SE alert
jd1008
jd1008 at gmail.com
Sun Jul 19 01:00:42 UTC 2015
The sealert below does not tell me exactly which dir
that the shell tried to access.
I have run the suggested commands (below)
but they did not do any good.
The alerts keep popping up.
SELinux is preventing /usr/bin/sh from read access on the directory .
***** Plugin catchall (100. confidence) suggests **************************
If you believe that sh should be allowed read access on the directory by
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep sa1 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:sysstat_t:s0-s0:c0.c1023
Target Context system_u:object_r:admin_home_t:s0
Target Objects [ dir ]
Source sa1
Source Path /usr/bin/sh
Port <Unknown>
Host localhost.localdomain
Source RPM Packages sh-20120801-23.fc20.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-197.fc20.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.localdomain
Platform Linux localhost.localdomain
3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5
14:01:17
UTC 2013 x86_64 x86_64
Alert Count 4
First Seen 2015-07-18 18:20:02 MDT
Last Seen 2015-07-18 18:50:01 MDT
Local ID d59f7aa5-d595-46be-8186-412acb6133bf
Raw Audit Messages
type=AVC msg=audit(1437267001.953:644): avc: denied { read } for
pid=6476 comm="sa1" name="root" dev="sda3" ino=47972353
scontext=system_u:system_r:sysstat_t:s0-s0:c0.c1023
tcontext=system_u:object_r:admin_home_t:s0 tclass=dir
type=SYSCALL msg=audit(1437267001.953:644): arch=x86_64 syscall=openat
success=no exit=EACCES a0=ffffffffffffff9c a1=4fcb93 a2=80800 a3=0
items=0 ppid=6474 pid=6476 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 ses=22 tty=(none) comm=sa1 exe=/usr/bin/sh
subj=system_u:system_r:sysstat_t:s0-s0:c0.c1023 key=(null)
Hash: sa1,sysstat_t,admin_home_t,dir,read
More information about the users
mailing list