sedispatch: Connection Error
Anamitra Dutta Majumdar (anmajumd)
anmajumd at cisco.com
Tue Mar 26 19:23:04 UTC 2013
Hi Dan,
Thanks for your prompt response.
Yes we have removed unconfined.pp from our system.
And here are the outputs for the ps command
[root at nw043b-vcma1 ~]# ps -eZ | grep sedispatch
system_u:system_r:audisp_t:s0 30135 ? 00:00:11 sedispatch
[root at nw043b-vcma1 ~]#
[root at nw043b-vcma1 ~]# ps -eZ | grep setroubleshootd
[root at nw043b-vcma1 ~]#
What kind of policies to we need to add for vmtoolsd ?
Thanks,
Anamitra
On 3/26/13 12:08 PM, "Daniel J Walsh" <dwalsh at redhat.com> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Are you running this with unconfined.pp disabled? Looks like you need
>policy
>for vmtoolsd.
>
>I was looking for auditd_t or setroubleshootd avc's.
>
>ps -eZ | grep sedispatch
>ps -eZ | grep setroubleshootd
>
>sedispatch sends avc messages via dbus to setroubleshootd, if
>setroubleshootd
>gets an AVC about itself, it will drop it on the floor,
>
>
>
>
>
>On 03/26/2013 03:01 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>> Hi Dan,
>>
>> Yes there are many denials being seen. Here is an ouput from
>>ausearch....
>>
>> time->Tue Mar 26 13:58:16 2013 type=SYSCALL
>> msg=audit(1364324296.810:915270): arch=c000003e syscall=16 success=yes
>> exit=0 a0=15 a1=8912 a2=7ffffa54bf90 a3=0 items=0 ppid=1 pid=18992
>> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>> tty=(none) ses=4294967295 comm="vmtoolsd"
>> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd"
>> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
>> msg=audit(1364324296.810:915270): avc: denied { ioctl } for pid=18992
>> comm="vmtoolsd" path="socket:[2348604]" dev=sockfs ino=2348604
>> scontext=system_u:system_r:init_t:s0
>>tcontext=system_u:system_r:init_t:s0
>> tclass=tcp_socket ---- time->Tue Mar 26 13:58:26 2013 type=PATH
>> msg=audit(1364324306.076:915272): item=0 name="/" inode=2 dev=08:01
>> mode=040555 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:root_t:s0
>> type=CWD msg=audit(1364324306.076:915272): cwd="/" type=SYSCALL
>> msg=audit(1364324306.076:915272): arch=c000003e syscall=137 success=yes
>> exit=0 a0=c45530 a1=7ffffa54c150 a2=1 a3=2 items=1 ppid=1 pid=18992
>> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>> tty=(none) ses=4294967295 comm="vmtoolsd"
>> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd"
>> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
>> msg=audit(1364324306.076:915272): avc: denied { getattr } for
>>pid=18992
>> comm="vmtoolsd" name="/" dev=sda1 ino=2
>> scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:fs_t:s0
>> tclass=filesystem ---- time->Tue Mar 26 13:58:26 2013 type=PATH
>> msg=audit(1364324306.075:915271): item=0 name="/dev/sda1" inode=5938
>> dev=00:05 mode=060660 ouid=0 ogid=6 rdev=08:01
>> obj=system_u:object_r:fixed_disk_device_t:s0 type=CWD
>> msg=audit(1364324306.075:915271): cwd="/" type=SYSCALL
>> msg=audit(1364324306.075:915271): arch=c000003e syscall=4 success=yes
>> exit=0 a0=c7d0b0 a1=7ffffa54c110 a2=7ffffa54c110 a3=a items=1 ppid=1
>> pid=18992 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
>>sgid=0
>> fsgid=0 tty=(none) ses=4294967295 comm="vmtoolsd"
>> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd"
>> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
>> msg=audit(1364324306.075:915271): avc: denied { getattr } for
>>pid=18992
>> comm="vmtoolsd" path="/dev/sda1" dev=devtmpfs ino=5938
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file ----
>> time->Tue Mar 26 13:58:26 2013 type=PATH
>>msg=audit(1364324306.080:915273):
>> item=0 name="/proc/net/dev" inode=4026531979 dev=00:03 mode=0100444
>>ouid=0
>> ogid=0 rdev=00:00 obj=system_u:object_r:proc_net_t:s0 type=CWD
>> msg=audit(1364324306.080:915273): cwd="/" type=SYSCALL
>> msg=audit(1364324306.080:915273): arch=c000003e syscall=2 success=yes
>> exit=22 a0=7f783bc0e159 a1=0 a2=1b6 a3=0 items=1 ppid=1 pid=18992
>> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>> tty=(none) ses=4294967295 comm="vmtoolsd"
>> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd"
>> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
>> msg=audit(1364324306.080:915273): avc: denied { open } for pid=18992
>> comm="vmtoolsd" name="dev" dev=proc ino=4026531979
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:proc_net_t:s0 tclass=file type=AVC
>> msg=audit(1364324306.080:915273): avc: denied { read } for pid=18992
>> comm="vmtoolsd" name="dev" dev=proc ino=4026531979
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:proc_net_t:s0 tclass=file ---- time->Tue Mar
>>26
>> 13:58:26 2013 type=SYSCALL msg=audit(1364324306.081:915274):
>>arch=c000003e
>> syscall=5 success=yes exit=0 a0=16 a1=7ffffa547f10 a2=7ffffa547f10 a3=0
>> items=0 ppid=1 pid=18992 auid=4294967295 uid=0 gid=0 euid=0 suid=0
>>fsuid=0
>> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="vmtoolsd"
>> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd"
>> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
>> msg=audit(1364324306.081:915274): avc: denied { getattr } for
>>pid=18992
>> comm="vmtoolsd" path="/proc/18992/net/dev" dev=proc ino=4026531979
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:proc_net_t:s0 tclass=file ---- time->Tue Mar
>>26
>> 13:58:26 2013 type=PATH msg=audit(1364324306.082:915275): item=0
>> name="/etc/resolv.conf" inode=654095 dev=08:01 mode=0100644 ouid=0
>>ogid=0
>> rdev=00:00 obj=system_u:object_r:net_conf_t:s0 type=CWD
>> msg=audit(1364324306.082:915275): cwd="/" type=SYSCALL
>> msg=audit(1364324306.082:915275): arch=c000003e syscall=2 success=yes
>> exit=21 a0=7f78443317fa a1=0 a2=1b6 a3=2 items=1 ppid=1 pid=18992
>> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>> tty=(none) ses=4294967295 comm="vmtoolsd"
>> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd"
>> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
>> msg=audit(1364324306.082:915275): avc: denied { open } for pid=18992
>> comm="vmtoolsd" name="resolv.conf" dev=sda1 ino=654095
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:net_conf_t:s0 tclass=file type=AVC
>> msg=audit(1364324306.082:915275): avc: denied { read } for pid=18992
>> comm="vmtoolsd" name="resolv.conf" dev=sda1 ino=654095
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:net_conf_t:s0 tclass=file ---- time->Tue Mar
>>26
>> 13:58:26 2013 type=SYSCALL msg=audit(1364324306.083:915276):
>>arch=c000003e
>> syscall=5 success=yes exit=0 a0=15 a1=7ffffa549e80 a2=7ffffa549e80 a3=2
>> items=0 ppid=1 pid=18992 auid=4294967295 uid=0 gid=0 euid=0 suid=0
>>fsuid=0
>> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="vmtoolsd"
>> exe="/usr/lib/vmware-tools/sbin64/vmtoolsd"
>> subj=system_u:system_r:init_t:s0 key=(null) type=AVC
>> msg=audit(1364324306.083:915276): avc: denied { getattr } for
>>pid=18992
>> comm="vmtoolsd" path="/etc/resolv.conf" dev=sda1 ino=654095
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:net_conf_t:s0 tclass=file
>>
>>
>>
>> Thanks, Anamitra
>>
>> On 3/26/13 11:55 AM, "Daniel J Walsh" <dwalsh at redhat.com> wrote:
>>
>> On 03/26/2013 12:50 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>>>>>
>>>>> On one of our system we see that the syslog/messages file has been
>>>>> flooded with the following messages
>>>>>
>>>>> r 25 18:07:56 nw043b-vcma1 user 3 sedispatch: Connection Error (An
>>>>> SELinux policy prevents this sender from sending this message to this
>>>>> recipient (rejected message had sender "(unset)" interface
>>>>> "org.freedesktop.DBus" member "Hello" error name "(unset)"
>>>>> destination "org.freedesktop.DBus")): AVC Will be dropped Mar 25
>>>>> 18:07:56 nw043b-vcma1 user 3 sedispatch: Connection Error (An SELinux
>>>>> policy prevents this sender from sending this message to this
>>>>> recipient (rejected message had sender "(unset)" interface
>>>>> "org.freedesktop.DBus" member "Hello" error name "(unset)"
>>>>> destination "org.freedesktop.DBus")): AVC Will be dropped Mar 25
>>>>> 18:07:56 nw043b-vcma1 user 3 sedispatch: Connection Error (An SELinux
>>>>> policy prevents this sender from sending this message to this
>>>>> recipient (rejected message had sender "(unset)" interface
>>>>> "org.freedesktop.DBus" member "Hello" error name "(unset)"
>>>>> destination "org.freedesktop.DBus")): AVC Will be dropped
>>>>>
>>>>>
>>>>>
>>>>> We are on RHEL6.2 and running in permissive mode.
>>>>>
>>>>> Here are the version of the selinux related rpms.
>>>>>
>>>>> root at nw043b-vcma1 vos]# rpm -qa | grep selinux
>>>>> selinux-policy-3.7.19-126.el6.noarch libselinux-2.0.94-5.2.el6.i686
>>>>> libselinux-2.0.94-5.2.el6.x86_64
>>>>> selinux-policy-targeted-3.7.19-126.el6.noarch
>>>>> libselinux-utils-2.0.94-5.2.el6.i686
>>>>> libselinux-utils-2.0.94-5.2.el6.x86_64
>>>>> libselinux-python-2.0.94-5.2.el6.x86_64 [root at nw043b-vcma1 vos]# rpm
>>>>> -qa | grep setro setroubleshoot-server-3.0.38-2.1.el6.x86_64
>>>>> setroubleshoot-plugins-3.0.16-1.el6.noarch
>>>>>
>>>>> What could be the root cause of these messages.
>>>>>
>>>>> Thanks, Anamitra
>>>>>
>>>>>
>>>>>
>> Are you seeing lots of AVC messages?
>>
>> ausearch -m avc -ts recent
>>
>>
>>
>> -- selinux mailing list selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.13 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>iEYEARECAAYFAlFR8j0ACgkQrlYvE4MpobOyKACgt7LNy1xrlOs9A7dfehw2d2L3
>yO4AoMMWM6MhUGfOvR2AXwsw6LCjvcwh
>=Cxb+
>-----END PGP SIGNATURE-----
More information about the selinux
mailing list