Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   F12: "mac_admin" (http://www.linux-archive.org/fedora-selinux-support/337613-f12-mac_admin.html)

"Daniel B. Thurman" 03-07-2010 07:21 PM

F12: "mac_admin"
 
I have no idea what this is, but it is new:

================================================
Summary:

SELinux is preventing /usr/bin/chcon "mac_admin" access .

Detailed Description:

SELinux denied access requested by chcon. It is not expected that this
access is
required by chcon and this access may signal an intrusion attempt. It is
also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Objects None [ capability2 ]
Source chcon
Source Path /usr/bin/chcon
Port <Unknown>
Host host.domain.com
Source RPM Packages coreutils-7.6-9.fc12
Target RPM Packages
Policy RPM selinux-policy-3.6.32-92.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name host.domain.com
Platform Linux host.domain.com
2.6.31.12-174.2.22.fc12.i686
#1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
Alert Count 1
First Seen Fri 05 Mar 2010 11:24:27 AM PST
Last Seen Fri 05 Mar 2010 11:24:27 AM PST
Local ID 73c77171-b9bb-44f9-98bb-68a6d3ee1e96
Line Numbers

Raw Audit Messages

node=host.domain.com type=AVC msg=audit(1267817067.517:43791): avc:
denied { mac_admin } for pid=28356 comm="chcon" capability=33
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=capability2

node=host.domain.com type=SYSCALL msg=audit(1267817067.517:43791):
arch=40000003 syscall=226 success=no exit=-22 a0=834b8d0 a1=7fd69ed
a2=834cc90 a3=23 items=0 ppid=28098 pid=28356 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=1 comm="chcon"
exe="/usr/bin/chcon"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Daniel J Walsh 03-08-2010 01:10 PM

F12: "mac_admin"
 
On 03/07/2010 03:21 PM, Daniel B. Thurman wrote:
> I have no idea what this is, but it is new:
>
> ================================================
> Summary:
>
> SELinux is preventing /usr/bin/chcon "mac_admin" access .
>
> Detailed Description:
>
> SELinux denied access requested by chcon. It is not expected that this
> access is
> required by chcon and this access may signal an intrusion attempt. It is
> also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
> report.
>
> Additional Information:
>
> Source Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> 023
> Target Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> 023
> Target Objects None [ capability2 ]
> Source chcon
> Source Path /usr/bin/chcon
> Port<Unknown>
> Host host.domain.com
> Source RPM Packages coreutils-7.6-9.fc12
> Target RPM Packages
> Policy RPM selinux-policy-3.6.32-92.fc12
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name host.domain.com
> Platform Linux host.domain.com
> 2.6.31.12-174.2.22.fc12.i686
> #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
> Alert Count 1
> First Seen Fri 05 Mar 2010 11:24:27 AM PST
> Last Seen Fri 05 Mar 2010 11:24:27 AM PST
> Local ID 73c77171-b9bb-44f9-98bb-68a6d3ee1e96
> Line Numbers
>
> Raw Audit Messages
>
> node=host.domain.com type=AVC msg=audit(1267817067.517:43791): avc:
> denied { mac_admin } for pid=28356 comm="chcon" capability=33
> scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tclass=capability2
>
> node=host.domain.com type=SYSCALL msg=audit(1267817067.517:43791):
> arch=40000003 syscall=226 success=no exit=-22 a0=834b8d0 a1=7fd69ed
> a2=834cc90 a3=23 items=0 ppid=28098 pid=28356 auid=500 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=1 comm="chcon"
> exe="/usr/bin/chcon"
> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
>
Something is executing chcon with a context that the kernel does not
understand? Do you have any idea when this is happening?
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Stephen Smalley 03-08-2010 01:16 PM

F12: "mac_admin"
 
On Sun, 2010-03-07 at 12:21 -0800, Daniel B. Thurman wrote:
> I have no idea what this is, but it is new:
>
> ================================================
> Summary:
>
> SELinux is preventing /usr/bin/chcon "mac_admin" access .
>
> Detailed Description:
>
> SELinux denied access requested by chcon. It is not expected that this
> access is
> required by chcon and this access may signal an intrusion attempt. It is
> also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
> report.
>
> Additional Information:
>
> Source Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> 023
> Target Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> 023
> Target Objects None [ capability2 ]
> Source chcon
> Source Path /usr/bin/chcon
> Port <Unknown>
> Host host.domain.com
> Source RPM Packages coreutils-7.6-9.fc12
> Target RPM Packages
> Policy RPM selinux-policy-3.6.32-92.fc12
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name host.domain.com
> Platform Linux host.domain.com
> 2.6.31.12-174.2.22.fc12.i686
> #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
> Alert Count 1
> First Seen Fri 05 Mar 2010 11:24:27 AM PST
> Last Seen Fri 05 Mar 2010 11:24:27 AM PST
> Local ID 73c77171-b9bb-44f9-98bb-68a6d3ee1e96
> Line Numbers
>
> Raw Audit Messages
>
> node=host.domain.com type=AVC msg=audit(1267817067.517:43791): avc:
> denied { mac_admin } for pid=28356 comm="chcon" capability=33
> scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tclass=capability2
>
> node=host.domain.com type=SYSCALL msg=audit(1267817067.517:43791):
> arch=40000003 syscall=226 success=no exit=-22 a0=834b8d0 a1=7fd69ed
> a2=834cc90 a3=23 items=0 ppid=28098 pid=28356 auid=500 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=1 comm="chcon"
> exe="/usr/bin/chcon"
> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

This just means you invoked chcon with an invalid security context. If
you had been allowed mac_admin in the policy, then you would have been
allowed to do so; this can be used in order to label files when creating
an image for another distribution release with a different policy. But
generally you don't want to allow it.

--
Stephen Smalley
National Security Agency

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


All times are GMT. The time now is 09:16 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.