Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   What severity would this SELinux denial have for the latest kernel? (http://www.linux-archive.org/fedora-selinux-support/28253-what-severity-would-selinux-denial-have-latest-kernel.html)

Antonio Olivares 01-03-2008 10:37 PM

What severity would this SELinux denial have for the latest kernel?
 
--- Jim Cornette <fct-cornette@insight.rr.com> wrote:

> I updated the kernel after installing the latest
> mkinitrd package and
> some errors were reported when pup finished. I also
> got the attsched
> SELinux error.
> The other SELinux error with xdm_var_lib_t was
> already mentioned in an
> earlier post.
>
> Jim
>
>
> kernel - 2.6.24-0.133.rc6.git8.fc9.i686
> WARNING: Couldn't open directory
>
/tmp/initrd.dY3159/lib/modules/2.6.24-0.133.rc6.git8.fc9:
> Permission denied
> FATAL: Could not open
>
/tmp/initrd.dY3159/lib/modules/2.6.24-0.133.rc6.git8.fc9/modules.dep.temp
>
> for writing: Permission denied
>
> --
> If life is a stage, I want some better lighting.
> >
> Summary
>
> SELinux is preventing the depmod(/sbin/depmod) from
> using potentially mislabeled
> files ().
> Detailed Description
>
> SELinux has denied depmod(/sbin/depmod) access to
> potentially mislabeled file(s)
> (<Unknown>). This means that SELinux will not allow
> depmod(/sbin/depmod) to use
> these files. It is common for users to edit files in
> their home directory or tmp
> directories and then move (mv) them to system
> directories. The problem is that
> the files end up with the wrong file context which
> confined applications are not
> allowed to access.
> Allowing Access
>
> If you want depmod(/sbin/depmod) to access this
> files, you need to relabel them
> using restorecon -v <Unknown>. You might want to
> relabel the entire directory
> using restorecon -R -v <Unknown>.Additional
> Information
>
> Source Context
> system_u:system_r:depmod_t
> Target Context
> system_u:object_r:tmp_t
> Target Objects None [ dir ]
> Source depmod(/sbin/depmod)
> Port <Unknown>
> Host HP-JCF7
> Source RPM Packages
> Target RPM Packages
> Policy RPM
> selinux-policy-3.2.5-7.fc9
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name home_tmp_bad_labels
> Host Name HP-JCF7
> Platform Linux HP-JCF7
> 2.6.23.8-63.fc8 #1 SMP Wed Nov 21
> 18:51:08 EST 2007 i686
> athlon
> Alert Count 2
> First Seen Thu 03 Jan 2008
> 05:47:20 PM EST
> Last Seen Thu 03 Jan 2008
> 05:47:20 PM EST
> Local ID
> bf1d6609-37f4-42b1-bd2c-75c64deca263
> Line Numbers
>
> Raw Audit Messages
>
> host=HP-JCF7 type=AVC msg=audit(1199400440.555:34):
> avc: denied { search } for pid=5198 comm="depmod"
> name="tmp" dev=sda6 ino=260097
> scontext=system_u:system_r:depmod_t:s0
> tcontext=system_u:object_r:tmp_t:s0 tclass=dir
>
> host=HP-JCF7 type=SYSCALL
> msg=audit(1199400440.555:34): arch=40000003
> syscall=5 success=no exit=-13 a0=bf866ab0 a1=241
> a2=1b6 a3=9c68480 items=0 ppid=2957 pid=5198
> auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) comm="depmod"
> exe="/sbin/depmod"
> subj=system_u:system_r:depmod_t:s0 key=(null)
>
>
> > --
> fedora-test-list mailing list
> fedora-test-list@redhat.com
> To unsubscribe:
>
https://www.redhat.com/mailman/listinfo/fedora-test-list

Jim,

at least you have it installed, on my machine it
failed :(

/sbin/new-kernel-pkg: line 254: /sbin/depmod:
Permission denied

nash received SIGSEGV! Backtrace (11):

/sbin/nash[0x805315a]

[0x130440]

/lib/libglib-2.0.so.0[0x1991a3]

/usr/lib/libbdevid.so.6.0.24(bdevid_module_unload_all+0x31)[0x5cee37]

/usr/lib/libbdevid.so.6.0.24(bdevid_destroy+0x2d)[0x5ce57c]

/usr/lib/libnash.so.6.0.24[0x5ac198]

/usr/lib/libnash.so.6.0.24(nash_vitals_destroy_probes+0x3f)[0x5ac810]

/usr/lib/libnash.so.6.0.24(_nashFreeContext+0x1c)[0x59cfd6]

/sbin/nash[0x80536f4]

/lib/libc.so.6(__libc_start_main+0xe0)[0x33f4a0]

/sbin/nash[0x804ae71]

^[[B error:
%post(kernel-2.6.24-0.133.rc6.git8.fc9.i686) scriptlet
failed, signal 2

Selinux upon rebooting caused other errors with
firefox3beta, previously submitted to this list and
selinux-list as well. I will also forward this to
fedora-selinux-list as well so that they can recommend
us what to do :)

Regards,

Antonio


__________________________________________________ __________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


All times are GMT. The time now is 11:57 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.