x86_64
Alert Count 11
First Seen Fri Feb 25 15:39:33 2011
Last Seen Mon Sep 26 14:18:54 2011
Local ID 275eef01-114a-419b-9df0-4bb81932bc5e
Line Numbers
Raw Audit Messages
host=a.b.c.d type=AVC msg=audit(1317043134.620:3620): avc: denied {
getattr } for pid=21354 comm="unix_update" name="/" dev=sda5 ino=2
scontext=system_u:system_r:updpwd_t:s0
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
I can generate a local policy module.
Thanks,
Tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20110926/049c2cf6/attachment.html
More information about the selinux
mailing list