FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 12-14-2009, 11:08 PM
David Highley
 
Default Fedora 12 and unconfined_u sshdfilter

"Dominick Grift wrote:"
>
>
> --===============1736741946==
> Content-Type: multipart/signed; micalg=pgp-sha1;
> protocol="application/pgp-signature"; boundary="2B/JsCI69OhZNC5r"
> Content-Disposition: inline
>
>
> --2B/JsCI69OhZNC5r
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> > "Dominick Grift wrote:"
> > >=20
> > >=20
> > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D
> > > Content-Type: multipart/signed; micalg=3Dpgp-sha1;
> > > protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm"
> > > Content-Disposition: inline
> > >=20
> > >=20
> > > --uAKRQypu60I7Lcqm
> > > Content-Type: text/plain; charset=3Dutf-8
> > > Content-Disposition: inline
> > > Content-Transfer-Encoding: quoted-printable
> > >=20
> > > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > > James Carter wrote:
> > > > >Dan's example used Refpolicy interfaces. Interfaces are very useful=
> and
> > > > >provide a better layer of abstraction, but they are just m4 macros,
> > > > >which have always been used in SELinux policy.
> > > > >
> > > > >Interfaces should be used as much as possible, but it is not true th=
> at
> > > > >you can't mix the old and new ways.
> > > >=3D20
> > > > Mixing the plain rules and the m4 macros didn't work when I tried it =
> - bu=3D
> > > t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=
> policy tut=3D
> > > orial anywhere?
> > >=20
> > > I spend a little time today writing about the policy structure in Fedor=
> a. M=3D
> > > aybe it can help you or others:
> > >=20
> > > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=
> Fedo=3D
> > > ra_12.pdf
> >=20
> >=20
> > Still have not mastered this one yet. Here is the policy file created by
> > grep of /var/log/audit/audit.log file piped to audit2allow:
> >=20
> > module mysshdfilter 1.0;
> >=20
> > require {
> > type var_run_t;
> > type iptables_exec_t;
> > type bin_t;
> > type sshd_t;
> > type iptables_t;
> > class lnk_file read;
> > class file { read getattr open execute execute_no_trans };
> > class fifo_file { read write ioctl getattr };
> > }
> >=20
> > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D
> > allow iptables_t bin_t:lnk_file read;
> > allow iptables_t self:fifo_file { read write ioctl getattr };
> >=20
> > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D
> > allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
>
>
> > allow sshd_t var_run_t:file getattr;
>
> Actually i think sshdfilter init script may have created it? Does it even h=
> ave an init script?

Sorry, I think I confused the issue a little. I dumped in all the audit
log entries related to the sshd filter wrapper script starting with no
policy changes. I thought it might help to find the right policy
changes.

The wrapper filter script does not have its own init script, we modify
the sshd init script to invoke the wrapper script instead of sshd. This
is some what bad in that package maintainers assume they can freely over
write the init scripts and not break a site.

>
> >=20
> >=20
> > The audit log entries are:
> > type=3DAVC msg=3Daudit(1259642932.902:7): avc: denied { execute } for =
> pid=3D1411 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D117=
> 98 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u=
> bject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259642932.902:7): arch=3Dc000003e syscall=3D5=
> 9 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1562e28 a2=3D7fff837b3df0 =
> a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D1411 auid=3D4294967295 uid=3D=
> 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no=
> ne) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsyste=
> m_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259644707.700:73): avc: denied { execute } for =
> pid=3D1948 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11=
> 798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u:=
> object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259644707.700:73): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D15694c8 a2=3D7fff837b3df0=
> a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D1948 auid=3D4294967295 uid=
> =3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D=
> (none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsy=
> stem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259650605.247:84): avc: denied { execute } for =
> pid=3D2248 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11=
> 798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u:=
> object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259650605.247:84): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1567828 a2=3D7fff837b3df0=
> a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D2248 auid=3D4294967295 uid=
> =3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D=
> (none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsy=
> stem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259661894.420:113): avc: denied { execute } for=
> pid=3D2815 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1=
> 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u=
> bject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259661894.420:113): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1566e28 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D2815 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259667665.966:123): avc: denied { execute } for=
> pid=3D3724 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1=
> 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u=
> bject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259667665.966:123): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D15699d8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D3724 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259671660.048:131): avc: denied { execute } for=
> pid=3D3920 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1=
> 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u=
> bject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259671660.048:131): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1565778 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D3920 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259673411.553:758): avc: denied { execute } for=
> pid=3D4558 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1=
> 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u=
> bject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259673411.553:758): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1569af8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D4558 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259679153.568:1267): avc: denied { execute } fo=
> r pid=3D5170 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259679153.568:1267): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1566a68 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D5170 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259682588.736:1315): avc: denied { execute } fo=
> r pid=3D5540 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259682588.736:1315): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1565778 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D5540 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259684861.197:1344): avc: denied { execute } fo=
> r pid=3D5745 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259684861.197:1344): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a478 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D5745 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259690558.951:1388): avc: denied { execute } fo=
> r pid=3D6161 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259690558.951:1388): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D15667a8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D6161 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259702647.573:1433): avc: denied { execute } fo=
> r pid=3D6829 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259702647.573:1433): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156b4d8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D6829 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259708100.231:1441): avc: denied { execute } fo=
> r pid=3D7085 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259708100.231:1441): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a0b8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D7085 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259708922.953:1450): avc: denied { execute } fo=
> r pid=3D7153 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259708922.953:1450): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a6a8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D7153 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259713257.803:1545): avc: denied { execute } fo=
> r pid=3D7492 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259713257.803:1545): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a4a8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D7492 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259721513.893:1732): avc: denied { execute } fo=
> r pid=3D8097 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259721513.893:1732): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a5d8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D8097 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259730724.196:1790): avc: denied { execute } fo=
> r pid=3D8689 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259730724.196:1790): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1569718 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D8689 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259730728.123:1793): avc: denied { execute } fo=
> r pid=3D8699 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259730728.123:1793): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1566778 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D8699 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259747840.157:1835): avc: denied { execute } fo=
> r pid=3D9575 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259747840.157:1835): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156ba78 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D9575 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259760819.408:1863): avc: denied { execute } fo=
> r pid=3D10840 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsyst=
> em_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259760819.408:1863): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a4a8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D10840 auid=3D4294967295 u=
> id=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259762576.442:1887): avc: denied { execute } fo=
> r pid=3D11067 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259762576.442:1887): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd4d5a8 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D11067 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259767362.673:1896): avc: denied { execute } fo=
> r pid=3D11318 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259767362.673:1896): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd54088 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D11318 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259773905.214:1967): avc: denied { execute } fo=
> r pid=3D11922 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259773905.214:1967): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd54868 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D11922 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259780362.196:1977): avc: denied { execute } fo=
> r pid=3D12215 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259780362.196:1977): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd50af8 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12215 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259780393.314:1979): avc: denied { execute } fo=
> r pid=3D12219 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259780393.314:1979): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd50af8 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12219 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259785085.323:2012): avc: denied { execute } fo=
> r pid=3D12568 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259785085.323:2012): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd521b8 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12568 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259786872.756:2015): avc: denied { execute } fo=
> r pid=3D12645 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259786872.756:2015): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd53568 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12645 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259795695.936:2052): avc: denied { execute } fo=
> r pid=3D13127 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259795695.936:2052): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd52e38 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D13127 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802506.518:3031): avc: denied { getattr } fo=
> r pid=3D11058 comm=3D"sshdfilter" path=3D"/var/run/sshdfilter.pid.SSHD" de=
> v=3Ddm-0 ino=3D12538 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023=
> tcontext=3Dsystem_ubject_r:var_run_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259802506.518:3031): arch=3Dc000003e syscall=
> =3D6 success=3Dno exit=3D-13 a0=3Dd4a128 a1=3Da0d0a0 a2=3Da0d0a0 a3=3D7fffb=
> 9164bb0 items=3D0 ppid=3D1 pid=3D11058 auid=3D1000 uid=3D0 gid=3D0 euid=3D0=
> suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D47 comm=
> =3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:sshd_t:s=
> 0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.332:7): avc: denied { ioctl } for pi=
> d=3D1435 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D11021=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.332:7): arch=3Dc000003e syscall=3D1=
> 6 success=3Dyes exit=3D128 a0=3D3 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 items=
> =3D0 ppid=3D1431 pid=3D1435 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=
> =3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 co=
> mm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t=
> :s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.340:8): avc: denied { ioctl } for pi=
> d=3D1435 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D11021=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.340:8): arch=3Dc000003e syscall=3D1=
> 6 success=3Dyes exit=3D128 a0=3D4 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 items=
> =3D0 ppid=3D1431 pid=3D1435 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=
> =3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 co=
> mm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t=
> :s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.342:9): avc: denied { ioctl } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11031]" dev=3Dpipefs ino=3D11031=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DAVC msg=3Daudit(1259802888.343:10): avc: denied { read } for pi=
> d=3D1435 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D11021=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.343:10): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D3 a1=3Deb06e8 a2=3D1000 a3=3D0 items=3D0 pp=
> id=3D1431 pid=3D1435 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs=
> uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=
> =3D(null)
> > type=3DSYSCALL msg=3Daudit(1259802888.342:9): arch=3Dc000003e syscall=3D1=
> 6 success=3Dyes exit=3D128 a0=3D5 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 items=
> =3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=
> =3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 co=
> mm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t=
> :s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.347:11): avc: denied { ioctl } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11031]" dev=3Dpipefs ino=3D1103=
> 1 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.347:11): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D6 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.350:12): avc: denied { read } for pi=
> d=3D1439 comm=3D"sshdfilter" path=3D"pipe:[11031]" dev=3Dpipefs ino=3D11031=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.350:12): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D5 a1=3Deb0f18 a2=3D1000 a3=3D0 items=3D0 pp=
> id=3D1438 pid=3D1439 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs=
> uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=
> =3D(null)
> > type=3DAVC msg=3Daudit(1259802888.360:13): avc: denied { read } for pi=
> d=3D1440 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D=
> system_u:system_r:iptables_t:s0 tcontext=3Dsystem_ubject_r:bin_t:s0 tclas=
> s=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259802888.360:13): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fd1ef909e0f a1=3D7fffa884e9b0 a2=3D7fffa88=
> 511c0 a3=3D7fffa88507d0 items=3D0 ppid=3D1438 pid=3D1440 auid=3D4294967295 =
> uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.364:14): avc: denied { write } for p=
> id=3D1440 comm=3D"sshdfilter" path=3D"pipe:[11043]" dev=3Dpipefs ino=3D1104=
> 3 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.364:14): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3Da a1=3D7fffa8850a0c a2=3D4 a3=3D7fffa885079=
> 0 items=3D0 ppid=3D1438 pid=3D1440 auid=3D4294967295 uid=3D0 gid=3D0 euid=
> =3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294=
> 967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:i=
> ptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.367:15): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11043]" dev=3Dpipefs ino=3D11043=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.367:15): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D9 a1=3D7fffa8850ccc a2=3D4 a3=3Db73830 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.367:16): avc: denied { ioctl } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11042]" dev=3Dpipefs ino=3D1104=
> 2 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.367:16): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7fffa8850a20 a3=3D60 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.367:17): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11042]" dev=3Dpipefs ino=3D11042=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.367:17): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3Deb1168 a2=3D1000 a3=3D0 items=3D0 pp=
> id=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs=
> uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=
> =3D(null)
> > type=3DAVC msg=3Daudit(1259802888.375:18): avc: denied { read } for pi=
> d=3D1441 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D=
> system_u:system_r:iptables_t:s0 tcontext=3Dsystem_ubject_r:bin_t:s0 tclas=
> s=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259802888.375:18): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fd1ef909e0f a1=3D7fffa884e9b0 a2=3D7fffa88=
> 511c0 a3=3D7fffa88507d0 items=3D0 ppid=3D1438 pid=3D1441 auid=3D4294967295 =
> uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.375:19): avc: denied { write } for p=
> id=3D1441 comm=3D"sshdfilter" path=3D"pipe:[11045]" dev=3Dpipefs ino=3D1104=
> 5 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.375:19): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3Da a1=3D7fffa8850a0c a2=3D4 a3=3D8 items=3D0=
> ppid=3D1438 pid=3D1441 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0=
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=
> =3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s=
> 0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.378:20): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11045]" dev=3Dpipefs ino=3D11045=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.378:20): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D9 a1=3D7fffa8850ccc a2=3D4 a3=3D7fd1ef2e39d=
> 0 items=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=
> =3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294=
> 967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:i=
> ptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.378:21): avc: denied { ioctl } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11044]" dev=3Dpipefs ino=3D1104=
> 4 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.378:21): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7fffa8850a20 a3=3D60 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.378:22): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11044]" dev=3Dpipefs ino=3D11044=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.378:22): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3Deb2878 a2=3D1000 a3=3D0 items=3D0 pp=
> id=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs=
> uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=
> =3D(null)
> > type=3DAVC msg=3Daudit(1259802888.379:23): avc: denied { ioctl } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D1104=
> 6 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.379:23): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.379:24): avc: denied { ioctl } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D1104=
> 6 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.379:24): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D8 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.384:25): avc: denied { ioctl } for p=
> id=3D1442 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D1104=
> 6 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.384:25): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D4 a1=3D5401 a2=3D7fffa8850ba0 a3=3D60 item=
> s=3D0 ppid=3D1438 pid=3D1442 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.384:26): avc: denied { getattr } for =
> pid=3D1442 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D11=
> 046 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r=
> :iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.384:26): arch=3Dc000003e syscall=3D=
> 5 success=3Dyes exit=3D128 a0=3D4 a1=3Db730a0 a2=3Db730a0 a3=3D0 items=3D0 =
> ppid=3D1438 pid=3D1442 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D=
> "sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 k=
> ey=3D(null)
> > type=3DAVC msg=3Daudit(1259802889.381:27): avc: denied { read } for pi=
> d=3D1494 comm=3D"sshdfilter" name=3D"iptables" dev=3Ddm-0 ino=3D11793 scont=
> ext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_ubject_r:bin_t:s0=
> tclass=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259802889.381:27): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fffa8850a88 a1=3Deb31c8 a2=3D7fffa88511c0 =
> a3=3D7fffa88508d0 items=3D0 ppid=3D1438 pid=3D1494 auid=3D4294967295 uid=3D=
> 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no=
> ne) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsyste=
> m_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802889.382:28): avc: denied { write } for p=
> id=3D1494 comm=3D"sshdfilter" path=3D"pipe:[11397]" dev=3Dpipefs ino=3D1139=
> 7 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802889.382:28): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3D9 a1=3D7fffa8850b0c a2=3D4 a3=3D8 items=3D0=
> ppid=3D1438 pid=3D1494 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0=
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=
> =3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s=
> 0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802889.385:29): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11397]" dev=3Dpipefs ino=3D11397=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802889.385:29): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D8 a1=3D7fffa8850f18 a2=3D4 a3=3D8 items=3D0=
> ppid=3D1 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs=
> uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=
> =3D(null)
> > type=3DAVC msg=3Daudit(1259802889.388:30): avc: denied { write } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D1102=
> 1 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802889.388:30): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3D4 a1=3Deb3248 a2=3D9 a3=3D0 items=3D0 ppid=
> =3D1 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"sshd=
> filter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259802889.390:31): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D11046=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802889.390:31): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3Deb3568 a2=3D400 a3=3Db73010 items=3D=
> 0 ppid=3D1 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 f=
> suid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"=
> sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 ke=
> y=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.790:43): avc: denied { ioctl } for p=
> id=3D2329 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D2449=
> 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.790:43): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D4294967424 a0=3D3 a1=3D5401 a2=3D7ffffc393e40 a3=3D=
> 60 items=3D0 ppid=3D2323 pid=3D2329 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su=
> id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3Dpts0 ses=3D1 comm=3D"ssh=
> dfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 k=
> ey=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.795:44): avc: denied { ioctl } for p=
> id=3D2329 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D2449=
> 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.795:44): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D4294967424 a0=3D4 a1=3D5401 a2=3D7ffffc393e40 a3=3D=
> 60 items=3D0 ppid=3D2323 pid=3D2329 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su=
> id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3Dpts0 ses=3D1 comm=3D"ssh=
> dfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 k=
> ey=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.798:45): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24509]" dev=3Dpipefs ino=3D2450=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DAVC msg=3Daudit(1259803042.801:46): avc: denied { read } for pi=
> d=3D2329 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D24498=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.801:46): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D3 a1=3D104fb28 a2=3D1000 a3=3D0 items=3D0 p=
> pid=3D2323 pid=3D2329 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3Dpts0 ses=3D1 comm=3D"sshdfilter" exe=
> =3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DSYSCALL msg=3Daudit(1259803042.798:45): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D4294967424 a0=3D5 a1=3D5401 a2=3D7ffffc393e40 a3=3D=
> 60 items=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su=
> id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0=
> key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.804:47): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24509]" dev=3Dpipefs ino=3D2450=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.804:47): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D4294967424 a0=3D6 a1=3D5401 a2=3D7ffffc393e40 a3=3D=
> 60 items=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su=
> id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0=
> key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.806:48): avc: denied { read } for pi=
> d=3D2333 comm=3D"sshdfilter" path=3D"pipe:[24509]" dev=3Dpipefs ino=3D24509=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DAVC msg=3Daudit(1259803042.812:49): avc: denied { read } for pi=
> d=3D2334 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D=
> unconfined_u:system_r:iptables_t:s0 tcontext=3Dsystem_ubject_r:bin_t:s0 t=
> class=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259803042.806:48): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D4294967424 a0=3D5 a1=3D1050268 a2=3D1000 a3=3D0 item=
> s=3D0 ppid=3D2332 pid=3D2333 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.816:50): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24516]" dev=3Dpipefs ino=3D24516=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.812:49): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fceba680e0f a1=3D7ffffc391b70 a2=3D7ffffc3=
> 94380 a3=3D7ffffc393990 items=3D0 ppid=3D2332 pid=3D2334 auid=3D1000 uid=3D=
> 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no=
> ne) ses=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.816:51): avc: denied { write } for p=
> id=3D2334 comm=3D"sshdfilter" path=3D"pipe:[24516]" dev=3Dpipefs ino=3D2451=
> 6 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.816:51): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3Da a1=3D7ffffc393bcc a2=3D4 a3=3D7ffffc39395=
> 0 items=3D0 ppid=3D2332 pid=3D2334 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"ss=
> hdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 =
> key=3D(null)
> > type=3DSYSCALL msg=3Daudit(1259803042.816:50): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D9 a1=3D7ffffc393e8c a2=3D4 a3=3Dd13830 item=
> s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.818:52): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24515]" dev=3Dpipefs ino=3D2451=
> 5 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.818:52): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7ffffc393be0 a3=3D60 item=
> s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.818:53): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24515]" dev=3Dpipefs ino=3D24515=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.818:53): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3D10504b8 a2=3D1000 a3=3D0 items=3D0 p=
> pid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e=
> xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.823:54): avc: denied { read } for pi=
> d=3D2335 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D=
> unconfined_u:system_r:iptables_t:s0 tcontext=3Dsystem_ubject_r:bin_t:s0 t=
> class=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259803042.823:54): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fceba680e0f a1=3D7ffffc391b70 a2=3D7ffffc3=
> 94380 a3=3D7ffffc393990 items=3D0 ppid=3D2332 pid=3D2335 auid=3D1000 uid=3D=
> 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no=
> ne) ses=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.823:55): avc: denied { write } for p=
> id=3D2335 comm=3D"sshdfilter" path=3D"pipe:[24518]" dev=3Dpipefs ino=3D2451=
> 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.823:55): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3Da a1=3D7ffffc393bcc a2=3D4 a3=3D8 items=3D0=
> ppid=3D2332 pid=3D2335 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e=
> xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.828:56): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24518]" dev=3Dpipefs ino=3D24518=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.828:56): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D9 a1=3D7ffffc393e8c a2=3D4 a3=3D7fceba05a9d=
> 0 items=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"ss=
> hdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 =
> key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.828:57): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24517]" dev=3Dpipefs ino=3D2451=
> 7 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.828:57): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7ffffc393be0 a3=3D60 item=
> s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.828:58): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24517]" dev=3Dpipefs ino=3D24517=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.828:58): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3D1051cc8 a2=3D1000 a3=3D0 items=3D0 p=
> pid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e=
> xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.833:59): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D2451=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.833:59): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7ffffc393e40 a3=3D60 item=
> s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.833:60): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D2451=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.833:60): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D8 a1=3D5401 a2=3D7ffffc393e40 a3=3D60 item=
> s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.834:61): avc: denied { ioctl } for p=
> id=3D2336 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D2451=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.834:61): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D4 a1=3D5401 a2=3D7ffffc393d60 a3=3D60 item=
> s=3D0 ppid=3D2332 pid=3D2336 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.836:62): avc: denied { getattr } for =
> pid=3D2336 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D24=
> 519 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:=
> system_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.836:62): arch=3Dc000003e syscall=3D=
> 5 success=3Dyes exit=3D128 a0=3D4 a1=3Dd130a0 a2=3Dd130a0 a3=3D0 items=3D0 =
> ppid=3D2332 pid=3D2336 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e=
> xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803043.839:63): avc: denied { read } for pi=
> d=3D2338 comm=3D"sshdfilter" name=3D"iptables" dev=3Ddm-0 ino=3D11793 scont=
> ext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dsystem_ubject_r:bin_=
> t:s0 tclass=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259803043.839:63): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7ffffc393c48 a1=3D1052638 a2=3D7ffffc394380=
> a3=3D7ffffc393a90 items=3D0 ppid=3D2332 pid=3D2338 auid=3D1000 uid=3D0 gid=
> =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s=
> es=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system=
> _r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803043.840:64): avc: denied { write } for p=
> id=3D2338 comm=3D"sshdfilter" path=3D"pipe:[24549]" dev=3Dpipefs ino=3D2454=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803043.840:64): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3D9 a1=3D7ffffc393ccc a2=3D4 a3=3D8 items=3D0=
> ppid=3D2332 pid=3D2338 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e=
> xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803043.844:65): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24549]" dev=3Dpipefs ino=3D24549=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803043.844:65): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D8 a1=3D7ffffc3940d8 a2=3D4 a3=3D8 items=3D0=
> ppid=3D1 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D=
> 0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" exe=
> =3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803043.845:66): avc: denied { write } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D2449=
> 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803043.845:66): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3D4 a1=3D10526b8 a2=3D9 a3=3D0 items=3D0 ppid=
> =3D1 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egi=
> d=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" exe=3D"/u=
> sr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803043.849:67): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D24519=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803043.849:67): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3D10529d8 a2=3D400 a3=3Dd13010 items=
> =3D0 ppid=3D1 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsui=
> d=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" =
> exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(nul=
> l)
> > type=3DAVC msg=3Daudit(1259803128.077:69): avc: denied { execute } for =
> pid=3D2422 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11=
> 798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsyste=
> m_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259803128.077:69): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fff14469168 a1=3D1c20208 a2=3D7fff144698a0=
> a3=3D7fff14468fb0 items=3D0 ppid=3D2413 pid=3D2422 auid=3D1000 uid=3D0 gid=
> =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s=
> es=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system=
> _r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259806154.170:82): avc: denied { execute } for =
> pid=3D2653 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11=
> 798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsyste=
> m_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259806154.170:82): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fff14469168 a1=3D1c267e8 a2=3D7fff144698a0=
> a3=3D7fff14468fb0 items=3D0 ppid=3D2413 pid=3D2653 auid=3D1000 uid=3D0 gid=
> =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s=
> es=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system=
> _r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259812687.066:113): avc: denied { read open } f=
> or pid=3D3074 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259812687.066:113): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff14469168 a1=3D1c26a88 a2=3D7fff14469=
> 8a0 a3=3D7fff14468fb0 items=3D0 ppid=3D2413 pid=3D3074 auid=3D1000 uid=3D0 =
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none=
> ) ses=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:sys=
> tem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259816690.197:196): avc: denied { read open } f=
> or pid=3D3631 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259816690.197:196): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D24095a8 a2=3D7fff15c5a=
> fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D3631 auid=3D0 uid=3D0 gid=
> =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s=
> es=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system=
> _r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259819529.773:214): avc: denied { read open } f=
> or pid=3D3827 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259819529.773:214): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D2410198 a2=3D7fff15c5a=
> fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D3827 auid=3D0 uid=3D0 gid=
> =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s=
> es=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system=
> _r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259899887.509:471): avc: denied { read open } f=
> or pid=3D11794 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259899887.509:471): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D2410198 a2=3D7fff15c5a=
> fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D11794 auid=3D0 uid=3D0 gi=
> d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) =
> ses=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syste=
> m_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259899890.409:475): avc: denied { read open } f=
> or pid=3D11799 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259899890.409:475): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D2410548 a2=3D7fff15c5a=
> fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D11799 auid=3D0 uid=3D0 gi=
> d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) =
> ses=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syste=
> m_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259899950.600:483): avc: denied { read open } f=
> or pid=3D11860 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259899950.600:483): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff9722f198 a1=3Df6e208 a2=3D7fff9722f8=
> d0 a3=3D7fff9722efe0 items=3D0 ppid=3D11851 pid=3D11860 auid=3D0 uid=3D0 gi=
> d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) =
> ses=3D44 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syst=
> em_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1260146847.427:1066): avc: denied { read open } =
> for pid=3D28420 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1260146847.427:1066): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff9722f198 a1=3Df71c88 a2=3D7fff9722f8=
> d0 a3=3D7fff9722efe0 items=3D0 ppid=3D11851 pid=3D28420 auid=3D0 uid=3D0 gi=
> d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) =
> ses=3D44 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syst=
> em_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1260146850.722:1070): avc: denied { read open } =
> for pid=3D28428 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_ubject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1260146850.722:1070): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0
 
Old 12-14-2009, 11:21 PM
David Highley
 
Default Fedora 12 and unconfined_u sshdfilter

"Dominick Grift wrote:"
>
>
> --===============1862406356==
> Content-Type: multipart/signed; micalg=pgp-sha1;
> protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S"
> Content-Disposition: inline
>
>
> --AhhlLboLdkugWU4S
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> > "Dominick Grift wrote:"
> > >=20
> > >=20
> > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D
> > > Content-Type: multipart/signed; micalg=3Dpgp-sha1;
> > > protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm"
> > > Content-Disposition: inline
> > >=20
> > >=20
> > > --uAKRQypu60I7Lcqm
> > > Content-Type: text/plain; charset=3Dutf-8
> > > Content-Disposition: inline
> > > Content-Transfer-Encoding: quoted-printable
> > >=20
> > > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > > James Carter wrote:
> > > > >Dan's example used Refpolicy interfaces. Interfaces are very useful=
> and
> > > > >provide a better layer of abstraction, but they are just m4 macros,
> > > > >which have always been used in SELinux policy.
> > > > >
> > > > >Interfaces should be used as much as possible, but it is not true th=
> at
> > > > >you can't mix the old and new ways.
> > > >=3D20
> > > > Mixing the plain rules and the m4 macros didn't work when I tried it =
> - bu=3D
> > > t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=
> policy tut=3D
> > > orial anywhere?
> > >=20
> > > I spend a little time today writing about the policy structure in Fedor=
> a. M=3D
> > > aybe it can help you or others:
> > >=20
> > > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=
> Fedo=3D
> > > ra_12.pdf
> >=20
> >=20
> > Still have not mastered this one yet. Here is the policy file created by
> > grep of /var/log/audit/audit.log file piped to audit2allow:
> >=20
> > module mysshdfilter 1.0;
> >=20
> > require {
> > type var_run_t;
> > type iptables_exec_t;
> > type bin_t;
> > type sshd_t;
> > type iptables_t;
> > class lnk_file read;
> > class file { read getattr open execute execute_no_trans };
> > class fifo_file { read write ioctl getattr };
> > }
> >=20
> > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D
> > allow iptables_t bin_t:lnk_file read;
> > allow iptables_t self:fifo_file { read write ioctl getattr };
>
> echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
> echo "optional_policy(`" >> newiptables.te
> echo "gen_require('" >> newiptables.te
> echo "type iptables_t;" >> newiptables.te
> echo "')" >> newiptables.te
> echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te
> echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te
> echo "')" >> newiptables.te
>
> make -f /usr/share/selinux/devel/Makefile newiptables.pp
> sudo semodule -i newiptables.pp
>
> >=20
> > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D
> > allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
>
> echo "policy_module(newsshd, 1.0.0)" > newsshd.te
> echo "optional_policy(`" >> newsshd.te
> echo "gen_require(`" >> newsshd.te
> echo "type sshd_t;" >> newsshd.te
> echo "')" >> newsshd.te
> echo "iptables_domtrans(sshd_t)" >> newsshd.te
> echo "')" >> newsshd.te
>
> make -f /usr/share/selinux/devel/Makefile newsshd.pp
> sudo semodule -i newsshd.pp
>
> > allow sshd_t var_run_t:file getattr;
>
> This one is a bit more complicated because i dont know for sure what create=
> d it (in what context runs sshdfilter?)
> >=20

I also ment to ask if all three policy; mysshdfilter.pp, newiptables.pp,
and newsshd.pp; changes are needed?

<trimmed audit log entries>

> >=20
> > > >=3D20
> > > >=3D20
> > > > Moray.
> > > > "To err is human. To purr, feline"
> > > >=3D20
> > > >=3D20
> > > > --
> > > > fedora-selinux-list mailing list
> > > > fedora-selinux-list@redhat.com
> > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >=20
> > > --uAKRQypu60I7Lcqm
> > > Content-Type: application/pgp-signature
> > > Content-Disposition: inline
> > >=20
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.10 (GNU/Linux)
> > >=20
> > > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > > =3DtNuu
> > > -----END PGP SIGNATURE-----
> > >=20
> > > --uAKRQypu60I7Lcqm--
> > >=20
> > >=20
> > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D
> > > Content-Type: text/plain; charset=3D"us-ascii"
> > > MIME-Version: 1.0
> > > Content-Transfer-Encoding: 7bit
> > > Content-Disposition: inline
> > >=20
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D--
> > >=20
> >=20
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> --AhhlLboLdkugWU4S
> Content-Type: application/pgp-signature
> Content-Disposition: inline
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAksmrEAACgkQMlxVo39jgT/UPwCfexQ3gHxMcD3IFrFCeLSmqrQK
> 1wQAn1TK0UM7xl0MqMFwQbeBb6qr+cst
> =b5GU
> -----END PGP SIGNATURE-----
>
> --AhhlLboLdkugWU4S--
>
>
> --===============1862406356==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> --===============1862406356==--
>

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-14-2009, 11:50 PM
David Highley
 
Default Fedora 12 and unconfined_u sshdfilter

"David Highley wrote:"
>
> "Dominick Grift wrote:"
> >
> >
> > --===============1862406356==
> > Content-Type: multipart/signed; micalg=pgp-sha1;
> > protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S"
> > Content-Disposition: inline
> >
> >
> > --AhhlLboLdkugWU4S
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> > > "Dominick Grift wrote:"
> > > >=20
> > > >=20
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D
> > > > Content-Type: multipart/signed; micalg=3Dpgp-sha1;
> > > > protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm"
> > > > Content-Disposition: inline
> > > >=20
> > > >=20
> > > > --uAKRQypu60I7Lcqm
> > > > Content-Type: text/plain; charset=3Dutf-8
> > > > Content-Disposition: inline
> > > > Content-Transfer-Encoding: quoted-printable
> > > >=20
> > > > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > > > James Carter wrote:
> > > > > >Dan's example used Refpolicy interfaces. Interfaces are very useful=
> > and
> > > > > >provide a better layer of abstraction, but they are just m4 macros,
> > > > > >which have always been used in SELinux policy.
> > > > > >
> > > > > >Interfaces should be used as much as possible, but it is not true th=
> > at
> > > > > >you can't mix the old and new ways.
> > > > >=3D20
> > > > > Mixing the plain rules and the m4 macros didn't work when I tried it =
> > - bu=3D
> > > > t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=
> > policy tut=3D
> > > > orial anywhere?
> > > >=20
> > > > I spend a little time today writing about the policy structure in Fedor=
> > a. M=3D
> > > > aybe it can help you or others:
> > > >=20
> > > > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=
> > Fedo=3D
> > > > ra_12.pdf
> > >=20
> > >=20
> > > Still have not mastered this one yet. Here is the policy file created by
> > > grep of /var/log/audit/audit.log file piped to audit2allow:
> > >=20
> > > module mysshdfilter 1.0;
> > >=20
> > > require {
> > > type var_run_t;
> > > type iptables_exec_t;
> > > type bin_t;
> > > type sshd_t;
> > > type iptables_t;
> > > class lnk_file read;
> > > class file { read getattr open execute execute_no_trans };
> > > class fifo_file { read write ioctl getattr };
> > > }
> > >=20
> > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=
> > =3D=3D=3D=3D=3D=3D=3D
> > > allow iptables_t bin_t:lnk_file read;
> > > allow iptables_t self:fifo_file { read write ioctl getattr };
> >
> > echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
> > echo "optional_policy(`" >> newiptables.te
> > echo "gen_require('" >> newiptables.te
> > echo "type iptables_t;" >> newiptables.te
> > echo "')" >> newiptables.te
> > echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te
> > echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te
> > echo "')" >> newiptables.te
> >
> > make -f /usr/share/selinux/devel/Makefile newiptables.pp

Running the make for the above file ended up in an infinit loop
outputing:
myiptables.te:2: Warning: deprecated use of module name () as first
parameter of optional_policy() block.

> > sudo semodule -i newiptables.pp
> >
> > >=20
> > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=
> > =3D=3D=3D=3D=3D=3D
> > > allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
> >
> > echo "policy_module(newsshd, 1.0.0)" > newsshd.te
> > echo "optional_policy(`" >> newsshd.te
> > echo "gen_require(`" >> newsshd.te
> > echo "type sshd_t;" >> newsshd.te
> > echo "')" >> newsshd.te
> > echo "iptables_domtrans(sshd_t)" >> newsshd.te
> > echo "')" >> newsshd.te
> >
> > make -f /usr/share/selinux/devel/Makefile newsshd.pp
> > sudo semodule -i newsshd.pp
> >
> > > allow sshd_t var_run_t:file getattr;
> >
> > This one is a bit more complicated because i dont know for sure what create=
> > d it (in what context runs sshdfilter?)
> > >=20
>
> I also ment to ask if all three policy; mysshdfilter.pp, newiptables.pp,
> and newsshd.pp; changes are needed?
>
> <trimmed audit log entries>
>
> > >=20
> > > > >=3D20
> > > > >=3D20
> > > > > Moray.
> > > > > "To err is human. To purr, feline"
> > > > >=3D20
> > > > >=3D20
> > > > > --
> > > > > fedora-selinux-list mailing list
> > > > > fedora-selinux-list@redhat.com
> > > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > >=20
> > > > --uAKRQypu60I7Lcqm
> > > > Content-Type: application/pgp-signature
> > > > Content-Disposition: inline
> > > >=20
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.4.10 (GNU/Linux)
> > > >=20
> > > > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > > > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > > > =3DtNuu
> > > > -----END PGP SIGNATURE-----
> > > >=20
> > > > --uAKRQypu60I7Lcqm--
> > > >=20
> > > >=20
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D
> > > > Content-Type: text/plain; charset=3D"us-ascii"
> > > > MIME-Version: 1.0
> > > > Content-Transfer-Encoding: 7bit
> > > > Content-Disposition: inline
> > > >=20
> > > > --
> > > > fedora-selinux-list mailing list
> > > > fedora-selinux-list@redhat.com
> > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D--
> > > >=20
> > >=20
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> > --AhhlLboLdkugWU4S
> > Content-Type: application/pgp-signature
> > Content-Disposition: inline
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> >
> > iEYEARECAAYFAksmrEAACgkQMlxVo39jgT/UPwCfexQ3gHxMcD3IFrFCeLSmqrQK
> > 1wQAn1TK0UM7xl0MqMFwQbeBb6qr+cst
> > =b5GU
> > -----END PGP SIGNATURE-----
> >
> > --AhhlLboLdkugWU4S--
> >
> >
> > --===============1862406356==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > --===============1862406356==--
> >
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-15-2009, 07:52 AM
Dominick Grift
 
Default Fedora 12 and unconfined_u sshdfilter

On Mon, Dec 14, 2009 at 04:50:15PM -0800, David Highley wrote:
> "David Highley wrote:"
> >
> > "Dominick Grift wrote:"
> > >
> > >
> > > --===============1862406356==
> > > Content-Type: multipart/signed; micalg=pgp-sha1;
> > > protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S"
> > > Content-Disposition: inline
> > >
> > >
> > > --AhhlLboLdkugWU4S
> > > Content-Type: text/plain; charset=us-ascii
> > > Content-Disposition: inline
> > > Content-Transfer-Encoding: quoted-printable
> > >
> > > On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> > > > "Dominick Grift wrote:"
> > > > >=20
> > > > >=20
> > > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D
> > > > > Content-Type: multipart/signed; micalg=3Dpgp-sha1;
> > > > > protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm"
> > > > > Content-Disposition: inline
> > > > >=20
> > > > >=20
> > > > > --uAKRQypu60I7Lcqm
> > > > > Content-Type: text/plain; charset=3Dutf-8
> > > > > Content-Disposition: inline
> > > > > Content-Transfer-Encoding: quoted-printable
> > > > >=20
> > > > > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > > > > James Carter wrote:
> > > > > > >Dan's example used Refpolicy interfaces. Interfaces are very useful=
> > > and
> > > > > > >provide a better layer of abstraction, but they are just m4 macros,
> > > > > > >which have always been used in SELinux policy.
> > > > > > >
> > > > > > >Interfaces should be used as much as possible, but it is not true th=
> > > at
> > > > > > >you can't mix the old and new ways.
> > > > > >=3D20
> > > > > > Mixing the plain rules and the m4 macros didn't work when I tried it =
> > > - bu=3D
> > > > > t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=
> > > policy tut=3D
> > > > > orial anywhere?
> > > > >=20
> > > > > I spend a little time today writing about the policy structure in Fedor=
> > > a. M=3D
> > > > > aybe it can help you or others:
> > > > >=20
> > > > > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=
> > > Fedo=3D
> > > > > ra_12.pdf
> > > >=20
> > > >=20
> > > > Still have not mastered this one yet. Here is the policy file created by
> > > > grep of /var/log/audit/audit.log file piped to audit2allow:
> > > >=20
> > > > module mysshdfilter 1.0;
> > > >=20
> > > > require {
> > > > type var_run_t;
> > > > type iptables_exec_t;
> > > > type bin_t;
> > > > type sshd_t;
> > > > type iptables_t;
> > > > class lnk_file read;
> > > > class file { read getattr open execute execute_no_trans };
> > > > class fifo_file { read write ioctl getattr };
> > > > }
> > > >=20
> > > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=
> > > =3D=3D=3D=3D=3D=3D=3D
> > > > allow iptables_t bin_t:lnk_file read;
> > > > allow iptables_t self:fifo_file { read write ioctl getattr };
> > >
> > > echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
> > > echo "optional_policy(`" >> newiptables.te
> > > echo "gen_require('" >> newiptables.te
> > > echo "type iptables_t;" >> newiptables.te
> > > echo "')" >> newiptables.te
> > > echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te
> > > echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te
> > > echo "')" >> newiptables.te
> > >
> > > make -f /usr/share/selinux/devel/Makefile newiptables.pp
>
> Running the make for the above file ended up in an infinit loop
> outputing:
> myiptables.te:2: Warning: deprecated use of module name () as first
> parameter of optional_policy() block.

Theres a syntax error or two:

> > > echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
echo "policy_module(newiptables, 1.0.0)" > newiptables.te

> > > echo "gen_require('" >> newiptables.te
echo "gen_require(`" >> newiptables.te

>
> > > sudo semodule -i newiptables.pp
> > >
> > > >=20
> > > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=
> > > =3D=3D=3D=3D=3D=3D
> > > > allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
> > >
> > > echo "policy_module(newsshd, 1.0.0)" > newsshd.te
> > > echo "optional_policy(`" >> newsshd.te
> > > echo "gen_require(`" >> newsshd.te
> > > echo "type sshd_t;" >> newsshd.te
> > > echo "')" >> newsshd.te
> > > echo "iptables_domtrans(sshd_t)" >> newsshd.te
> > > echo "')" >> newsshd.te
> > >
> > > make -f /usr/share/selinux/devel/Makefile newsshd.pp
> > > sudo semodule -i newsshd.pp
> > >
> > > > allow sshd_t var_run_t:file getattr;
> > >
> > > This one is a bit more complicated because i dont know for sure what create=
> > > d it (in what context runs sshdfilter?)
> > > >=20
> >
> > I also ment to ask if all three policy; mysshdfilter.pp, newiptables.pp,
> > and newsshd.pp; changes are needed?
> >
> > <trimmed audit log entries>
> >
> > > >=20
> > > > > >=3D20
> > > > > >=3D20
> > > > > > Moray.
> > > > > > "To err is human. To purr, feline"
> > > > > >=3D20
> > > > > >=3D20
> > > > > > --
> > > > > > fedora-selinux-list mailing list
> > > > > > fedora-selinux-list@redhat.com
> > > > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > > >=20
> > > > > --uAKRQypu60I7Lcqm
> > > > > Content-Type: application/pgp-signature
> > > > > Content-Disposition: inline
> > > > >=20
> > > > > -----BEGIN PGP SIGNATURE-----
> > > > > Version: GnuPG v1.4.10 (GNU/Linux)
> > > > >=20
> > > > > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > > > > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > > > > =3DtNuu
> > > > > -----END PGP SIGNATURE-----
> > > > >=20
> > > > > --uAKRQypu60I7Lcqm--
> > > > >=20
> > > > >=20
> > > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D
> > > > > Content-Type: text/plain; charset=3D"us-ascii"
> > > > > MIME-Version: 1.0
> > > > > Content-Transfer-Encoding: 7bit
> > > > > Content-Disposition: inline
> > > > >=20
> > > > > --
> > > > > fedora-selinux-list mailing list
> > > > > fedora-selinux-list@redhat.com
> > > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D--
> > > > >=20
> > > >=20
> > > > --
> > > > fedora-selinux-list mailing list
> > > > fedora-selinux-list@redhat.com
> > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >
> > > --AhhlLboLdkugWU4S
> > > Content-Type: application/pgp-signature
> > > Content-Disposition: inline
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.10 (GNU/Linux)
> > >
> > > iEYEARECAAYFAksmrEAACgkQMlxVo39jgT/UPwCfexQ3gHxMcD3IFrFCeLSmqrQK
> > > 1wQAn1TK0UM7xl0MqMFwQbeBb6qr+cst
> > > =b5GU
> > > -----END PGP SIGNATURE-----
> > >
> > > --AhhlLboLdkugWU4S--
> > >
> > >
> > > --===============1862406356==
> > > Content-Type: text/plain; charset="us-ascii"
> > > MIME-Version: 1.0
> > > Content-Transfer-Encoding: 7bit
> > > Content-Disposition: inline
> > >
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > --===============1862406356==--
> > >
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-15-2009, 07:55 AM
Dominick Grift
 
Default Fedora 12 and unconfined_u sshdfilter

On Mon, Dec 14, 2009 at 04:21:41PM -0800, David Highley wrote:
> "Dominick Grift wrote:"
> >
> >
> > --===============1862406356==
> > Content-Type: multipart/signed; micalg=pgp-sha1;
> > protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S"
> > Content-Disposition: inline
> >
> >
> > --AhhlLboLdkugWU4S
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> > > "Dominick Grift wrote:"
> > > >=20
> > > >=20
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D
> > > > Content-Type: multipart/signed; micalg=3Dpgp-sha1;
> > > > protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm"
> > > > Content-Disposition: inline
> > > >=20
> > > >=20
> > > > --uAKRQypu60I7Lcqm
> > > > Content-Type: text/plain; charset=3Dutf-8
> > > > Content-Disposition: inline
> > > > Content-Transfer-Encoding: quoted-printable
> > > >=20
> > > > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > > > James Carter wrote:
> > > > > >Dan's example used Refpolicy interfaces. Interfaces are very useful=
> > and
> > > > > >provide a better layer of abstraction, but they are just m4 macros,
> > > > > >which have always been used in SELinux policy.
> > > > > >
> > > > > >Interfaces should be used as much as possible, but it is not true th=
> > at
> > > > > >you can't mix the old and new ways.
> > > > >=3D20
> > > > > Mixing the plain rules and the m4 macros didn't work when I tried it =
> > - bu=3D
> > > > t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=
> > policy tut=3D
> > > > orial anywhere?
> > > >=20
> > > > I spend a little time today writing about the policy structure in Fedor=
> > a. M=3D
> > > > aybe it can help you or others:
> > > >=20
> > > > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=
> > Fedo=3D
> > > > ra_12.pdf
> > >=20
> > >=20
> > > Still have not mastered this one yet. Here is the policy file created by
> > > grep of /var/log/audit/audit.log file piped to audit2allow:
> > >=20
> > > module mysshdfilter 1.0;
> > >=20
> > > require {
> > > type var_run_t;
> > > type iptables_exec_t;
> > > type bin_t;
> > > type sshd_t;
> > > type iptables_t;
> > > class lnk_file read;
> > > class file { read getattr open execute execute_no_trans };
> > > class fifo_file { read write ioctl getattr };
> > > }
> > >=20
> > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=
> > =3D=3D=3D=3D=3D=3D=3D
> > > allow iptables_t bin_t:lnk_file read;
> > > allow iptables_t self:fifo_file { read write ioctl getattr };
> >
> > echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
> > echo "optional_policy(`" >> newiptables.te
> > echo "gen_require('" >> newiptables.te
> > echo "type iptables_t;" >> newiptables.te
> > echo "')" >> newiptables.te
> > echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te
> > echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te
> > echo "')" >> newiptables.te
> >
> > make -f /usr/share/selinux/devel/Makefile newiptables.pp
> > sudo semodule -i newiptables.pp
> >
> > >=20
> > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=
> > =3D=3D=3D=3D=3D=3D
> > > allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
> >
> > echo "policy_module(newsshd, 1.0.0)" > newsshd.te
> > echo "optional_policy(`" >> newsshd.te
> > echo "gen_require(`" >> newsshd.te
> > echo "type sshd_t;" >> newsshd.te
> > echo "')" >> newsshd.te
> > echo "iptables_domtrans(sshd_t)" >> newsshd.te
> > echo "')" >> newsshd.te
> >
> > make -f /usr/share/selinux/devel/Makefile newsshd.pp
> > sudo semodule -i newsshd.pp
> >
> > > allow sshd_t var_run_t:file getattr;
> >
> > This one is a bit more complicated because i dont know for sure what create=
> > d it (in what context runs sshdfilter?)
> > >=20

The two policy modules above try to fix the avc denials above. if you do not have mysshdfilter.pp installed then there is no need to install it now. But we do need to find a solution for the remaining avc denial that either of the two enclosed policy modules above do not fix.
>
> I also ment to ask if all three policy; mysshdfilter.pp, newiptables.pp,
> and newsshd.pp; changes are needed?
>
> <trimmed audit log entries>
>
> > >=20
> > > > >=3D20
> > > > >=3D20
> > > > > Moray.
> > > > > "To err is human. To purr, feline"
> > > > >=3D20
> > > > >=3D20
> > > > > --
> > > > > fedora-selinux-list mailing list
> > > > > fedora-selinux-list@redhat.com
> > > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > >=20
> > > > --uAKRQypu60I7Lcqm
> > > > Content-Type: application/pgp-signature
> > > > Content-Disposition: inline
> > > >=20
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.4.10 (GNU/Linux)
> > > >=20
> > > > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > > > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > > > =3DtNuu
> > > > -----END PGP SIGNATURE-----
> > > >=20
> > > > --uAKRQypu60I7Lcqm--
> > > >=20
> > > >=20
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D
> > > > Content-Type: text/plain; charset=3D"us-ascii"
> > > > MIME-Version: 1.0
> > > > Content-Transfer-Encoding: 7bit
> > > > Content-Disposition: inline
> > > >=20
> > > > --
> > > > fedora-selinux-list mailing list
> > > > fedora-selinux-list@redhat.com
> > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D07258 89959=3D=3D--
> > > >=20
> > >=20
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@redhat.com
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> > --AhhlLboLdkugWU4S
> > Content-Type: application/pgp-signature
> > Content-Disposition: inline
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> >
> > iEYEARECAAYFAksmrEAACgkQMlxVo39jgT/UPwCfexQ3gHxMcD3IFrFCeLSmqrQK
> > 1wQAn1TK0UM7xl0MqMFwQbeBb6qr+cst
> > =b5GU
> > -----END PGP SIGNATURE-----
> >
> > --AhhlLboLdkugWU4S--
> >
> >
> > --===============1862406356==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > --===============1862406356==--
> >
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 09:38 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org