FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 09-02-2008, 01:04 AM
Murray McAllister
 
Default error when adding a translation with "semanage translation -a"

Hi,

This is probably user error. I want to add a translation:

1. sudo cat /etc/selinux/targeted/setrans.conf

s0=
s0-s0:c0.c1023=SystemLow-SystemHigh
s0:c0.c1023=SystemHigh

2. $ sudo semanage translation -l

Level Translation

s0
s0-s0:c0.c1023 SystemLow-SystemHigh
s0:c0.c1023 SystemHigh

3. Attempt to add a new translation:
$ sudo semanage translation -a -T NotSecret s0:c1

/etc/init.d/functions: line 19: /sbin/consoletype: Permission denied
basename: write error: Permission denied
basename: write error: Permission denied
env: /etc/init.d/mcstrans: Permission denied

4. Translation appears to have been added:

sudo semanage translation -l

Level Translation

s0
s0-s0:c0.c1023 SystemLow-SystemHigh
s0:c0.c1023 SystemHigh
s0:c1 NotSecret

sudo cat /etc/selinux/targeted/setrans.conf

s0=
s0-s0:c0.c1023=SystemLow-SystemHigh
s0:c0.c1023=SystemHigh
s0:c1=NotSecret

The following is logged to /var/log/messages:

Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing service
(semanage_t) "execute" to ./consoletype (consoletype_exec_t). For
complete SELinux messages. run sealert -l
3a9da9b1-9310-492b-a4fd-3706d8d78259
Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing service
(semanage_t) "execute" to ./consoletype (consoletype_exec_t). For
complete SELinux messages. run sealert -l
3a9da9b1-9310-492b-a4fd-3706d8d78259
Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing service
(semanage_t) "read" to pipe (semanage_t). For complete SELinux messages.
run sealert -l 154967ff-45a0-4b8f-bf04-25546f129dd3
Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing service
(semanage_t) "read" to pipe (semanage_t). For complete SELinux messages.
run sealert -l 154967ff-45a0-4b8f-bf04-25546f129dd3
Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing basename
(semanage_t) "getattr" to pipe (semanage_t). For complete SELinux
messages. run sealert -l 641f7545-c40c-4d79-84c7-97e2b32d8c0a
Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing basename
(semanage_t) "write" to pipe (semanage_t). For complete SELinux
messages. run sealert -l 2ab7598a-b0f7-4dec-a10d-cb4cfac057ee
Aug 31 20:57:01 localhost setroubleshoot: SELinux is preventing basename
(semanage_t) "getattr" to pipe (semanage_t). For complete SELinux
messages. run sealert -l 641f7545-c40c-4d79-84c7-97e2b32d8c0a
Aug 31 20:57:01 localhost setroubleshoot: SELinux is preventing basename
(semanage_t) "write" to pipe (semanage_t). For complete SELinux
messages. run sealert -l 2ab7598a-b0f7-4dec-a10d-cb4cfac057ee
Aug 31 20:57:01 localhost setroubleshoot: SELinux is preventing service
(semanage_t) "read" to pipe (semanage_t). For complete SELinux messages.
run sealert -l 154967ff-45a0-4b8f-bf04-25546f129dd3
Aug 31 20:57:01 localhost setroubleshoot: SELinux is preventing env
(semanage_t) "transition" to /etc/rc.d/init.d/mcstrans (semanage_t). For
complete SELinux messages. run sealert -l
ac0f934e-29dc-4702-a2f4-3a752150cb8f


The following is logged to /var/log/audit/audit.log:

type=AVC msg=audit(1220180220.598:367): avc: denied { execute } for
pid=2118 comm="service" name="consoletype" dev=sda5 ino=73034
scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tcontext=system_ubject_r:consoletype_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1220180220.598:367): arch=40000003 syscall=11
success=no exit=-13 a0=8d4c760 a1=8d4c7a8 a2=8d4c3b8 a3=0 items=0
ppid=2117 pid=2118 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 ses=1 comm="service" exe="/bin/bash"
subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1220180220.599:368): avc: denied { execute } for
pid=2118 comm="service" name="consoletype" dev=sda5 ino=73034
scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tcontext=system_ubject_r:consoletype_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1220180220.599:368): arch=40000003 syscall=33
success=no exit=-13 a0=8d4c760 a1=1 a2=11 a3=8d4c760 items=0 ppid=2117
pid=2118 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 ses=1 comm="service" exe="/bin/bash"
subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1220180220.637:369): avc: denied { read } for
pid=2116 comm="service" path="pipe:[12134]" dev=pipefs ino=12134
scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tclass=fifo_file
type=SYSCALL msg=audit(1220180220.637:369): arch=40000003 syscall=3
success=no exit=-13 a0=3 a1=bfb075c8 a2=80 a3=80 items=0 ppid=2115
pid=2116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 ses=1 comm="service" exe="/bin/bash"
subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1220180220.679:370): avc: denied { read } for
pid=2116 comm="service" path="pipe:[12135]" dev=pipefs ino=12135
scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tclass=fifo_file
type=SYSCALL msg=audit(1220180220.679:370): arch=40000003 syscall=3
success=no exit=-13 a0=3 a1=bfb079c8 a2=80 a3=80 items=0 ppid=2115
pid=2116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 ses=1 comm="service" exe="/bin/bash"
subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1220180220.694:371): avc: denied { getattr } for
pid=2119 comm="basename" path="pipe:[12135]" dev=pipefs ino=12135
scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tclass=fifo_file
type=SYSCALL msg=audit(1220180220.694:371): arch=40000003 syscall=197
success=no exit=-13 a0=1 a1=bfd3e414 a2=960ff4 a3=9614c0 items=0
ppid=2116 pid=2119 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 ses=1 comm="basename" exe="/bin/basename"
subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1220180220.708:372): avc: denied { write } for
pid=2119 comm="basename" path="pipe:[12135]" dev=pipefs ino=12135
scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tclass=fifo_file
type=SYSCALL msg=audit(1220180220.708:372): arch=40000003 syscall=4
success=no exit=-13 a0=1 a1=b7f3d000 a2=8 a3=8 items=0 ppid=2116
pid=2119 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 ses=1 comm="basename" exe="/bin/basename"
subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1220180220.727:373): avc: denied { getattr } for
pid=2120 comm="basename" path="pipe:[12136]" dev=pipefs ino=12136
scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tclass=fifo_file
type=SYSCALL msg=audit(1220180220.727:373): arch=40000003 syscall=197
success=no exit=-13 a0=1 a1=bffb9684 a2=960ff4 a3=9614c0 items=0
ppid=2116 pid=2120 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 ses=1 comm="basename" exe="/bin/basename"
subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1220180220.728:374): avc: denied { write } for
pid=2120 comm="basename" path="pipe:[12136]" dev=pipefs ino=12136
scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tclass=fifo_file
type=SYSCALL msg=audit(1220180220.728:374): arch=40000003 syscall=4
success=no exit=-13 a0=1 a1=b80b8000 a2=8 a3=8 items=0 ppid=2116
pid=2120 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 ses=1 comm="basename" exe="/bin/basename"
subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1220180220.749:375): avc: denied { read } for
pid=2116 comm="service" path="pipe:[12136]" dev=pipefs ino=12136
scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tclass=fifo_file
type=SYSCALL msg=audit(1220180220.749:375): arch=40000003 syscall=3
success=no exit=-13 a0=3 a1=bfb079c8 a2=80 a3=80 items=0 ppid=2115
pid=2116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 ses=1 comm="service" exe="/bin/bash"
subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1220180220.760:376): avc: denied { transition } for
pid=2121 comm="env" path="/etc/rc.d/init.d/mcstrans" dev=sda5
ino=222868 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:semanage_t:s0 tclass=process
type=SYSCALL msg=audit(1220180220.760:376): arch=40000003 syscall=11
success=no exit=-13 a0=bfd449ce a1=bfd435b8 a2=9922858 a3=5 items=0
ppid=2116 pid=2121 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts0 ses=1 comm="env" exe="/bin/env"
subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)


The system:

* Fedora release 9 (Sulphur)
* kernel-2.6.25.14-108.fc9.i686
* kernel-headers-2.6.25.14-108.fc9.i386

* policycoreutils-2.0.52-5.fc9.i386
* mcstrans-0.2.11-1.fc9.i386
* selinux-policy-targeted-3.3.1-84.fc9.noarch
* selinux-policy-3.3.1-84.fc9.noarch
* selinux-policy-devel-3.3.1-84.fc9.noarch
* libselinux-python-2.0.67-4.fc9.i386
* libselinux-2.0.67-4.fc9.i386

$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 22
Policy from config file: targeted

ps -eZ | grep mcs
system_u:system_r:setrans_t:SystemLow-SystemHigh 1262 ? 00:00:00 mcstransd

Regards,

Murray.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-04-2008, 09:00 PM
Daniel J Walsh
 
Default error when adding a translation with "semanage translation -a"

Murray McAllister wrote:
> Hi,
>
> This is probably user error. I want to add a translation:
>
> 1. sudo cat /etc/selinux/targeted/setrans.conf
>
> s0=
> s0-s0:c0.c1023=SystemLow-SystemHigh
> s0:c0.c1023=SystemHigh
>
> 2. $ sudo semanage translation -l
>
> Level Translation
>
> s0
> s0-s0:c0.c1023 SystemLow-SystemHigh
> s0:c0.c1023 SystemHigh
>
> 3. Attempt to add a new translation:
> $ sudo semanage translation -a -T NotSecret s0:c1
>
> /etc/init.d/functions: line 19: /sbin/consoletype: Permission denied
> basename: write error: Permission denied
> basename: write error: Permission denied
> env: /etc/init.d/mcstrans: Permission denied
>
> 4. Translation appears to have been added:
>
> sudo semanage translation -l
>
> Level Translation
>
> s0
> s0-s0:c0.c1023 SystemLow-SystemHigh
> s0:c0.c1023 SystemHigh
> s0:c1 NotSecret
>
> sudo cat /etc/selinux/targeted/setrans.conf
>
> s0=
> s0-s0:c0.c1023=SystemLow-SystemHigh
> s0:c0.c1023=SystemHigh
> s0:c1=NotSecret
>
> The following is logged to /var/log/messages:
>
> Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing service
> (semanage_t) "execute" to ./consoletype (consoletype_exec_t). For
> complete SELinux messages. run sealert -l
> 3a9da9b1-9310-492b-a4fd-3706d8d78259
> Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing service
> (semanage_t) "execute" to ./consoletype (consoletype_exec_t). For
> complete SELinux messages. run sealert -l
> 3a9da9b1-9310-492b-a4fd-3706d8d78259
> Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing service
> (semanage_t) "read" to pipe (semanage_t). For complete SELinux messages.
> run sealert -l 154967ff-45a0-4b8f-bf04-25546f129dd3
> Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing service
> (semanage_t) "read" to pipe (semanage_t). For complete SELinux messages.
> run sealert -l 154967ff-45a0-4b8f-bf04-25546f129dd3
> Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing basename
> (semanage_t) "getattr" to pipe (semanage_t). For complete SELinux
> messages. run sealert -l 641f7545-c40c-4d79-84c7-97e2b32d8c0a
> Aug 31 20:57:00 localhost setroubleshoot: SELinux is preventing basename
> (semanage_t) "write" to pipe (semanage_t). For complete SELinux
> messages. run sealert -l 2ab7598a-b0f7-4dec-a10d-cb4cfac057ee
> Aug 31 20:57:01 localhost setroubleshoot: SELinux is preventing basename
> (semanage_t) "getattr" to pipe (semanage_t). For complete SELinux
> messages. run sealert -l 641f7545-c40c-4d79-84c7-97e2b32d8c0a
> Aug 31 20:57:01 localhost setroubleshoot: SELinux is preventing basename
> (semanage_t) "write" to pipe (semanage_t). For complete SELinux
> messages. run sealert -l 2ab7598a-b0f7-4dec-a10d-cb4cfac057ee
> Aug 31 20:57:01 localhost setroubleshoot: SELinux is preventing service
> (semanage_t) "read" to pipe (semanage_t). For complete SELinux messages.
> run sealert -l 154967ff-45a0-4b8f-bf04-25546f129dd3
> Aug 31 20:57:01 localhost setroubleshoot: SELinux is preventing env
> (semanage_t) "transition" to /etc/rc.d/init.d/mcstrans (semanage_t). For
> complete SELinux messages. run sealert -l
> ac0f934e-29dc-4702-a2f4-3a752150cb8f
>
> The following is logged to /var/log/audit/audit.log:
>
> type=AVC msg=audit(1220180220.598:367): avc: denied { execute } for
> pid=2118 comm="service" name="consoletype" dev=sda5 ino=73034
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tcontext=system_ubject_r:consoletype_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1220180220.598:367): arch=40000003 syscall=11
> success=no exit=-13 a0=8d4c760 a1=8d4c7a8 a2=8d4c3b8 a3=0 items=0
> ppid=2117 pid=2118 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts0 ses=1 comm="service" exe="/bin/bash"
> subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1220180220.599:368): avc: denied { execute } for
> pid=2118 comm="service" name="consoletype" dev=sda5 ino=73034
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tcontext=system_ubject_r:consoletype_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1220180220.599:368): arch=40000003 syscall=33
> success=no exit=-13 a0=8d4c760 a1=1 a2=11 a3=8d4c760 items=0 ppid=2117
> pid=2118 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=pts0 ses=1 comm="service" exe="/bin/bash"
> subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1220180220.637:369): avc: denied { read } for
> pid=2116 comm="service" path="pipe:[12134]" dev=pipefs ino=12134
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tclass=fifo_file
> type=SYSCALL msg=audit(1220180220.637:369): arch=40000003 syscall=3
> success=no exit=-13 a0=3 a1=bfb075c8 a2=80 a3=80 items=0 ppid=2115
> pid=2116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=pts0 ses=1 comm="service" exe="/bin/bash"
> subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1220180220.679:370): avc: denied { read } for
> pid=2116 comm="service" path="pipe:[12135]" dev=pipefs ino=12135
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tclass=fifo_file
> type=SYSCALL msg=audit(1220180220.679:370): arch=40000003 syscall=3
> success=no exit=-13 a0=3 a1=bfb079c8 a2=80 a3=80 items=0 ppid=2115
> pid=2116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=pts0 ses=1 comm="service" exe="/bin/bash"
> subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1220180220.694:371): avc: denied { getattr } for
> pid=2119 comm="basename" path="pipe:[12135]" dev=pipefs ino=12135
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tclass=fifo_file
> type=SYSCALL msg=audit(1220180220.694:371): arch=40000003 syscall=197
> success=no exit=-13 a0=1 a1=bfd3e414 a2=960ff4 a3=9614c0 items=0
> ppid=2116 pid=2119 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts0 ses=1 comm="basename" exe="/bin/basename"
> subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1220180220.708:372): avc: denied { write } for
> pid=2119 comm="basename" path="pipe:[12135]" dev=pipefs ino=12135
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tclass=fifo_file
> type=SYSCALL msg=audit(1220180220.708:372): arch=40000003 syscall=4
> success=no exit=-13 a0=1 a1=b7f3d000 a2=8 a3=8 items=0 ppid=2116
> pid=2119 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=pts0 ses=1 comm="basename" exe="/bin/basename"
> subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1220180220.727:373): avc: denied { getattr } for
> pid=2120 comm="basename" path="pipe:[12136]" dev=pipefs ino=12136
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tclass=fifo_file
> type=SYSCALL msg=audit(1220180220.727:373): arch=40000003 syscall=197
> success=no exit=-13 a0=1 a1=bffb9684 a2=960ff4 a3=9614c0 items=0
> ppid=2116 pid=2120 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts0 ses=1 comm="basename" exe="/bin/basename"
> subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1220180220.728:374): avc: denied { write } for
> pid=2120 comm="basename" path="pipe:[12136]" dev=pipefs ino=12136
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tclass=fifo_file
> type=SYSCALL msg=audit(1220180220.728:374): arch=40000003 syscall=4
> success=no exit=-13 a0=1 a1=b80b8000 a2=8 a3=8 items=0 ppid=2116
> pid=2120 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=pts0 ses=1 comm="basename" exe="/bin/basename"
> subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1220180220.749:375): avc: denied { read } for
> pid=2116 comm="service" path="pipe:[12136]" dev=pipefs ino=12136
> scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tclass=fifo_file
> type=SYSCALL msg=audit(1220180220.749:375): arch=40000003 syscall=3
> success=no exit=-13 a0=3 a1=bfb079c8 a2=80 a3=80 items=0 ppid=2115
> pid=2116 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 tty=pts0 ses=1 comm="service" exe="/bin/bash"
> subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1220180220.760:376): avc: denied { transition } for
> pid=2121 comm="env" path="/etc/rc.d/init.d/mcstrans" dev=sda5
> ino=222868 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:semanage_t:s0 tclass=process
> type=SYSCALL msg=audit(1220180220.760:376): arch=40000003 syscall=11
> success=no exit=-13 a0=bfd449ce a1=bfd435b8 a2=9922858 a3=5 items=0
> ppid=2116 pid=2121 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=pts0 ses=1 comm="env" exe="/bin/env"
> subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
>
> The system:
>
> * Fedora release 9 (Sulphur)
> * kernel-2.6.25.14-108.fc9.i686
> * kernel-headers-2.6.25.14-108.fc9.i386
>
> * policycoreutils-2.0.52-5.fc9.i386
> * mcstrans-0.2.11-1.fc9.i386
> * selinux-policy-targeted-3.3.1-84.fc9.noarch
> * selinux-policy-3.3.1-84.fc9.noarch
> * selinux-policy-devel-3.3.1-84.fc9.noarch
> * libselinux-python-2.0.67-4.fc9.i386
> * libselinux-2.0.67-4.fc9.i386
>
> $ sestatus
> SELinux status: enabled
> SELinuxfs mount: /selinux
> Current mode: enforcing
> Mode from config file: enforcing
> Policy version: 22
> Policy from config file: targeted
>
> ps -eZ | grep mcs
> system_u:system_r:setrans_t:SystemLow-SystemHigh 1262 ? 00:00:00 mcstransd
>
> Regards,
>
> Murray.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Fixed in
selinux-policy-3.5.6-2.fc10.noarch

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 07:46 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org