SE alert

jd1008 jd1008 at gmail.com
Mon Jul 20 16:44:26 UTC 2015



On 07/19/2015 08:27 PM, Ed Greshko wrote:
> On 07/20/15 09:39, jd1008 wrote:
>> I forgot the file I touch in / to force a relabel, something like 
>> .relabel=true ??? 
> touch /.autorelabel google would have found that for you.
Yep! I found it in a fedoraproject forum message
right after I sent the email.
I was just replying that I had forgotten it, with the
intent of looking it up :)

After doing that and rebooting, I got 16 alerts.

Here is one of them:

SELinux is preventing /usr/bin/python2.7 from *remove_name*access on the 
directory .

*****  Plugin catchall (100. confidence) suggests **************************

If you believe that python2.7 should be allowed remove_name access on 
the  directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep python /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_u:system_r:blueman_t:s0-s0:c0.c1023
Target Context                system_u:object_r:tmp_t:s0
Target Objects                 [ dir ]
Source                        python
Source Path                   /usr/bin/python2.7
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           python-2.7.5-16.fc20.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.12.1-197.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain
                               3.11.10-301.fc20.x86_64 #1 SMP Thu Dec 5 
14:01:17
                               UTC 2013 x86_64 x86_64
Alert Count                   1
First Seen                    2015-07-20 10:14:10 MDT
Last Seen                     2015-07-20 10:14:10 MDT
Local ID d167f2ee-4c4c-442e-877f-5a725536ec97

Raw Audit Messages
type=AVC msg=audit(1437408850.342:377): avc:  denied  { remove_name } 
for  pid=2582 comm="python" name="ffiuVaXeC" dev="tmpfs" ino=28942 
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:tmp_t:s0 tclass=dir


type=AVC msg=audit(1437408850.342:377): avc:  denied  { unlink } for  
pid=2582 comm="python" name="ffiuVaXeC" dev="tmpfs" ino=28942 
scontext=system_u:system_r:blueman_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:tmp_t:s0 tclass=file


type=SYSCALL msg=audit(1437408850.342:377): arch=x86_64 syscall=unlink 
success=yes exit=0 a0=7fffd3473a60 a1=c2 a2=180 a3=1 items=0 ppid=2581 
pid=2582 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 
fsgid=0 ses=4294967295 tty=(none) comm=python exe=/usr/bin/python2.7 
subj=system_u:system_r:blueman_t:s0-s0:c0.c1023 key=(null)

Hash: python,blueman_t,tmp_t,dir,remove_name

The rest are summarised as:
SELinux is preventing /usr/bin/python2.7 from execute access on the file .

SELinux is preventing /usr/sbin/lightdm from write access on the directory .

SELinux is preventing /usr/sbin/lightdm from append access on the file .

The rest of the 16 alerts are all re: write access

Please note that I have stopped and disabled sysstat-collect.timerand 
sysstat.service
since my previous reply.

Also note that I fully re-installed fresh due to the frustration since 
my first
report about this thread.








More information about the users mailing list