FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 05-02-2012, 04:26 AM
David Highley
 
Default MySQL and ldconif avcs

Getting two avc's that trouble shooter indicates there is policy to
allow the operations.

I believe the sebool "mysql_connect_any" may correct the following avc:
time->Tue May 1 18:17:25 2012
type=SYSCALL msg=audit(1335921445.082:4514): arch=c000003e syscall=21
success=no exit=-13 a0=7f406ac5d9f0 a1=4 a2=7f406ac5d9fe a3=1c items=0
ppid=1 pid=24416 auid=4294967295 uid=27 gid=27 euid=27 suid=27 fsuid=27
egid=27 sgid=27 fsgid=27 tty=(none) ses=4294967295 comm="mysqld"
exe="/usr/libexec/mysqld" subj=system_u:system_r:mysqld_t:s0 key=(null)
type=AVC msg=audit(1335921445.082:4514): avc: denied { read } for
pid=24416 comm="mysqld" name="unix" dev="proc" ino=4026532000
scontext=system_u:system_r:mysqld_t:s0
tcontext=system_ubject_rroc_net_t:s0 tclass=file

But I have no clue which bool would correct the following:
time->Tue May 1 19:01:13 2012
type=SYSCALL msg=audit(1335924073.146:4554): arch=c000003e syscall=59
success=yes exit=0 a0=f293b0 a1=f294b0 a2=f283b0 a3=18 items=0
ppid=25927 pid=25928 auid=4294967295 uid=989 gid=983 euid=989 suid=989
fsuid=989 egid=983 sgid=983 fsgid=983 tty=(none) ses=4294967295
comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)
type=AVC msg=audit(1335924073.146:4554): avc: denied { write } for
pid=25928 comm="ldconfig"
path=2F746D702F666669536752617269202864656C6574656 429 dev="dm-1"
ino=1836898 scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_ubject_r:initrc_tmp_t:s0 tclass=file

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 05-02-2012, 12:18 PM
Daniel J Walsh
 
Default MySQL and ldconif avcs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/02/2012 12:26 AM, David Highley wrote:
> Getting two avc's that trouble shooter indicates there is policy to
> allow the operations.
>
> I believe the sebool "mysql_connect_any" may correct the following avc:
> time->Tue May 1 18:17:25 2012 type=SYSCALL msg=audit(1335921445.082:4514):
> arch=c000003e syscall=21 success=no exit=-13 a0=7f406ac5d9f0 a1=4
> a2=7f406ac5d9fe a3=1c items=0 ppid=1 pid=24416 auid=4294967295 uid=27
> gid=27 euid=27 suid=27 fsuid=27 egid=27 sgid=27 fsgid=27 tty=(none)
> ses=4294967295 comm="mysqld" exe="/usr/libexec/mysqld"
> subj=system_u:system_r:mysqld_t:s0 key=(null) type=AVC
> msg=audit(1335921445.082:4514): avc: denied { read } for pid=24416
> comm="mysqld" name="unix" dev="proc" ino=4026532000
> scontext=system_u:system_r:mysqld_t:s0
> tcontext=system_ubject_rroc_net_t:s0 tclass=file
What policy were you using when you got this.

rpm -q selinux-policy

>
> But I have no clue which bool would correct the following:
> time->Tue May 1 19:01:13 2012
> type=SYSCALL msg=audit(1335924073.146:4554): arch=c000003e syscall=59
> success=yes exit=0 a0=f293b0 a1=f294b0 a2=f283b0 a3=18 items=0
> ppid=25927 pid=25928 auid=4294967295 uid=989 gid=983 euid=989 suid=989
> fsuid=989 egid=983 sgid=983 fsgid=983 tty=(none) ses=4294967295
> comm="ldconfig" exe="/sbin/ldconfig"
> subj=system_u:system_r:ldconfig_t:s0 key=(null)
> type=AVC msg=audit(1335924073.146:4554): avc: denied { write } for
> pid=25928 comm="ldconfig"
> path=2F746D702F666669536752617269202864656C6574656 429 dev="dm-1"
> ino=1836898 scontext=system_u:system_r:ldconfig_t:s0
> tcontext=system_ubject_r:initrc_tmp_t:s0 tclass=file
>
THis is a leaked file descriptor and probably not that important, can be safely
ignored.

> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+hJiIACgkQrlYvE4MpobPstQCfchO+jZeC8P lULXfpuMYg1pE/
wQAAoJgIB6fZOITJgvF94SiVJEldENof
=/X30
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 05-02-2012, 12:57 PM
David Highley
 
Default MySQL and ldconif avcs

"Daniel J Walsh wrote:"
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 05/02/2012 12:26 AM, David Highley wrote:
> > Getting two avc's that trouble shooter indicates there is policy to
> > allow the operations.
> >
> > I believe the sebool "mysql_connect_any" may correct the following avc:
> > time->Tue May 1 18:17:25 2012 type=SYSCALL msg=audit(1335921445.082:4514):
> > arch=c000003e syscall=21 success=no exit=-13 a0=7f406ac5d9f0 a1=4
> > a2=7f406ac5d9fe a3=1c items=0 ppid=1 pid=24416 auid=4294967295 uid=27
> > gid=27 euid=27 suid=27 fsuid=27 egid=27 sgid=27 fsgid=27 tty=(none)
> > ses=4294967295 comm="mysqld" exe="/usr/libexec/mysqld"
> > subj=system_u:system_r:mysqld_t:s0 key=(null) type=AVC
> > msg=audit(1335921445.082:4514): avc: denied { read } for pid=24416
> > comm="mysqld" name="unix" dev="proc" ino=4026532000
> > scontext=system_u:system_r:mysqld_t:s0
> > tcontext=system_ubject_rroc_net_t:s0 tclass=file
> What policy were you using when you got this.
>
> rpm -q selinux-policy

selinux-policy-3.10.0-84.fc16.noarch

> >
> > But I have no clue which bool would correct the following:
> > time->Tue May 1 19:01:13 2012
> > type=SYSCALL msg=audit(1335924073.146:4554): arch=c000003e syscall=59
> > success=yes exit=0 a0=f293b0 a1=f294b0 a2=f283b0 a3=18 items=0
> > ppid=25927 pid=25928 auid=4294967295 uid=989 gid=983 euid=989 suid=989
> > fsuid=989 egid=983 sgid=983 fsgid=983 tty=(none) ses=4294967295
> > comm="ldconfig" exe="/sbin/ldconfig"
> > subj=system_u:system_r:ldconfig_t:s0 key=(null)
> > type=AVC msg=audit(1335924073.146:4554): avc: denied { write } for
> > pid=25928 comm="ldconfig"
> > path=2F746D702F666669536752617269202864656C6574656 429 dev="dm-1"
> > ino=1836898 scontext=system_u:system_r:ldconfig_t:s0
> > tcontext=system_ubject_r:initrc_tmp_t:s0 tclass=file
> >
> THis is a leaked file descriptor and probably not that important, can be safely
> ignored.
>
> > --
> > selinux mailing list
> > selinux@lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk+hJiIACgkQrlYvE4MpobPstQCfchO+jZeC8P lULXfpuMYg1pE/
> wQAAoJgIB6fZOITJgvF94SiVJEldENof
> =/X30
> -----END PGP SIGNATURE-----
>
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 05-09-2012, 05:24 PM
Miroslav Grepl
 
Default MySQL and ldconif avcs

On 05/02/2012 12:57 PM, David Highley wrote:

"Daniel J Walsh wrote:"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/02/2012 12:26 AM, David Highley wrote:

Getting two avc's that trouble shooter indicates there is policy to
allow the operations.

I believe the sebool "mysql_connect_any" may correct the following avc:
time->Tue May 1 18:17:25 2012 type=SYSCALL msg=audit(1335921445.082:4514):
arch=c000003e syscall=21 success=no exit=-13 a0=7f406ac5d9f0 a1=4
a2=7f406ac5d9fe a3=1c items=0 ppid=1 pid=24416 auid=4294967295 uid=27
gid=27 euid=27 suid=27 fsuid=27 egid=27 sgid=27 fsgid=27 tty=(none)
ses=4294967295 comm="mysqld" exe="/usr/libexec/mysqld"
subj=system_u:system_r:mysqld_t:s0 key=(null) type=AVC
msg=audit(1335921445.082:4514): avc: denied { read } for pid=24416
comm="mysqld" name="unix" dev="proc" ino=4026532000
scontext=system_u:system_r:mysqld_t:s0
tcontext=system_ubject_rroc_net_t:s0 tclass=file

What policy were you using when you got this.

rpm -q selinux-policy

selinux-policy-3.10.0-84.fc16.noarch


Open a new bug please. Thank you.

But I have no clue which bool would correct the following:
time->Tue May 1 19:01:13 2012
type=SYSCALL msg=audit(1335924073.146:4554): arch=c000003e syscall=59
success=yes exit=0 a0=f293b0 a1=f294b0 a2=f283b0 a3=18 items=0
ppid=25927 pid=25928 auid=4294967295 uid=989 gid=983 euid=989 suid=989
fsuid=989 egid=983 sgid=983 fsgid=983 tty=(none) ses=4294967295
comm="ldconfig" exe="/sbin/ldconfig"
subj=system_u:system_r:ldconfig_t:s0 key=(null)
type=AVC msg=audit(1335924073.146:4554): avc: denied { write } for
pid=25928 comm="ldconfig"
path=2F746D702F666669536752617269202864656C6574656 429 dev="dm-1"
ino=1836898 scontext=system_u:system_r:ldconfig_t:s0
tcontext=system_ubject_r:initrc_tmp_t:s0 tclass=file


THis is a leaked file descriptor and probably not that important, can be safely
ignored.


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+hJiIACgkQrlYvE4MpobPstQCfchO+jZeC8P lULXfpuMYg1pE/
wQAAoJgIB6fZOITJgvF94SiVJEldENof
=/X30
-----END PGP SIGNATURE-----


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 05-15-2012, 12:56 PM
David Highley
 
Default MySQL and ldconif avcs

"Miroslav Grepl wrote:"
>
> On 05/02/2012 12:57 PM, David Highley wrote:
> > "Daniel J Walsh wrote:"
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> On 05/02/2012 12:26 AM, David Highley wrote:
> >>> Getting two avc's that trouble shooter indicates there is policy to
> >>> allow the operations.
> >>>
> >>> I believe the sebool "mysql_connect_any" may correct the following avc:
> >>> time->Tue May 1 18:17:25 2012 type=SYSCALL msg=audit(1335921445.082:4514):
> >>> arch=c000003e syscall=21 success=no exit=-13 a0=7f406ac5d9f0 a1=4
> >>> a2=7f406ac5d9fe a3=1c items=0 ppid=1 pid=24416 auid=4294967295 uid=27
> >>> gid=27 euid=27 suid=27 fsuid=27 egid=27 sgid=27 fsgid=27 tty=(none)
> >>> ses=4294967295 comm="mysqld" exe="/usr/libexec/mysqld"
> >>> subj=system_u:system_r:mysqld_t:s0 key=(null) type=AVC
> >>> msg=audit(1335921445.082:4514): avc: denied { read } for pid=24416
> >>> comm="mysqld" name="unix" dev="proc" ino=4026532000
> >>> scontext=system_u:system_r:mysqld_t:s0
> >>> tcontext=system_ubject_rroc_net_t:s0 tclass=file
> >> What policy were you using when you got this.
> >>
> >> rpm -q selinux-policy
> > selinux-policy-3.10.0-84.fc16.noarch
> >
> Open a new bug please. Thank you.

Did some rechecking after setting the sebool for mysql and getting
an application update. No longer see the issues here.

> >>> But I have no clue which bool would correct the following:
> >>> time->Tue May 1 19:01:13 2012
> >>> type=SYSCALL msg=audit(1335924073.146:4554): arch=c000003e syscall=59
> >>> success=yes exit=0 a0=f293b0 a1=f294b0 a2=f283b0 a3=18 items=0
> >>> ppid=25927 pid=25928 auid=4294967295 uid=989 gid=983 euid=989 suid=989
> >>> fsuid=989 egid=983 sgid=983 fsgid=983 tty=(none) ses=4294967295
> >>> comm="ldconfig" exe="/sbin/ldconfig"
> >>> subj=system_u:system_r:ldconfig_t:s0 key=(null)
> >>> type=AVC msg=audit(1335924073.146:4554): avc: denied { write } for
> >>> pid=25928 comm="ldconfig"
> >>> path=2F746D702F666669536752617269202864656C6574656 429 dev="dm-1"
> >>> ino=1836898 scontext=system_u:system_r:ldconfig_t:s0
> >>> tcontext=system_ubject_r:initrc_tmp_t:s0 tclass=file
> >>>
> >> THis is a leaked file descriptor and probably not that important, can be safely
> >> ignored.
> >>
> >>> --
> >>> selinux mailing list
> >>> selinux@lists.fedoraproject.org
> >>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.4.12 (GNU/Linux)
> >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >>
> >> iEYEARECAAYFAk+hJiIACgkQrlYvE4MpobPstQCfchO+jZeC8P lULXfpuMYg1pE/
> >> wQAAoJgIB6fZOITJgvF94SiVJEldENof
> >> =/X30
> >> -----END PGP SIGNATURE-----
> >>
> > --
> > selinux mailing list
> > selinux@lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
>
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 08:58 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org