FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 07-02-2008, 03:27 PM
Chuck Anderson
 
Default auditd went crazy

July 1st at 00:18:02, I started getting thousands of audit messages
(hundreds per second). They didn't stop until I did "service auditd
restart":

I finally noticed the problem when logwatch told me this:

audit: audit_backlog=262 > audit_backlog_limit=256
audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=256
audit: backlog limit exceeded
audit: audit_backlog=262 > audit_backlog_limit=256
audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=256
audit: backlog limit exceeded
audit: audit_backlog=262 > audit_backlog_limit=256
audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=256
audit: backlog limit exceeded
audit: audit_backlog=262 > audit_backlog_limit=256


Here is the start of the messages, with a few normal audit messages
before it:

type=LOGIN msg=audit(07/01/2008 00:10:01.754:139884) : login pid=24775
uid=root old auid=unset new auid=root
----
type=USER_START msg=audit(07/01/2008 00:10:01.755:139885) : user
pid=24775 uid=root auid=root
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open
acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
res=success)'
----
type=CRED_DISP msg=audit(07/01/2008 00:10:01.763:139886) : user
pid=24773 uid=root auid=root
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred
acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
res=success)'
----
type=USER_END msg=audit(07/01/2008 00:10:01.763:139887) : user
pid=24773 uid=root auid=root
subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='op=PAM:session_close acct=root exe=/usr/sbin/crond (hostname=?,
addr=?, terminal=cron res=success)'
----
type=CRED_DISP msg=audit(07/01/2008 00:10:01.770:139888) : user
pid=24775 uid=root auid=root
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred
acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
res=success)'
----
type=USER_END msg=audit(07/01/2008 00:10:01.770:139889) : user
pid=24775 uid=root auid=root
subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='op=PAM:session_close acct=root exe=/usr/sbin/crond (hostname=?,
addr=?, terminal=cron res=success)'
----
type=USER_ACCT msg=audit(07/01/2008 00:15:01.775:139890) : user
pid=24781 uid=root auid=unset
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting
acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
res=success)'
----
type=CRED_ACQ msg=audit(07/01/2008 00:15:01.776:139891) : user
pid=24781 uid=root auid=unset
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred
acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
res=success)'
----
type=LOGIN msg=audit(07/01/2008 00:15:01.776:139892) : login pid=24781
uid=root old auid=unset new auid=root
----
type=USER_START msg=audit(07/01/2008 00:15:01.777:139893) : user
pid=24781 uid=root auid=root
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open
acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
res=success)'
----
type=CRED_DISP msg=audit(07/01/2008 00:15:01.791:139894) : user
pid=24781 uid=root auid=root
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred
acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
res=success)'
----
type=USER_END msg=audit(07/01/2008 00:15:01.791:139895) : user
pid=24781 uid=root auid=root
subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='op=PAM:session_close acct=root exe=/usr/sbin/crond (hostname=?,
addr=?, terminal=cron res=success)'
----
type=SYSCALL msg=audit(07/01/2008 00:18:02.766:139896) : arch=i386
syscall=execve success=yes exit=0 a0=9c0aa40 a1=9c069a8 a2=9c0ab08
a3=0 items=0 ppid=24821 pid=24826 auid=fs uid=root gid=root euid=root
suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none$
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13697886]
dev=sockfs ino=13697886 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692415]
dev=sockfs ino=13692415 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692404]
dev=sockfs ino=13692404 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692402]
dev=sockfs ino=13692402 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692400]
dev=sockfs ino=13692400 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692398]
dev=sockfs ino=13692398 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692396]
dev=sockfs ino=13692396 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692394]
dev=sockfs ino=13692394 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692392]
dev=sockfs ino=13692392 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692390]
dev=sockfs ino=13692390 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692388]
dev=sockfs ino=13692388 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692386]
dev=sockfs ino=13692386 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692380]
dev=sockfs ino=13692380 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692377]
dev=sockfs ino=13692377 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692375]
dev=sockfs ino=13692375 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692326]
dev=sockfs ino=13692326 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692301]
dev=sockfs ino=13692301 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692299]
dev=sockfs ino=13692299 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692297]
dev=sockfs ino=13692297 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692226]
dev=sockfs ino=13692226 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692219]
dev=sockfs ino=13692219 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692217]
dev=sockfs ino=13692217 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13648053]
dev=sockfs ino=13648053 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692215]
dev=sockfs ino=13692215 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13692087]
dev=sockfs ino=13692087 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13698044]
dev=sockfs ino=13698044 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13698042]
dev=sockfs ino=13698042 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13698039]
dev=sockfs ino=13698039 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13698037]
dev=sockfs ino=13698037 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13698035]
dev=sockfs ino=13698035 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13698033]
dev=sockfs ino=13698033 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
read write } for pid=24826 comm=rndc path=socket:[13698029]
dev=sockfs ino=13698029 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket

...

type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830554] dev=sockfs
ino=13830554 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830552] dev=sockfs
ino=13830552 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830550] dev=sockfs
ino=13830550 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830548] dev=sockfs
ino=13830548 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830546] dev=sockfs
ino=13830546 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830544] dev=sockfs
ino=13830544 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830542] dev=sockfs
ino=13830542 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830540] dev=sockfs
ino=13830540 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830538] dev=sockfs
ino=13830538 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830536] dev=sockfs
ino=13830536 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830530] dev=sockfs
ino=13830530 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830460] dev=sockfs
ino=13830460 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830435] dev=sockfs
ino=13830435 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830238] dev=sockfs
ino=13830238 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830433] dev=sockfs
ino=13830433 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830431] dev=sockfs
ino=13830431 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
read write } for pid=9726 comm=rndc path=socket:[13830360] dev=sockfs
ino=13830360 scontext=unconfined_u:system_r:ndc_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket

Anyone know what happened?

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-03-2008, 07:05 PM
Daniel J Walsh
 
Default auditd went crazy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chuck Anderson wrote:
> July 1st at 00:18:02, I started getting thousands of audit messages
> (hundreds per second). They didn't stop until I did "service auditd
> restart":
>
> I finally noticed the problem when logwatch told me this:
>
> audit: audit_backlog=262 > audit_backlog_limit=256
> audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=256
> audit: backlog limit exceeded
> audit: audit_backlog=262 > audit_backlog_limit=256
> audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=256
> audit: backlog limit exceeded
> audit: audit_backlog=262 > audit_backlog_limit=256
> audit: audit_lost=3 audit_rate_limit=0 audit_backlog_limit=256
> audit: backlog limit exceeded
> audit: audit_backlog=262 > audit_backlog_limit=256
>
>
> Here is the start of the messages, with a few normal audit messages
> before it:
>
> type=LOGIN msg=audit(07/01/2008 00:10:01.754:139884) : login pid=24775
> uid=root old auid=unset new auid=root
> ----
> type=USER_START msg=audit(07/01/2008 00:10:01.755:139885) : user
> pid=24775 uid=root auid=root
> subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open
> acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
> res=success)'
> ----
> type=CRED_DISP msg=audit(07/01/2008 00:10:01.763:139886) : user
> pid=24773 uid=root auid=root
> subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred
> acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
> res=success)'
> ----
> type=USER_END msg=audit(07/01/2008 00:10:01.763:139887) : user
> pid=24773 uid=root auid=root
> subj=system_u:system_r:crond_t:s0-s0:c0.c1023
> msg='op=PAM:session_close acct=root exe=/usr/sbin/crond (hostname=?,
> addr=?, terminal=cron res=success)'
> ----
> type=CRED_DISP msg=audit(07/01/2008 00:10:01.770:139888) : user
> pid=24775 uid=root auid=root
> subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred
> acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
> res=success)'
> ----
> type=USER_END msg=audit(07/01/2008 00:10:01.770:139889) : user
> pid=24775 uid=root auid=root
> subj=system_u:system_r:crond_t:s0-s0:c0.c1023
> msg='op=PAM:session_close acct=root exe=/usr/sbin/crond (hostname=?,
> addr=?, terminal=cron res=success)'
> ----
> type=USER_ACCT msg=audit(07/01/2008 00:15:01.775:139890) : user
> pid=24781 uid=root auid=unset
> subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting
> acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
> res=success)'
> ----
> type=CRED_ACQ msg=audit(07/01/2008 00:15:01.776:139891) : user
> pid=24781 uid=root auid=unset
> subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred
> acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
> res=success)'
> ----
> type=LOGIN msg=audit(07/01/2008 00:15:01.776:139892) : login pid=24781
> uid=root old auid=unset new auid=root
> ----
> type=USER_START msg=audit(07/01/2008 00:15:01.777:139893) : user
> pid=24781 uid=root auid=root
> subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open
> acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
> res=success)'
> ----
> type=CRED_DISP msg=audit(07/01/2008 00:15:01.791:139894) : user
> pid=24781 uid=root auid=root
> subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred
> acct=root exe=/usr/sbin/crond (hostname=?, addr=?, terminal=cron
> res=success)'
> ----
> type=USER_END msg=audit(07/01/2008 00:15:01.791:139895) : user
> pid=24781 uid=root auid=root
> subj=system_u:system_r:crond_t:s0-s0:c0.c1023
> msg='op=PAM:session_close acct=root exe=/usr/sbin/crond (hostname=?,
> addr=?, terminal=cron res=success)'
> ----
> type=SYSCALL msg=audit(07/01/2008 00:18:02.766:139896) : arch=i386
> syscall=execve success=yes exit=0 a0=9c0aa40 a1=9c069a8 a2=9c0ab08
> a3=0 items=0 ppid=24821 pid=24826 auid=fs uid=root gid=root euid=root
> suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none$
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13697886]
> dev=sockfs ino=13697886 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692415]
> dev=sockfs ino=13692415 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692404]
> dev=sockfs ino=13692404 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692402]
> dev=sockfs ino=13692402 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692400]
> dev=sockfs ino=13692400 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692398]
> dev=sockfs ino=13692398 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692396]
> dev=sockfs ino=13692396 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692394]
> dev=sockfs ino=13692394 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692392]
> dev=sockfs ino=13692392 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692390]
> dev=sockfs ino=13692390 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692388]
> dev=sockfs ino=13692388 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692386]
> dev=sockfs ino=13692386 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692380]
> dev=sockfs ino=13692380 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692377]
> dev=sockfs ino=13692377 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692375]
> dev=sockfs ino=13692375 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692326]
> dev=sockfs ino=13692326 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692301]
> dev=sockfs ino=13692301 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692299]
> dev=sockfs ino=13692299 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692297]
> dev=sockfs ino=13692297 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692226]
> dev=sockfs ino=13692226 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692219]
> dev=sockfs ino=13692219 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692217]
> dev=sockfs ino=13692217 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13648053]
> dev=sockfs ino=13648053 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692215]
> dev=sockfs ino=13692215 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13692087]
> dev=sockfs ino=13692087 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13698044]
> dev=sockfs ino=13698044 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13698042]
> dev=sockfs ino=13698042 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13698039]
> dev=sockfs ino=13698039 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13698037]
> dev=sockfs ino=13698037 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13698035]
> dev=sockfs ino=13698035 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13698033]
> dev=sockfs ino=13698033 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/01/2008 00:18:02.766:139896) : avc: denied {
> read write } for pid=24826 comm=rndc path=socket:[13698029]
> dev=sockfs ino=13698029 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
>
> ...
>
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830554] dev=sockfs
> ino=13830554 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830552] dev=sockfs
> ino=13830552 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830550] dev=sockfs
> ino=13830550 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830548] dev=sockfs
> ino=13830548 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830546] dev=sockfs
> ino=13830546 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830544] dev=sockfs
> ino=13830544 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830542] dev=sockfs
> ino=13830542 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830540] dev=sockfs
> ino=13830540 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830538] dev=sockfs
> ino=13830538 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830536] dev=sockfs
> ino=13830536 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830530] dev=sockfs
> ino=13830530 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830460] dev=sockfs
> ino=13830460 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830435] dev=sockfs
> ino=13830435 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830238] dev=sockfs
> ino=13830238 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830433] dev=sockfs
> ino=13830433 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830431] dev=sockfs
> ino=13830431 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> read write } for pid=9726 comm=rndc path=socket:[13830360] dev=sockfs
> ino=13830360 scontext=unconfined_u:system_r:ndc_t:s0
> tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
>
> Anyone know what happened?
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Seems like you have a mislabeld program running as initrc_t?

ps -eZ | grep initrc_t


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkhtIuQACgkQrlYvE4MpobO4uwCfRufn9TZLpm nymeykpmNbv0e6
I3UAoK/8wKDksRLHuRP9As+goeZ4oe48
=vkoJ
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-03-2008, 08:42 PM
Chuck Anderson
 
Default auditd went crazy

On Thu, Jul 03, 2008 at 03:05:08PM -0400, Daniel J Walsh wrote:
> > type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> > read write } for pid=9726 comm=rndc path=socket:[13830433] dev=sockfs
> > ino=13830433 scontext=unconfined_u:system_r:ndc_t:s0
> > tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> > type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> > read write } for pid=9726 comm=rndc path=socket:[13830431] dev=sockfs
> > ino=13830431 scontext=unconfined_u:system_r:ndc_t:s0
> > tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> > type=AVC msg=audit(07/02/2008 10:54:46.348:144433) : avc: denied {
> > read write } for pid=9726 comm=rndc path=socket:[13830360] dev=sockfs
> > ino=13830360 scontext=unconfined_u:system_r:ndc_t:s0
> > tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
> >
> > Anyone know what happened?

> Seems like you have a mislabeld program running as initrc_t?
>
> ps -eZ | grep initrc_t

No results currently, but I'll keep an eye on it. I see these AVC
mostly from "rndc" (part of the bind name server package) and also
sometimes from "ifconfig" which is strange because I'm not running a
DHCP client, nor NetworkManager, nor any other program that I know of
that should be running "ifconfig".

type=AVC msg=audit(1214939740.621:142073): avc: denied { read write
} for pid=1330 comm="ifconfig" path="socket:[13885742]" dev=sockfs
ino=13885742 scontext=unconfined_u:system_r:ifconfig_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(1214939740.621:142073): avc: denied { read write
} for pid=1330 comm="ifconfig" path="socket:[13885749]" dev=sockfs
ino=13885749 scontext=unconfined_u:system_r:ifconfig_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=AVC msg=audit(1214939740.621:142073): avc: denied { read write
} for pid=1330 comm="ifconfig" path="socket:[13885756]" dev=sockfs
ino=13885756 scontext=unconfined_u:system_r:ifconfig_t:s0
tcontext=unconfined_u:system_r:initrc_t:s0 tclass=tcp_socket
type=SYSCALL msg=audit(1214939740.621:142073): arch=40000003
syscall=11 success=yes exit=0 a0=bfe3a0e0 a1=bfe3a110 a2=bfe4ac84
a3=bfe3a0e0 items=0 ppid=1306 pid=1330 auid=10000 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="ifconfig"
exe="/sbin/ifconfig" subj=unconfined_u:system_r:ifconfig_t:s0
key=(null)

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-04-2008, 01:54 PM
Todd Zullinger
 
Default auditd went crazy

Daniel J Walsh wrote:
> Seems like you have a mislabeld program running as initrc_t?
>
> ps -eZ | grep initrc_t

Are there some docs on how to fix up an programs running as initrc_t
(and when it is required to do so)? I notice that puppetd is in this
situation on my system, but I don't know if that's a potential problem
nor how to correct it if it is.

--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
Sometimes I wonder whether the world is being run by smart people who
are putting us on or by imbeciles who really mean it.
-- Mark Twain

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-08-2008, 06:35 PM
Daniel J Walsh
 
Default auditd went crazy

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Todd Zullinger wrote:
> Daniel J Walsh wrote:
>> Seems like you have a mislabeld program running as initrc_t?
>>
>> ps -eZ | grep initrc_t
>
> Are there some docs on how to fix up an programs running as initrc_t
> (and when it is required to do so)? I notice that puppetd is in this
> situation on my system, but I don't know if that's a potential problem
> nor how to correct it if it is.
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
No any system daemon that does not have policy will run as initrc_t, if
these daemons executed confined applications, you could see AVC's. But
ordinarily an initrc_t domains will run as "unconfined". It is the
equivalent of the unconfined_t domain for a logged in user.

We could write policy for puppetd and it would run under a different
context. Puppetd probably needs to do just about anything, so writing a
standard policy for it to work everywhere is impossible, so it would
have to be uncofined.

A lot of times AVC's for a confined domain referrring to initrc_t
indicates a leaked file descriptor.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkhzs2oACgkQrlYvE4MpobObKQCffuDxLZZi8V O6fMN9YsgwL8ZF
mCwAnjemACoAtARCctYhU13o2Lb7DuSm
=8Mj3
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 08:14 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org