Lots of SELinux denial messages.

Les hlhowell at pacbell.net
Sat Sep 19 18:10:59 UTC 2009


I have upgraded to F11 using the upgrade from the update process.  And
it went smoothly.  However, I am now getting a lot of SElinux messages
(I had to set it to permissive to get anything done at all.)  I have
submitted bugs on two of them, and will submit more bugs later.  I have
relabled the system (extensive and took time) used the restorecon
command where it was recommended, but still there are messages, and I
need to get those resolved prior to turning SELinux back on.

	So I am including a few of the most predominate messages in this
message.  If you have had these and have a cure, or know some approach
that is safe to turning these off so I can re-enable SELinux, please let
me know.  If I get no responses in a day or so I will submit bugzillas
on these as well.

	I should note that while the first shows a time of around 0300, my
system was idle at that time.  I went to bed at about 2:30 and rebooted
at that time.  Also I emptied the que of alerts when I logged on, so
these showed up today since about 9:30.  There were four more of these
all targeting different objects.

Regards, 
Les H


********************************************************************************

Summary:

SELinux is preventing dbus-daemon (system_dbusd_t) "search"
unconfined_t.

Detailed Description:

[SELinux is in permissive mode, the operation would have been denied but
was
permitted due to permissive mode.]

SELinux denied access requested by dbus-daemon. It is not expected that
this
access is required by dbus-daemon and this access may signal an
intrusion
attempt. It is also possible that the specific version or configuration
of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
Target Context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects                9374 [ dir ]
Source                        dbus-daemon
Source Path                   /bin/dbus-daemon
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           dbus-1.2.12-2.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.12-82.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
2.6.30.5-43.fc11.i586
                              #1 SMP Thu Aug 27 21:18:54 EDT 2009 i686
i686
Alert Count                   2
First Seen                    Sat 19 Sep 2009 11:03:18 AM PDT
Last Seen                     Sat 19 Sep 2009 11:03:18 AM PDT
Local ID                      136137e2-5f20-4d7d-88e5-a65c26b266a6
Line Numbers                  

Raw Audit Messages            

node=localhost.localdomain type=AVC msg=audit(1253383398.33:262): avc:
denied  { search } for  pid=1472 comm="dbus-daemon" name="9374" dev=proc
ino=42807 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=dir

node=localhost.localdomain type=AVC msg=audit(1253383398.33:262): avc:
denied  { read } for  pid=1472 comm="dbus-daemon" name="cmdline"
dev=proc ino=42818
scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=file

node=localhost.localdomain type=SYSCALL msg=audit(1253383398.33:262):
arch=40000003 syscall=5 success=yes exit=41 a0=2bd1290 a1=0 a2=249e
a3=bfca767c items=0 ppid=1 pid=1472 auid=4294967295 uid=81 gid=81
euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none)
ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon"
subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)

************************************************************************

Summary:

SELinux is preventing dbus-daemon (system_dbusd_t) "search"
unconfined_t.

Detailed Description:

[SELinux is in permissive mode, the operation would have been denied but
was
permitted due to permissive mode.]

SELinux denied access requested by dbus-daemon. It is not expected that
this
access is required by dbus-daemon and this access may signal an
intrusion
attempt. It is also possible that the specific version or configuration
of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
Target Context
system_u:system_r:unconfined_t:s0-s0:c0.c1023
Target Objects                9349 [ dir ]
Source                        dbus-daemon
Source Path                   /bin/dbus-daemon
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           dbus-1.2.12-2.fc11
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.12-82.fc11
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
2.6.30.5-43.fc11.i586
                              #1 SMP Thu Aug 27 21:18:54 EDT 2009 i686
i686
Alert Count                   2
First Seen                    Sat 19 Sep 2009 11:01:01 AM PDT
Last Seen                     Sat 19 Sep 2009 11:01:01 AM PDT
Local ID                      057fe84b-ff84-49ce-9360-17a76fc9aca5
Line Numbers                  

Raw Audit Messages            

node=localhost.localdomain type=AVC msg=audit(1253383261.273:257): avc:
denied  { search } for  pid=1472 comm="dbus-daemon" name="9349" dev=proc
ino=42679 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=dir

node=localhost.localdomain type=AVC msg=audit(1253383261.273:257): avc:
denied  { read } for  pid=1472 comm="dbus-daemon" name="cmdline"
dev=proc ino=42680
scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=file

node=localhost.localdomain type=SYSCALL msg=audit(1253383261.273:257):
arch=40000003 syscall=5 success=yes exit=47 a0=2bdae88 a1=0 a2=2485
a3=bfca767c items=0 ppid=1 pid=1472 auid=4294967295 uid=81 gid=81
euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none)
ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon"
subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)

*************************************************************************







More information about the users mailing list