FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-10-2008, 12:10 AM
Antonio Olivares
 
Default flood of selinux avcs, settroubleshoot all over the place(sorry for all the avcs)

Dear all,

Here are all the selinux errors that I have encountered.
I apologize for putting in all at the same time, but I am just overwhelmed at the amount. I guess setroubleshoot daemon got happy and started sending all the avcs encountered.

Thank you for advice given in advance.

Regards,

Antonio



Summary:

SELinux is preventing gvfsd-trash (staff_t) "dac_override" to <Unknown>
(staff_t).

Detailed Description:

SELinux denied access requested by gvfsd-trash. It is not expected that this
access is required by gvfsd-trash and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Objects None [ capability ]
Source pulseaudio
Source Path /usr/bin/pulseaudio
Port <Unknown>
Host localhost.localdomain
Source RPM Packages gvfs-0.2.3-1.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 39
First Seen Wed 09 Apr 2008 07:03:20 PM CDT
Last Seen Wed 09 Apr 2008 07:03:45 PM CDT
Local ID d2fbeab2-c5e1-4968-a58a-3897ade13c01
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785825.117:127): avc: denied { dac_override } for pid=5405 comm="gvfsd-trash" capability=1 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=AVC msg=audit(1207785825.117:127): avc: denied { dac_read_search } for pid=5405 comm="gvfsd-trash" capability=2 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=SYSCALL msg=audit(1207785825.117:127): arch=40000003 syscall=196 success=no exit=-13 a0=86652e8 a1=b741b1e0 a2=d14ff4 a3=0 items=0 ppid=5404 pid=5405 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="gvfsd-trash" exe="/usr/libexec/gvfsd-trash" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing escd (staff_t) "read write" to
./636F6F6C6B6579706B313173452D47617465203020302D30 (auth_cache_t).

Detailed Description:

SELinux denied access requested by escd. It is not expected that this access is
required by escd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for
./636F6F6C6B6579706B313173452D47617465203020302D30,

restorecon -v './636F6F6C6B6579706B313173452D47617465203020302D30'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Context system_ubject_r:auth_cache_t
Target Objects ./636F6F6C6B6579706B313173452D47617465203020302D30
[ file ]
Source escd
Source Path /usr/lib/esc-1.0.1/escd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages esc-1.0.1-9.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 1
First Seen Wed 09 Apr 2008 07:03:22 PM CDT
Last Seen Wed 09 Apr 2008 07:03:22 PM CDT
Local ID 6cd2e4ee-4e7e-4112-adcc-b3705916d481
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785802.447:91): avc: denied { read write } for pid=5282 comm="escd" name=636F6F6C6B6579706B313173452D47617465203020302 D30 dev=dm-0 ino=2485540 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_ubject_r:auth_cache_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1207785802.447:91): arch=40000003 syscall=5 success=no exit=-13 a0=8a45540 a1=20002 a2=180 a3=0 items=0 ppid=1 pid=5282 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="escd" exe="/usr/lib/esc-1.0.1/escd" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing pulseaudio (staff_t) "ipc_lock" to <Unknown> (staff_t).

Detailed Description:

SELinux denied access requested by pulseaudio. It is not expected that this
access is required by pulseaudio and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Objects None [ capability ]
Source gnome-keyring-d
Source Path /usr/bin/gnome-keyring-daemon
Port <Unknown>
Host localhost.localdomain
Source RPM Packages pulseaudio-0.9.10-1.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 15
First Seen Wed 09 Apr 2008 07:03:06 PM CDT
Last Seen Wed 09 Apr 2008 07:03:21 PM CDT
Local ID 638ce06f-cd52-41b7-8f87-c3296b7b9c4e
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785801.262:89): avc: denied { ipc_lock } for pid=5217 comm="pulseaudio" capability=14 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=SYSCALL msg=audit(1207785801.262:89): arch=40000003 syscall=150 success=yes exit=0 a0=b6804000 a1=3c84 a2=195cb4 a3=3c84 items=0 ppid=5214 pid=5217 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing gvfs-fuse-daemo (staff_t) "sys_admin" to <Unknown>
(staff_t).

Detailed Description:

SELinux denied access requested by gvfs-fuse-daemo. It is not expected that this
access is required by gvfs-fuse-daemo and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Objects None [ capability ]
Source gvfs-fuse-daemo
Source Path /usr/libexec/gvfs-fuse-daemon
Port <Unknown>
Host localhost.localdomain
Source RPM Packages gvfs-fuse-0.2.3-1.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 1
First Seen Wed 09 Apr 2008 07:03:21 PM CDT
Last Seen Wed 09 Apr 2008 07:03:21 PM CDT
Local ID f714cec5-eca8-4de6-a60b-d07f6e690250
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785801.751:90): avc: denied { sys_admin } for pid=5256 comm="gvfs-fuse-daemo" capability=21 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=SYSCALL msg=audit(1207785801.751:90): arch=40000003 syscall=21 success=no exit=-1 a0=90654d0 a1=9064940 a2=9065510 a3=6 items=0 ppid=1 pid=5256 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="gvfs-fuse-daemo" exe="/usr/libexec/gvfs-fuse-daemon" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing firefox (staff_t) "setuid" to <Unknown> (staff_t).

Detailed Description:

SELinux denied access requested by firefox. It is not expected that this access
is required by firefox and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Objects None [ capability ]
Source firefox
Source Path /usr/lib/firefox-3.0b5/firefox
Port <Unknown>
Host localhost.localdomain
Source RPM Packages firefox-3.0-0.53.beta5.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 14
First Seen Wed 09 Apr 2008 07:04:12 PM CDT
Last Seen Wed 09 Apr 2008 07:04:12 PM CDT
Local ID 728a632a-191d-449d-b1a1-aa9cff7a16f1
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785852.141:144): avc: denied { setuid } for pid=5422 comm="firefox" capability=7 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=SYSCALL msg=audit(1207785852.141:144): arch=40000003 syscall=208 success=yes exit=0 a0=ffffffff a1=0 a2=ffffffff a3=bfee4c1c items=0 ppid=5408 pid=5422 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="firefox" exe="/usr/lib/firefox-3.0b5/firefox" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)




Summary:

SELinux is preventing firefox (staff_t) "write" to ./firefox-3.0b5 (lib_t).

Detailed Description:

SELinux denied access requested by firefox. It is not expected that this access
is required by firefox and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./firefox-3.0b5,

restorecon -v './firefox-3.0b5'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Context system_ubject_r:lib_t
Target Objects ./firefox-3.0b5 [ dir ]
Source firefox
Source Path /usr/lib/firefox-3.0b5/firefox
Port <Unknown>
Host localhost.localdomain
Source RPM Packages firefox-3.0-0.53.beta5.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 1
First Seen Wed 09 Apr 2008 07:03:48 PM CDT
Last Seen Wed 09 Apr 2008 07:03:52 PM CDT
Local ID ba8ecec3-9fce-4945-92ed-d9640d5a0ea7
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785832.379:129): avc: denied { write } for pid=5422 comm="firefox" name="firefox-3.0b5" dev=dm-0 ino=4287001 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_ubject_r:lib_t:s0 tclass=dir

host=localhost.localdomain type=SYSCALL msg=audit(1207785832.379:129): arch=40000003 syscall=5 success=no exit=-13 a0=85ec4f0 a1=82c1 a2=1a4 a3=82c1 items=0 ppid=5408 pid=5422 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="firefox" exe="/usr/lib/firefox-3.0b5/firefox" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)




Summary:

SELinux is preventing pulseaudio (staff_t) "sys_resource" to <Unknown>
(staff_t).

Detailed Description:

SELinux denied access requested by pulseaudio. It is not expected that this
access is required by pulseaudio and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Objects None [ capability ]
Source pulseaudio
Source Path /usr/bin/pulseaudio
Port <Unknown>
Host localhost.localdomain
Source RPM Packages pulseaudio-0.9.10-1.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 2
First Seen Wed 09 Apr 2008 07:03:20 PM CDT
Last Seen Wed 09 Apr 2008 07:03:20 PM CDT
Local ID 40e0b7ff-cb5f-42de-8f1d-8302ea0c173f
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785800.594:72): avc: denied { sys_resource } for pid=5217 comm="pulseaudio" capability=24 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=root:staff_r:staff_t:s0-s0:c0.c1023 tclass=capability

host=localhost.localdomain type=SYSCALL msg=audit(1207785800.594:72): arch=40000003 syscall=75 success=no exit=-1 a0=e a1=bfa8cd1c a2=d14ff4 a3=e items=0 ppid=5214 pid=5217 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="pulseaudio" exe="/usr/bin/pulseaudio" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing bash (staff_t) "write" to ./ccache (var_t).

Detailed Description:

SELinux denied access requested by bash. It is not expected that this access is
required by bash and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./ccache,

restorecon -v './ccache'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Context system_ubject_r:var_t
Target Objects ./ccache [ dir ]
Source bash
Source Path /bin/bash
Port <Unknown>
Host localhost.localdomain
Source RPM Packages bash-3.2-22.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 1
First Seen Wed 09 Apr 2008 07:03:18 PM CDT
Last Seen Wed 09 Apr 2008 07:03:18 PM CDT
Local ID 8b8507ac-7e45-4ce0-b52f-b25b6c69c03f
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785798.523:69): avc: denied { write } for pid=5092 comm="bash" name="ccache" dev=dm-0 ino=2485510 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_ubject_r:var_t:s0 tclass=dir

host=localhost.localdomain type=SYSCALL msg=audit(1207785798.523:69): arch=40000003 syscall=33 success=no exit=-13 a0=9eaad78 a1=2 a2=d14ff4 a3=0 items=0 ppid=4990 pid=5092 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="bash" exe="/bin/bash" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)



Summary:

SELinux is preventing gnome-session (staff_t) "write" to ./fontconfig (fonts_t).

Detailed Description:

SELinux denied access requested by gnome-session. It is not expected that this
access is required by gnome-session and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./fontconfig,

restorecon -v './fontconfig'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context root:staff_r:staff_t:SystemLow-SystemHigh
Target Context system_ubject_r:fonts_t
Target Objects ./fontconfig [ dir ]
Source gnome-session
Source Path /usr/bin/gnome-session
Port <Unknown>
Host localhost.localdomain
Source RPM Packages gnome-session-2.22.1-1.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 1
First Seen Wed 09 Apr 2008 07:03:18 PM CDT
Last Seen Wed 09 Apr 2008 07:03:18 PM CDT
Local ID fddf24c2-0902-4a50-8909-4bd30c0839b6
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785798.732:70): avc: denied { write } for pid=5092 comm="gnome-session" name="fontconfig" dev=dm-0 ino=2387443 scontext=root:staff_r:staff_t:s0-s0:c0.c1023 tcontext=system_ubject_r:fonts_t:s0 tclass=dir

host=localhost.localdomain type=SYSCALL msg=audit(1207785798.732:70): arch=40000003 syscall=33 success=no exit=-13 a0=8536358 a1=2 a2=a85694 a3=852daa8 items=0 ppid=4990 pid=5092 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5 comm="gnome-session" exe="/usr/bin/gnome-session" subj=root:staff_r:staff_t:s0-s0:c0.c1023 key=(null)


Summary:

SELinux is preventing escd (user_t) "write" to ./coolkey (auth_cache_t).

Detailed Description:

SELinux denied access requested by escd. It is not expected that this access is
required by escd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./coolkey,

restorecon -v './coolkey'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context user_u:user_r:user_t
Target Context system_ubject_r:auth_cache_t
Target Objects ./coolkey [ dir ]
Source escd
Source Path /usr/lib/esc-1.0.1/escd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages esc-1.0.1-9.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 4
First Seen Wed 09 Apr 2008 06:34:01 PM CDT
Last Seen Wed 09 Apr 2008 07:02:51 PM CDT
Local ID 08e479ee-11d3-4d0c-892c-e8ce4f8beb7b
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785771.193:60): avc: denied { write } for pid=4321 comm="escd" name="coolkey" dev=dm-0 ino=2485506 scontext=user_u:user_r:user_t:s0 tcontext=system_ubject_r:auth_cache_t:s0 tclass=dir

host=localhost.localdomain type=SYSCALL msg=audit(1207785771.193:60): arch=40000003 syscall=5 success=no exit=-13 a0=88b4ba0 a1=4c2 a2=180 a3=88b3508 items=0 ppid=1 pid=4321 auid=502 uid=502 gid=502 euid=502 suid=502 fsuid=502 egid=502 sgid=502 fsgid=502 tty=(none) ses=3 comm="escd" exe="/usr/lib/esc-1.0.1/escd" subj=user_u:user_r:user_t:s0 key=(null)



Summary:

SELinux is preventing userhelper (user_t) "read write" to ./eject
(userhelper_conf_t).

Detailed Description:

SELinux denied access requested by userhelper. It is not expected that this
access is required by userhelper and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./eject,

restorecon -v './eject'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context user_u:user_r:user_t
Target Context system_ubject_r:userhelper_conf_t
Target Objects ./eject [ file ]
Source userhelper
Source Path /usr/sbin/userhelper
Port <Unknown>
Host localhost.localdomain
Source RPM Packages usermode-1.96-1
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 3
First Seen Wed 09 Apr 2008 06:34:03 PM CDT
Last Seen Wed 09 Apr 2008 06:54:10 PM CDT
Local ID 971298b0-6bc0-4ee0-a08e-efb07076dd3d
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785250.626:49): avc: denied { read write } for pid=4559 comm="userhelper" name="eject" dev=dm-0 ino=4055485 scontext=user_u:user_r:user_t:s0 tcontext=system_ubject_r:userhelper_conf_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1207785250.626:49): arch=40000003 syscall=5 success=no exit=-13 a0=82e3508 a1=2 a2=b809cee0 a3=82e3530 items=0 ppid=4558 pid=4559 auid=502 uid=502 gid=502 euid=0 suid=0 fsuid=0 egid=502 sgid=502 fsgid=502 tty=(none) ses=3 comm="userhelper" exe="/usr/sbin/userhelper" subj=user_u:user_r:user_t:s0 key=(null)



Summary:

SELinux is preventing userhelper (user_t) "read" to ./eject (userhelper_conf_t).

Detailed Description:

SELinux denied access requested by userhelper. It is not expected that this
access is required by userhelper and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./eject,

restorecon -v './eject'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context user_u:user_r:user_t
Target Context system_ubject_r:userhelper_conf_t
Target Objects ./eject [ file ]
Source userhelper
Source Path /usr/sbin/userhelper
Port <Unknown>
Host localhost.localdomain
Source RPM Packages usermode-1.96-1
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 3
First Seen Wed 09 Apr 2008 06:34:03 PM CDT
Last Seen Wed 09 Apr 2008 06:54:10 PM CDT
Local ID fe10c9ad-5af2-4402-b68e-8d6951329af6
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785250.628:50): avc: denied { read } for pid=4559 comm="userhelper" name="eject" dev=dm-0 ino=4055485 scontext=user_u:user_r:user_t:s0 tcontext=system_ubject_r:userhelper_conf_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1207785250.628:50): arch=40000003 syscall=5 success=no exit=-13 a0=82e3508 a1=0 a2=b809cee0 a3=82e3530 items=0 ppid=4558 pid=4559 auid=502 uid=502 gid=502 euid=0 suid=0 fsuid=0 egid=502 sgid=502 fsgid=502 tty=(none) ses=3 comm="userhelper" exe="/usr/sbin/userhelper" subj=user_u:user_r:user_t:s0 key=(null)


Summary:

SELinux is preventing escd (user_t) "read write" to
./636F6F6C6B6579706B313173452D47617465203020302D3530 31 (auth_cache_t).

Detailed Description:

SELinux denied access requested by escd. It is not expected that this access is
required by escd and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for
./636F6F6C6B6579706B313173452D47617465203020302D3530 31,

restorecon -v './636F6F6C6B6579706B313173452D47617465203020302D3530 31'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context user_u:user_r:user_t
Target Context system_ubject_r:auth_cache_t
Target Objects ./636F6F6C6B6579706B313173452D47617465203020302D35
3031 [ file ]
Source escd
Source Path /usr/lib/esc-1.0.1/escd
Port <Unknown>
Host localhost.localdomain
Source RPM Packages esc-1.0.1-9.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 2
First Seen Wed 09 Apr 2008 06:49:21 PM CDT
Last Seen Wed 09 Apr 2008 06:51:48 PM CDT
Local ID 655d0a34-ec8a-4327-ae0c-a21175fccec7
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785108.494:39): avc: denied { read write } for pid=3737 comm="escd" name=636F6F6C6B6579706B313173452D47617465203020302 D353031 dev=dm-0 ino=2485541 scontext=user_u:user_r:user_t:s0 tcontext=system_ubject_r:auth_cache_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1207785108.494:39): arch=40000003 syscall=5 success=no exit=-13 a0=880aba0 a1=20002 a2=180 a3=0 items=0 ppid=1 pid=3737 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=2 comm="escd" exe="/usr/lib/esc-1.0.1/escd" subj=user_u:user_r:user_t:s0 key=(null)





Summary:

SELinux is preventing wine-preloader (user_t) "mmap_zero" to <Unknown> (user_t).

Detailed Description:

SELinux denied access requested by wine-preloader. It is not expected that this
access is required by wine-preloader and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context user_u:user_r:user_t
Target Context user_u:user_r:user_t
Target Objects None [ memprotect ]
Source wine-preloader
Source Path /usr/bin/wine-preloader
Port <Unknown>
Host localhost.localdomain
Source RPM Packages wine-core-0.9.58-1.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-29.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.204.rc8.git4.fc9.i686 #1 SMP Mon Apr 7
11:33:46 EDT 2008 i686 i686
Alert Count 1
First Seen Wed 09 Apr 2008 06:50:02 PM CDT
Last Seen Wed 09 Apr 2008 06:50:02 PM CDT
Local ID 6f6e94e5-fbf2-43ea-b941-dba1d1da982b
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207785002.401:35): avc: denied { mmap_zero } for pid=3847 comm="wine-preloader" scontext=user_u:user_r:user_t:s0 tcontext=user_u:user_r:user_t:s0 tclass=memprotect

host=localhost.localdomain type=SYSCALL msg=audit(1207785002.401:35): arch=40000003 syscall=90 success=no exit=-13 a0=bfed76dc a1=bfed76dc a2=60000000 a3=bfed76dc items=0 ppid=1 pid=3847 auid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 tty=(none) ses=2 comm="wine-preloader" exe="/usr/bin/wine-preloader" subj=user_u:user_r:user_t:s0 key=(null)





Summary:

SELinux prevented X from using the terminal tty0.

Detailed Description:

SELinux prevented X from using the terminal tty0. In most cases daemons do not
need to interact with the terminal, usually these avc messages can be ignored.
All of the confined daemons should have dontaudit rules around using the
terminal. Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this selinux-policy.
If you would like to allow all daemons to interact with the terminal, you can
turn on the allow_daemons_use_tty boolean.

Allowing Access:

Changing the "allow_daemons_use_tty" boolean to true will allow this access:
"setsebool -P allow_daemons_use_tty=1."

Fix Command:

setsebool -P allow_daemons_use_tty=1

Additional Information:

Source Context user_u:user_r:user_t
Target Context system_ubject_r:tty_device_t
Target Objects tty0 [ chr_file ]
Source X
Source Path /usr/bin/Xorg
Port <Unknown>
Host localhost.localdomain
Source RPM Packages xorg-x11-server-Xorg-1.4.99.901-17.20080401.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-28.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name allow_daemons_use_tty
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.201.rc8.git4.fc9.i686 #1 SMP Sun Apr 6
21:55:27 EDT 2008 i686 i686
Alert Count 8
First Seen Fri 04 Apr 2008 06:52:01 PM CDT
Last Seen Mon 07 Apr 2008 08:13:50 PM CDT
Local ID 4c3eddb6-6a5d-420f-a3de-1649183f872c
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207617230.297:90): avc: denied { setattr } for pid=5319 comm="X" name="tty0" dev=tmpfs ino=255 scontext=user_u:user_r:user_t:s0 tcontext=system_ubject_r:tty_device_t:s0 tclass=chr_file

host=localhost.localdomain type=SYSCALL msg=audit(1207617230.297:90): arch=40000003 syscall=212 success=no exit=-13 a0=81bc13b a1=0 a2=0 a3=bfbd70b4 items=0 ppid=5318 pid=5319 auid=502 uid=502 gid=502 euid=0 suid=0 fsuid=0 egid=502 sgid=502 fsgid=502 tty=tty1 ses=8 comm="X" exe="/usr/bin/Xorg" subj=user_u:user_r:user_t:s0 key=(null)





Summary:

SELinux is preventing gdb (xdm_t) "write" to ./rpm (rpm_var_lib_t).

Detailed Description:

SELinux denied access requested by gdb. It is not expected that this access is
required by gdb and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./rpm,

restorecon -v './rpm'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context system_u:system_r:xdm_t:SystemLow-SystemHigh
Target Context system_ubject_r:rpm_var_lib_t
Target Objects ./rpm [ dir ]
Source gdb
Source Path /usr/bin/gdb
Port <Unknown>
Host localhost.localdomain
Source RPM Packages gdb-6.8-1.fc9
Target RPM Packages
Policy RPM selinux-policy-3.3.1-26.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.195.rc8.git1.fc9.i686 #1 SMP Thu Apr 3
09:42:34 EDT 2008 i686 i686
Alert Count 196
First Seen Fri 04 Apr 2008 06:48:42 PM CDT
Last Seen Fri 04 Apr 2008 07:56:14 PM CDT
Local ID bf5f7ea8-f1a0-46bb-ade6-45dc659e7c1f
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207356974.98:206): avc: denied { write } for pid=2534 comm="gdb" name="rpm" dev=dm-0 ino=2387395 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_var_lib_t:s0 tclass=dir

host=localhost.localdomain type=SYSCALL msg=audit(1207356974.98:206): arch=40000003 syscall=33 success=no exit=-13 a0=a3ddfb8 a1=2 a2=3547a4 a3=a3dde80 items=0 ppid=2533 pid=2534 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gdb" exe="/usr/bin/gdb" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)





Summary:

SELinux is preventing gdb (xdm_t) "getattr" to /var/lib/rpm/Packages
(rpm_var_lib_t).

Detailed Description:

SELinux denied access requested by gdb. It is not expected that this access is
required by gdb and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for /var/lib/rpm/Packages,

restorecon -v '/var/lib/rpm/Packages'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context system_u:system_r:xdm_t:SystemLow-SystemHigh
Target Context system_ubject_r:rpm_var_lib_t
Target Objects /var/lib/rpm/Packages [ file ]
Source gdb
Source Path /usr/bin/gdb
Port <Unknown>
Host localhost.localdomain
Source RPM Packages gdb-6.8-1.fc9
Target RPM Packages rpm-4.4.2.3-1.fc9
Policy RPM selinux-policy-3.3.1-26.fc9
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain
2.6.25-0.195.rc8.git1.fc9.i686 #1 SMP Thu Apr 3
09:42:34 EDT 2008 i686 i686
Alert Count 196
First Seen Fri 04 Apr 2008 06:48:42 PM CDT
Last Seen Fri 04 Apr 2008 07:56:14 PM CDT
Local ID adc70120-316b-494e-a25a-1a9f014c0282
Line Numbers

Raw Audit Messages

host=localhost.localdomain type=AVC msg=audit(1207356974.99:207): avc: denied { getattr } for pid=2534 comm="gdb" path="/var/lib/rpm/Packages" dev=dm-0 ino=2387402 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_var_lib_t:s0 tclass=file

host=localhost.localdomain type=SYSCALL msg=audit(1207356974.99:207): arch=40000003 syscall=195 success=no exit=-13 a0=a3ddf98 a1=bf9e3e9c a2=d14ff4 a3=64 items=0 ppid=2533 pid=2534 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gdb" exe="/usr/bin/gdb" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)


























__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 05:13 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org