FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-07-2010, 07:21 PM
"Daniel B. Thurman"
 
Default F12: "mac_admin"

I have no idea what this is, but it is new:

================================================
Summary:

SELinux is preventing /usr/bin/chcon "mac_admin" access .

Detailed Description:

SELinux denied access requested by chcon. It is not expected that this
access is
required by chcon and this access may signal an intrusion attempt. It is
also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Context
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
023
Target Objects None [ capability2 ]
Source chcon
Source Path /usr/bin/chcon
Port <Unknown>
Host host.domain.com
Source RPM Packages coreutils-7.6-9.fc12
Target RPM Packages
Policy RPM selinux-policy-3.6.32-92.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name host.domain.com
Platform Linux host.domain.com
2.6.31.12-174.2.22.fc12.i686
#1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
Alert Count 1
First Seen Fri 05 Mar 2010 11:24:27 AM PST
Last Seen Fri 05 Mar 2010 11:24:27 AM PST
Local ID 73c77171-b9bb-44f9-98bb-68a6d3ee1e96
Line Numbers

Raw Audit Messages

node=host.domain.com type=AVC msg=audit(1267817067.517:43791): avc:
denied { mac_admin } for pid=28356 comm="chcon" capability=33
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=capability2

node=host.domain.com type=SYSCALL msg=audit(1267817067.517:43791):
arch=40000003 syscall=226 success=no exit=-22 a0=834b8d0 a1=7fd69ed
a2=834cc90 a3=23 items=0 ppid=28098 pid=28356 auid=500 uid=0 gid=0
euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=1 comm="chcon"
exe="/usr/bin/chcon"
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-08-2010, 01:10 PM
Daniel J Walsh
 
Default F12: "mac_admin"

On 03/07/2010 03:21 PM, Daniel B. Thurman wrote:
> I have no idea what this is, but it is new:
>
> ================================================
> Summary:
>
> SELinux is preventing /usr/bin/chcon "mac_admin" access .
>
> Detailed Description:
>
> SELinux denied access requested by chcon. It is not expected that this
> access is
> required by chcon and this access may signal an intrusion attempt. It is
> also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
> report.
>
> Additional Information:
>
> Source Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> 023
> Target Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> 023
> Target Objects None [ capability2 ]
> Source chcon
> Source Path /usr/bin/chcon
> Port<Unknown>
> Host host.domain.com
> Source RPM Packages coreutils-7.6-9.fc12
> Target RPM Packages
> Policy RPM selinux-policy-3.6.32-92.fc12
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name host.domain.com
> Platform Linux host.domain.com
> 2.6.31.12-174.2.22.fc12.i686
> #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
> Alert Count 1
> First Seen Fri 05 Mar 2010 11:24:27 AM PST
> Last Seen Fri 05 Mar 2010 11:24:27 AM PST
> Local ID 73c77171-b9bb-44f9-98bb-68a6d3ee1e96
> Line Numbers
>
> Raw Audit Messages
>
> node=host.domain.com type=AVC msg=audit(1267817067.517:43791): avc:
> denied { mac_admin } for pid=28356 comm="chcon" capability=33
> scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tclass=capability2
>
> node=host.domain.com type=SYSCALL msg=audit(1267817067.517:43791):
> arch=40000003 syscall=226 success=no exit=-22 a0=834b8d0 a1=7fd69ed
> a2=834cc90 a3=23 items=0 ppid=28098 pid=28356 auid=500 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=1 comm="chcon"
> exe="/usr/bin/chcon"
> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
>
Something is executing chcon with a context that the kernel does not
understand? Do you have any idea when this is happening?
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-08-2010, 01:16 PM
Stephen Smalley
 
Default F12: "mac_admin"

On Sun, 2010-03-07 at 12:21 -0800, Daniel B. Thurman wrote:
> I have no idea what this is, but it is new:
>
> ================================================
> Summary:
>
> SELinux is preventing /usr/bin/chcon "mac_admin" access .
>
> Detailed Description:
>
> SELinux denied access requested by chcon. It is not expected that this
> access is
> required by chcon and this access may signal an intrusion attempt. It is
> also
> possible that the specific version or configuration of the application is
> causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
> report.
>
> Additional Information:
>
> Source Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> 023
> Target Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
> 023
> Target Objects None [ capability2 ]
> Source chcon
> Source Path /usr/bin/chcon
> Port <Unknown>
> Host host.domain.com
> Source RPM Packages coreutils-7.6-9.fc12
> Target RPM Packages
> Policy RPM selinux-policy-3.6.32-92.fc12
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name host.domain.com
> Platform Linux host.domain.com
> 2.6.31.12-174.2.22.fc12.i686
> #1 SMP Fri Feb 19 19:26:06 UTC 2010 i686 i686
> Alert Count 1
> First Seen Fri 05 Mar 2010 11:24:27 AM PST
> Last Seen Fri 05 Mar 2010 11:24:27 AM PST
> Local ID 73c77171-b9bb-44f9-98bb-68a6d3ee1e96
> Line Numbers
>
> Raw Audit Messages
>
> node=host.domain.com type=AVC msg=audit(1267817067.517:43791): avc:
> denied { mac_admin } for pid=28356 comm="chcon" capability=33
> scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tclass=capability2
>
> node=host.domain.com type=SYSCALL msg=audit(1267817067.517:43791):
> arch=40000003 syscall=226 success=no exit=-22 a0=834b8d0 a1=7fd69ed
> a2=834cc90 a3=23 items=0 ppid=28098 pid=28356 auid=500 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts10 ses=1 comm="chcon"
> exe="/usr/bin/chcon"
> subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

This just means you invoked chcon with an invalid security context. If
you had been allowed mac_admin in the policy, then you would have been
allowed to do so; this can be used in order to label files when creating
an image for another distribution release with a different policy. But
generally you don't want to allow it.

--
Stephen Smalley
National Security Agency

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 05:15 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org