Lots of SELinux denial messages.
Daniel J Walsh
dwalsh at redhat.com
Sun Sep 20 12:07:09 UTC 2009
On 09/19/2009 02:10 PM, Les wrote:
> I have upgraded to F11 using the upgrade from the update process. And
> it went smoothly. However, I am now getting a lot of SElinux messages
> (I had to set it to permissive to get anything done at all.) I have
> submitted bugs on two of them, and will submit more bugs later. I have
> relabled the system (extensive and took time) used the restorecon
> command where it was recommended, but still there are messages, and I
> need to get those resolved prior to turning SELinux back on.
>
> So I am including a few of the most predominate messages in this
> message. If you have had these and have a cure, or know some approach
> that is safe to turning these off so I can re-enable SELinux, please let
> me know. If I get no responses in a day or so I will submit bugzillas
> on these as well.
>
> I should note that while the first shows a time of around 0300, my
> system was idle at that time. I went to bed at about 2:30 and rebooted
> at that time. Also I emptied the que of alerts when I logged on, so
> these showed up today since about 9:30. There were four more of these
> all targeting different objects.
>
> Regards,
> Les H
>
>
> ********************************************************************************
>
> Summary:
>
> SELinux is preventing dbus-daemon (system_dbusd_t) "search"
> unconfined_t.
>
> Detailed Description:
>
> [SELinux is in permissive mode, the operation would have been denied but
> was
> permitted due to permissive mode.]
>
> SELinux denied access requested by dbus-daemon. It is not expected that
> this
> access is required by dbus-daemon and this access may signal an
> intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context
> system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> Target Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> 023
> Target Objects 9374 [ dir ]
> Source dbus-daemon
> Source Path /bin/dbus-daemon
> Port <Unknown>
> Host localhost.localdomain
> Source RPM Packages dbus-1.2.12-2.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.12-82.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Permissive
> Plugin Name catchall
> Host Name localhost.localdomain
> Platform Linux localhost.localdomain
> 2.6.30.5-43.fc11.i586
> #1 SMP Thu Aug 27 21:18:54 EDT 2009 i686
> i686
> Alert Count 2
> First Seen Sat 19 Sep 2009 11:03:18 AM PDT
> Last Seen Sat 19 Sep 2009 11:03:18 AM PDT
> Local ID 136137e2-5f20-4d7d-88e5-a65c26b266a6
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost.localdomain type=AVC msg=audit(1253383398.33:262): avc:
> denied { search } for pid=1472 comm="dbus-daemon" name="9374" dev=proc
> ino=42807 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tclass=dir
>
> node=localhost.localdomain type=AVC msg=audit(1253383398.33:262): avc:
> denied { read } for pid=1472 comm="dbus-daemon" name="cmdline"
> dev=proc ino=42818
> scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tclass=file
>
> node=localhost.localdomain type=SYSCALL msg=audit(1253383398.33:262):
> arch=40000003 syscall=5 success=yes exit=41 a0=2bd1290 a1=0 a2=249e
> a3=bfca767c items=0 ppid=1 pid=1472 auid=4294967295 uid=81 gid=81
> euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none)
> ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon"
> subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)
>
> ************************************************************************
>
> Summary:
>
> SELinux is preventing dbus-daemon (system_dbusd_t) "search"
> unconfined_t.
>
> Detailed Description:
>
> [SELinux is in permissive mode, the operation would have been denied but
> was
> permitted due to permissive mode.]
>
> SELinux denied access requested by dbus-daemon. It is not expected that
> this
> access is required by dbus-daemon and this access may signal an
> intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context
> system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> Target Context
> system_u:system_r:unconfined_t:s0-s0:c0.c1023
> Target Objects 9349 [ dir ]
> Source dbus-daemon
> Source Path /bin/dbus-daemon
> Port <Unknown>
> Host localhost.localdomain
> Source RPM Packages dbus-1.2.12-2.fc11
> Target RPM Packages
> Policy RPM selinux-policy-3.6.12-82.fc11
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Permissive
> Plugin Name catchall
> Host Name localhost.localdomain
> Platform Linux localhost.localdomain
> 2.6.30.5-43.fc11.i586
> #1 SMP Thu Aug 27 21:18:54 EDT 2009 i686
> i686
> Alert Count 2
> First Seen Sat 19 Sep 2009 11:01:01 AM PDT
> Last Seen Sat 19 Sep 2009 11:01:01 AM PDT
> Local ID 057fe84b-ff84-49ce-9360-17a76fc9aca5
> Line Numbers
>
> Raw Audit Messages
>
> node=localhost.localdomain type=AVC msg=audit(1253383261.273:257): avc:
> denied { search } for pid=1472 comm="dbus-daemon" name="9349" dev=proc
> ino=42679 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
>
> node=localhost.localdomain type=AVC msg=audit(1253383261.273:257): avc:
> denied { read } for pid=1472 comm="dbus-daemon" name="cmdline"
> dev=proc ino=42680
> scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=file
>
> node=localhost.localdomain type=SYSCALL msg=audit(1253383261.273:257):
> arch=40000003 syscall=5 success=yes exit=47 a0=2bdae88 a1=0 a2=2485
> a3=bfca767c items=0 ppid=1 pid=1472 auid=4294967295 uid=81 gid=81
> euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none)
> ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon"
> subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)
>
> *************************************************************************
>
>
>
>
Les, I believe something went wrong on your upgrade
Could you execute
yum reinstall selinux-policy-targeted
And make sure this succeeds?
If it does then see if you still see these messages.
Also check the following
semodule -l | grep unconfined
To make sure you have 2 packages.
More information about the users
mailing list