Denial showing up even when allow rule appied

Anamitra Dutta Majumdar (anmajumd) anmajumd at cisco.com
Wed May 22 19:35:35 UTC 2013 

Hi Dan ,

Here is the related AVC denial

type=AVC msg=audit(1369177581.853:57912): avc:  denied  { create } for
pid=18778 comm="usermod" name="passwd+"
scontext=specialuser_u:system_r:pwrecoveryd_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=file
type=SYSCALL msg=audit(1369177581.853:57912): arch=40000003 syscall=5
success=yes exit=5 a0=bff19038 a1=8241 a2=1b6 a3=9df3670 items=2
ppid=18765 pid=18778 auid=503 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=tty1 ses=1624 comm="usermod" exe="/usr/sbin/usermod"
subj=specialuser_u:system_r:pwrecoveryd_t:s0 key=(null)
type=CWD msg=audit(1369177581.853:57912):  cwd="/home/pwrecovery"
type=PATH msg=audit(1369177581.853:57912): item=0 name="/etc/"
inode=3103841 dev=08:01 mode=040755 ouid=0 ogid=0 rdev=00:00
obj=system_u:object_r:etc_t:s0type=PATH msg=audit(1369177581.853:57912):
item=1 name="/etc/passwd+" inode=3105686 dev=08:01 mode=0100000 ouid=0
ogid=0 rdev=00:00 obj=system_u:object_r:etc_t:s0


And we are not using kerberos for any authentication on our system.

Thanks,
Anamitra

On 5/22/13 10:04 AM, "Daniel J Walsh" <dwalsh at redhat.com> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On 05/21/2013 02:04 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>> Hi Dan,
>> 
>> We added the domain_obj_id_change_exemption(pwrecoveryd_t) to our src
>> module but no luck.
>> 
>> And also  our app does not do  a setfscreatecon() call however from the
>> syslogs we found Calls to setfscreate() by our app.
>> 
>> Is there a way to look at the constraints on a RHEL5 box using seinfo.
>> 
>> As indicated earlier in the email thread , the seinfo command on RHEL5
>>does
>> not have the "--constrain" option.
>> 
>> 
>> Thanks, Anamitra
>> 
>
>Could you attach your current AVC messages? Are you using kerberos
>libraries?
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.13 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>iEYEARECAAYFAlGc+pwACgkQrlYvE4MpobN/6QCgtqqBj0lc0PJQqp7gIGUNwB+N
>ptkAoKu36vK2vcqUgymCVyNbQ9Va5hYh
>=+6sy
>-----END PGP SIGNATURE-----

More information about the selinux mailing list