FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 07-21-2011, 06:26 PM
Arthur Dent
 
Default oops on reboot

I don't reboot my machine very often (about once per month after a "yum
update") but each time I do I now get the following AVC:

=============8<=================================== ======================
SELinux is preventing /usr/bin/abrt-dump-oops from syslog_read access on
the system Unknown.

***** Plugin catchall (100. confidence) suggests
***************************

If you believe that abrt-dump-oops should be allowed syslog_read access
on the Unknown system by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep abrt-dump-oops /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_u:system_r:abrt_helper_t:s0
Target Context system_u:system_r:kernel_t:s0
Target Objects Unknown [ system ]
Source abrt-dump-oops
Source Path /usr/bin/abrt-dump-oops
Port <Unknown>
Host example.com
Source RPM Packages abrt-addon-kerneloops-2.0.3-1.fc15
Target RPM Packages
Policy RPM selinux-policy-3.9.16-34.fc15
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name example.com
Platform Linux troodos.org.uk
2.6.38.8-35.fc15.i686.PAE #1
SMP Wed Jul 6 14:29:06 UTC 2011 i686 i686
Alert Count 3
First Seen Tue Jul 19 10:22:00 2011
Last Seen Thu Jul 21 11:34:47 2011
Local ID 9591fda1-fb84-4cd0-841e-650d306152f4

Raw Audit Messages
type=AVC msg=audit(1311244487.906:41): avc: denied { syslog_read } for
pid=1440 comm="abrt-dump-oops"
scontext=system_u:system_r:abrt_helper_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=system


type=SYSCALL msg=audit(1311244487.906:41): arch=i386 syscall=syslog
success=no exit=EACCES a0=3 a1=90d70a8 a2=3fff a3=0 items=0 ppid=1
pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm=abrt-dump-oops
exe=/usr/bin/abrt-dump-oops subj=system_u:system_r:abrt_helper_t:s0
key=(null)

Hash: abrt-dump-oops,abrt_helper_t,kernel_t,system,syslog_read

audit2allow

#============= abrt_helper_t ==============
allow abrt_helper_t kernel_t:system syslog_read;

audit2allow -R

#============= abrt_helper_t ==============
allow abrt_helper_t kernel_t:system syslog_read;
=============8<=================================== ======================

Should I allow it?

Thanks in advance

Mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 07-21-2011, 07:40 PM
Daniel J Walsh
 
Default oops on reboot

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/21/2011 02:26 PM, Arthur Dent wrote:
> I don't reboot my machine very often (about once per month after a
> "yum update") but each time I do I now get the following AVC:
>
> =============8<=================================== ======================
>
>
SELinux is preventing /usr/bin/abrt-dump-oops from syslog_read access on
> the system Unknown.
>
> ***** Plugin catchall (100. confidence) suggests
> ***************************
>
> If you believe that abrt-dump-oops should be allowed syslog_read
> access on the Unknown system by default. Then you should report this
> as a bug. You can generate a local policy module to allow this
> access. Do allow this access for now by executing: # grep
> abrt-dump-oops /var/log/audit/audit.log | audit2allow -M mypol #
> semodule -i mypol.pp
>
> Additional Information: Source Context
> system_u:system_r:abrt_helper_t:s0 Target Context
> system_u:system_r:kernel_t:s0 Target Objects Unknown [
> system ] Source abrt-dump-oops Source Path
> /usr/bin/abrt-dump-oops Port <Unknown> Host
> example.com Source RPM Packages
> abrt-addon-kerneloops-2.0.3-1.fc15 Target RPM Packages Policy RPM
> selinux-policy-3.9.16-34.fc15 Selinux Enabled True
> Policy Type targeted Enforcing Mode
> Enforcing Host Name example.com Platform
> Linux troodos.org.uk 2.6.38.8-35.fc15.i686.PAE #1 SMP Wed Jul 6
> 14:29:06 UTC 2011 i686 i686 Alert Count 3 First
> Seen Tue Jul 19 10:22:00 2011 Last Seen
> Thu Jul 21 11:34:47 2011 Local ID
> 9591fda1-fb84-4cd0-841e-650d306152f4
>
> Raw Audit Messages type=AVC msg=audit(1311244487.906:41): avc:
> denied { syslog_read } for pid=1440 comm="abrt-dump-oops"
> scontext=system_u:system_r:abrt_helper_t:s0
> tcontext=system_u:system_r:kernel_t:s0 tclass=system
>
>
> type=SYSCALL msg=audit(1311244487.906:41): arch=i386 syscall=syslog
> success=no exit=EACCES a0=3 a1=90d70a8 a2=3fff a3=0 items=0 ppid=1
> pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=abrt-dump-oops
> exe=/usr/bin/abrt-dump-oops subj=system_u:system_r:abrt_helper_t:s0
> key=(null)
>
> Hash: abrt-dump-oops,abrt_helper_t,kernel_t,system,syslog_read
>
> audit2allow
>
> #============= abrt_helper_t ============== allow abrt_helper_t
> kernel_t:system syslog_read;
>
> audit2allow -R
>
> #============= abrt_helper_t ============== allow abrt_helper_t
> kernel_t:system syslog_read;
> =============8<=================================== ======================
>
> Should I allow it?
>
> Thanks in advance
>
> Mark
>
>
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

Please report a bugzilla.

Miroslav I guess we need to back port the abrt policy from F16
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4ogJkACgkQrlYvE4MpobNInwCg2Jdr+eVNRu 8UM6N2EX/dLjxL
07UAmQEzS+x0HVy03bKio9eRijEhGePG
=vgT/
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 07-21-2011, 10:24 PM
Arthur Dent
 
Default oops on reboot

On Thu, 2011-07-21 at 15:40 -0400, Daniel J Walsh wrote:

>
> Please report a bugzilla.
>
> Miroslav I guess we need to back port the abrt policy from F16

Done:

https://bugzilla.redhat.com/show_bug.cgi?id=724825

While I am waiting for this to work its way through the Fedora bug
squash machine, what harm would be done by simply ignoring this?

(or should I create a local policy?)

Thanks for your help...

Mark
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 07-22-2011, 01:48 PM
Daniel J Walsh
 
Default oops on reboot

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/21/2011 06:24 PM, Arthur Dent wrote:
> On Thu, 2011-07-21 at 15:40 -0400, Daniel J Walsh wrote:
>
>>
>> Please report a bugzilla.
>>
>> Miroslav I guess we need to back port the abrt policy from F16
>
> Done:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=724825
>
> While I am waiting for this to work its way through the Fedora bug
> squash machine, what harm would be done by simply ignoring this?
>
> (or should I create a local policy?)
>
> Thanks for your help...
>
> Mark
>
>
>
> -- selinux mailing list selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Ignoring it is probably the safest. You will probably not be able to
report the kernel oops as well, but I am not a big fan of allow that
access to the abrt_helper_t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4pf5cACgkQrlYvE4MpobOEfACfR9AKaX4yV4 loiNKQsr58L0WB
ohMAoLGOi1yGIDLXUZ2dSsUgRf1V212i
=RYzV
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 12:55 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org