SELinux alleged Attack!

[Karl Larsen]

Andy Green wrote:
> Somebody in the thread at some point said:
>
>   
>>> Well, none of these are normal avcs that you would see if selinux was
>>> denying access to something.
>>>
>>> A classical avc that makes trouble looks like this:
>>>
>>> Sep  2 05:03:13 hostname kernel: audit(1188705793.190:416): avc:  denied
>>>  { search } for  pid=12965 comm="wpa_supplicant" name="netdev:wlan0"
>>> dev=debugfs ino=2841020 scontext=user_u:system_r:NetworkManager_t:s0
>>> tcontext=system_u:object_r:debugfs_t:s0 tclass=dir
>>>       
>
>   
>> Come on Andy, there are a whole lot of AVC things and they explain why
>> the computer came up so slow. SELinux was trying to get some things done
>> and they were not succeeding so it slowed everything to a crawl.
>>
>> What is there are reports of error, and I got them from
>> /var/log/messages/ and explains to me how SELinux slowed down my computer.
>>     
>
> How many of these "AVC things" that are not avcs are there?  Unless
> there are hundreds of thousands per boot it doesn't in itself explain
> why it "slowed everything to a crawl".  If permissions are denied on
> opening a file or whatever, it's recorded in a single avc and that is
> the end of the story, it failed -- bang, exit.  It doesn't hang around
> weeping and feeling bad until it gets the energy to go on.
>
> There has to be a reason why a process hangs on until it times out, and
> "selinux problems" is not enough of an explanation.  As proposed by
> others, network timeouts are a pretty common source of hanging around
> for 'long' periods -- 'long' considering the 2 or 3 billion operations a
> second your CPU is always wanting to do.
>
> -Andy
>
>   
    Come on Andy, these were all caused by SELinux and explains if you 
can figure out what they mean. I can't and you won't because your 
convinced these are not done by SELinux.

    So there seems to be nothing more to say.





-- 

	Karl F. Larsen, AKA K5DI
	Linux User
	#450462   http://counter.li.org.