SELinux is preventing khidpd_0d620558 from write access on the socket Unknown.

Daniel J Walsh dwalsh at redhat.com
Mon Apr 25 12:55:31 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/23/2011 03:12 PM, Lawrence E Graves wrote:
> SELinux is preventing khidpd_0d620558 from write access on the socket Unknown.
> 
> *****  Plugin catchall (100. confidence) suggests  ***************************
> 
> If you believe that khidpd_0d620558 should be allowed write access on the Unknown socket by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep khidpd_0d620558 /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> 
> Additional Information:
> Source Context                system_u:system_r:kernel_t:s0
> Target Context                system_u:object_r:unlabeled_t:s0
> Target Objects                Unknown [ socket ]
> Source                        khidpd_0d620558
> Source Path                   khidpd_0d620558
> Port                          <Unknown>
> Host                          JesusChrist.localdomain
> Source RPM Packages           
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.9.16-16.fc15
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     JesusChrist.localdomain
> Platform                      Linux JesusChrist.localdomain
>                               2.6.38.3-18.fc15.x86_64 #1 SMP Fri Apr 22 13:24:23
>                               UTC 2011 x86_64 x86_64
> Alert Count                   7
> First Seen                    Sat 23 Apr 2011 01:10:35 PM MDT
> Last Seen                     Sat 23 Apr 2011 01:10:35 PM MDT
> Local ID                      22003605-0f14-43ab-bb6b-a528ac18c632
> 
> Raw Audit Messages
> type=AVC msg=audit(1303585835.426:3428): avc:  denied  { write } for  pid=3477 comm="khidpd_0d620558" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=socket
> 
> 
> Hash: khidpd_0d620558,kernel_t,unlabeled_t,socket,write
> 
> audit2allow
> 
> #============= kernel_t ==============
> allow kernel_t unlabeled_t:socket write;
> 
> audit2allow -R
> 
> #============= kernel_t ==============
> allow kernel_t unlabeled_t:socket write;
> 
> 
> 
Please report this as a bugzilla.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk21b0MACgkQrlYvE4MpobNV5wCgsDsqF7vjMcRC5/VrOxgxaEPF
8mkAn1xfT6B+iKIdK3e0JEth1WFn9AL4
=RXLI
-----END PGP SIGNATURE-----

More information about the users mailing list