FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 07-11-2008, 03:28 PM
Dan Thurman
 
Default F9: gam_server

Again, more issues. Suggested fix?
============================
Summary:

SELinux is preventing gam_server (gamin_t) "dac_override" to <Unknown>
(gamin_t).

Detailed Description:

SELinux denied access requested by gam_server. It is not expected that this
access is required by gam_server and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration
of the

application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.

Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context system_u:system_r:gamin_t:s0
Target Context system_u:system_r:gamin_t:s0
Target Objects None [ capability ]
Source gam_server
Source Path /usr/libexec/gam_server
Port <Unknown>
Host bronze.cdkkt.com
Source RPM Packages gamin-0.1.9-5.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-74.fc9

Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name bronze.cdkkt.com
Platform Linux bronze.cdkkt.com
2.6.25.9-76.fc9.i686 #1 SMP

Fri Jun 27 16:14:35 EDT 2008 i686 i686
Alert Count 20
First Seen Thu 10 Jul 2008 10:35:43 AM PDT
Last Seen Thu 10 Jul 2008 11:11:40 AM PDT
Local ID 5eb1bf77-5c10-4071-9892-bac42ca11adb
Line Numbers

Raw Audit Messages

host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc:
denied { dac_override } for pid=11637 comm="gam_server" capability=1
scontext=system_u:system_r:gamin_t:s0
tcontext=system_u:system_r:gamin_t:s0 tclass=capability


host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc:
denied { dac_read_search } for pid=11637 comm="gam_server"
capability=2 scontext=system_u:system_r:gamin_t:s0
tcontext=system_u:system_r:gamin_t:s0 tclass=capability


host=bronze.cdkkt.com type=SYSCALL msg=audit(1215713500.169:272):
arch=40000003 syscall=33 success=no exit=-13 a0=96ca580 a1=0 a2=4b9264
a3=10 items=0 ppid=1 pid=11637 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="gam_server" exe="/usr/libexec/gam_server"
subj=system_u:system_r:gamin_t:s0 key=(null)



--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-14-2008, 01:05 PM
Daniel J Walsh
 
Default F9: gam_server

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan Thurman wrote:
> Again, more issues. Suggested fix?
> ============================
> Summary:
>
> SELinux is preventing gam_server (gamin_t) "dac_override" to <Unknown>
> (gamin_t).
>
> Detailed Description:
>
> SELinux denied access requested by gam_server. It is not expected that this
> access is required by gam_server and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context system_u:system_r:gamin_t:s0
> Target Context system_u:system_r:gamin_t:s0
> Target Objects None [ capability ]
> Source gam_server
> Source Path /usr/libexec/gam_server
> Port <Unknown>
> Host bronze.cdkkt.com
> Source RPM Packages gamin-0.1.9-5.fc9
> Target RPM Packages Policy RPM
> selinux-policy-3.3.1-74.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name bronze.cdkkt.com
> Platform Linux bronze.cdkkt.com
> 2.6.25.9-76.fc9.i686 #1 SMP
> Fri Jun 27 16:14:35 EDT 2008 i686 i686
> Alert Count 20
> First Seen Thu 10 Jul 2008 10:35:43 AM PDT
> Last Seen Thu 10 Jul 2008 11:11:40 AM PDT
> Local ID 5eb1bf77-5c10-4071-9892-bac42ca11adb
> Line Numbers
> Raw Audit Messages
> host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc:
> denied { dac_override } for pid=11637 comm="gam_server" capability=1
> scontext=system_u:system_r:gamin_t:s0
> tcontext=system_u:system_r:gamin_t:s0 tclass=capability
>
> host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc:
> denied { dac_read_search } for pid=11637 comm="gam_server"
> capability=2 scontext=system_u:system_r:gamin_t:s0
> tcontext=system_u:system_r:gamin_t:s0 tclass=capability
>
> host=bronze.cdkkt.com type=SYSCALL msg=audit(1215713500.169:272):
> arch=40000003 syscall=33 success=no exit=-13 a0=96ca580 a1=0 a2=4b9264
> a3=10 items=0 ppid=1 pid=11637 auid=4294967295 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
> comm="gam_server" exe="/usr/libexec/gam_server"
> subj=system_u:system_r:gamin_t:s0 key=(null)
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This is a bad domain and will be fixed in the next update. For now it
is probably best to just relabel the gamin_exec_t to bin_t and stop the
transition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkh7TxYACgkQrlYvE4MpobMZoACgxpQqu7e/wSNBUJ6eNtmmR/yG
28cAoLpvykovrTIrThMTTGWdNMVWLAiR
=ArZ/
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-21-2008, 11:42 AM
Adam Huffman
 
Default F9: gam_server

Daniel J Walsh wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan Thurman wrote:


Again, more issues. Suggested fix?
============================
Summary:

SELinux is preventing gam_server (gamin_t) "dac_override" to <Unknown>
(gamin_t).

Detailed Description:

SELinux denied access requested by gam_server. It is not expected that this
access is required by gam_server and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration
of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context system_u:system_r:gamin_t:s0
Target Context system_u:system_r:gamin_t:s0
Target Objects None [ capability ]
Source gam_server
Source Path /usr/libexec/gam_server
Port <Unknown>
Host bronze.cdkkt.com
Source RPM Packages gamin-0.1.9-5.fc9
Target RPM Packages Policy RPM
selinux-policy-3.3.1-74.fc9

Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name bronze.cdkkt.com
Platform Linux bronze.cdkkt.com
2.6.25.9-76.fc9.i686 #1 SMP
Fri Jun 27 16:14:35 EDT 2008 i686 i686
Alert Count 20
First Seen Thu 10 Jul 2008 10:35:43 AM PDT
Last Seen Thu 10 Jul 2008 11:11:40 AM PDT
Local ID 5eb1bf77-5c10-4071-9892-bac42ca11adb
Line Numbers
Raw Audit Messages
host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc:
denied { dac_override } for pid=11637 comm="gam_server" capability=1

scontext=system_u:system_r:gamin_t:s0
tcontext=system_u:system_r:gamin_t:s0 tclass=capability

host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc:
denied { dac_read_search } for pid=11637 comm="gam_server"

capability=2 scontext=system_u:system_r:gamin_t:s0
tcontext=system_u:system_r:gamin_t:s0 tclass=capability

host=bronze.cdkkt.com type=SYSCALL msg=audit(1215713500.169:272):
arch=40000003 syscall=33 success=no exit=-13 a0=96ca580 a1=0 a2=4b9264
a3=10 items=0 ppid=1 pid=11637 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="gam_server" exe="/usr/libexec/gam_server"
subj=system_u:system_r:gamin_t:s0 key=(null)


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


This is a bad domain and will be fixed in the next update. For now it
is probably best to just relabel the gamin_exec_t to bin_t and stop the
transition.




After updating today I'm seeing thousands of these, to the extent that I
had to stop the setroubleshoot service:


Source RPM Packages gamin-0.1.9-5.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-78.fc9

Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file

2.6.25.10-86.fc9.x86_64 #1 SMP Mon Jul 7
20:23:46

EDT 2008 x86_64 x86_64
Alert Count 2565
First Seen Mon 21 Jul 2008 12:32:35 BST
Last Seen Mon 21 Jul 2008 12:38:10 BST
Local ID 6ec7acfe-2373-4bb0-b598-ed8c37265ac9
Line Numbers

Raw Audit Messages

type=AVC msg=audit(1216640290.738:969906): avc: denied { read } for
pid=3319 comm="gam_server" path="inotify" dev=inotifyfs ino=1
scontext=system_ubject_r:unlabeled_t:s0
tcontext=system_ubject_r:inotifyfs_t:s0 tclass=dir


type=SYSCALL msg=audit(1216640290.738:969906): arch=c000003e syscall=0
success=no exit=-13 a0=3 a1=23d9210 a2=400 a3=0 items=0 ppid=1 pid=3319
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="gam_server"
exe="/usr/libexec/gam_server" subj=system_ubject_r:unlabeled_t:s0
key=(null)


--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 12:56 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org