F12: "mac_admin"
I have no idea what this is, but it is new:
================================================ Summary: SELinux is preventing /usr/bin/chcon "mac_admin" access . Detailed Description: SELinux denied access requested by chcon. It is not expected that this access is required by chcon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects None [ capability2 ] Source chcon Source Path /usr/bin/chcon Port <Unknown> Host host.domain.com Source RPM Packages coreutils-7.6-9.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-92.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name host.domain.com Platform Linux host.domain.com 2.6.31.12-174.2.22.fc12.i686 #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686 Alert Count 1 First Seen Fri 05 Mar 2010 11:24:27 AM PST Last Seen Fri 05 Mar 2010 11:24:27 AM PST Local ID 73c77171-b9bb-44f9-98bb-68a6d3ee1e96 Line Numbers Raw Audit Messages node=host.domain.com type=AVC msg=audit(1267817067.517:43791): avc: denied { mac_admin } for pid=28356 comm="chcon" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2 node=host.domain.com type=SYSCALL msg=audit(1267817067.517:43791): arch=40000003 syscall=226 success=no exit=-22 a0=834b8d0 a1=7fd69ed a2=834cc90 a3=23 items=0 ppid=28098 pid=28356 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=1 comm="chcon" exe="/usr/bin/chcon" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
F12: "mac_admin"
On 03/07/2010 03:21 PM, Daniel B. Thurman wrote:
> I have no idea what this is, but it is new: > > ================================================ > Summary: > > SELinux is preventing /usr/bin/chcon "mac_admin" access . > > Detailed Description: > > SELinux denied access requested by chcon. It is not expected that this > access is > required by chcon and this access may signal an intrusion attempt. It is > also > possible that the specific version or configuration of the application is > causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug > report. > > Additional Information: > > Source Context > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 > Target Context > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 > Target Objects None [ capability2 ] > Source chcon > Source Path /usr/bin/chcon > Port<Unknown> > Host host.domain.com > Source RPM Packages coreutils-7.6-9.fc12 > Target RPM Packages > Policy RPM selinux-policy-3.6.32-92.fc12 > Selinux Enabled True > Policy Type targeted > Enforcing Mode Enforcing > Plugin Name catchall > Host Name host.domain.com > Platform Linux host.domain.com > 2.6.31.12-174.2.22.fc12.i686 > #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686 > Alert Count 1 > First Seen Fri 05 Mar 2010 11:24:27 AM PST > Last Seen Fri 05 Mar 2010 11:24:27 AM PST > Local ID 73c77171-b9bb-44f9-98bb-68a6d3ee1e96 > Line Numbers > > Raw Audit Messages > > node=host.domain.com type=AVC msg=audit(1267817067.517:43791): avc: > denied { mac_admin } for pid=28356 comm="chcon" capability=33 > scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tclass=capability2 > > node=host.domain.com type=SYSCALL msg=audit(1267817067.517:43791): > arch=40000003 syscall=226 success=no exit=-22 a0=834b8d0 a1=7fd69ed > a2=834cc90 a3=23 items=0 ppid=28098 pid=28356 auid=500 uid=0 gid=0 > euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=1 comm="chcon" > exe="/usr/bin/chcon" > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) > > > -- > selinux mailing list > selinux@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > Something is executing chcon with a context that the kernel does not understand? Do you have any idea when this is happening? -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
F12: "mac_admin"
On Sun, 2010-03-07 at 12:21 -0800, Daniel B. Thurman wrote:
> I have no idea what this is, but it is new: > > ================================================ > Summary: > > SELinux is preventing /usr/bin/chcon "mac_admin" access . > > Detailed Description: > > SELinux denied access requested by chcon. It is not expected that this > access is > required by chcon and this access may signal an intrusion attempt. It is > also > possible that the specific version or configuration of the application is > causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug > report. > > Additional Information: > > Source Context > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 > Target Context > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 > Target Objects None [ capability2 ] > Source chcon > Source Path /usr/bin/chcon > Port <Unknown> > Host host.domain.com > Source RPM Packages coreutils-7.6-9.fc12 > Target RPM Packages > Policy RPM selinux-policy-3.6.32-92.fc12 > Selinux Enabled True > Policy Type targeted > Enforcing Mode Enforcing > Plugin Name catchall > Host Name host.domain.com > Platform Linux host.domain.com > 2.6.31.12-174.2.22.fc12.i686 > #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686 > Alert Count 1 > First Seen Fri 05 Mar 2010 11:24:27 AM PST > Last Seen Fri 05 Mar 2010 11:24:27 AM PST > Local ID 73c77171-b9bb-44f9-98bb-68a6d3ee1e96 > Line Numbers > > Raw Audit Messages > > node=host.domain.com type=AVC msg=audit(1267817067.517:43791): avc: > denied { mac_admin } for pid=28356 comm="chcon" capability=33 > scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tclass=capability2 > > node=host.domain.com type=SYSCALL msg=audit(1267817067.517:43791): > arch=40000003 syscall=226 success=no exit=-22 a0=834b8d0 a1=7fd69ed > a2=834cc90 a3=23 items=0 ppid=28098 pid=28356 auid=500 uid=0 gid=0 > euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=1 comm="chcon" > exe="/usr/bin/chcon" > subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) This just means you invoked chcon with an invalid security context. If you had been allowed mac_admin in the policy, then you would have been allowed to do so; this can be used in order to label files when creating an image for another distribution release with a different policy. But generally you don't want to allow it. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
| All times are GMT. The time now is 02:44 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.