FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-21-2008, 02:30 PM
"Adam Huffman"
 
Default Denials when installing from updates-testing

This morning I used yum to install the latest packages from the
updates-testing repository for F8. Some SELinux denials meant that
problems were reported with a lot of these updates e.g.

Updating : libxml2 ##################### [ 1/145]
error: %post(libxml2-2.6.32-1.fc8.x86_64) scriptlet failed, exit status 255
Updating : gtk2 ##################### [ 2/145]
error: %post(gtk2-2.12.8-2.fc8.x86_64) scriptlet failed, exit status 255
Updating : libxslt ##################### [ 3/145]
error: %post(libxslt-1.1.23-1.fc8.x86_64) scriptlet failed, exit status 255
Updating : evolution-data-server ##################### [ 4/145]
error: %post(evolution-data-server-1.12.3-5.fc8.x86_64) scriptlet
failed, exit status 255

and here are excerpts of the sealert messages:

Summary:

SELinux is preventing yum (mono_t) "transition" to /sbin/ldconfig
(rpm_script_t).

Source Context unconfined_u:system_r:mono_t:SystemLow-SystemHigh
Target Context
unconfined_u:system_r:rpm_script_t:SystemLow-SystemHigh
Target Objects /sbin/ldconfig [ process ]
Source yum
Source Path /usr/bin/python
Port <Unknown>

Source RPM Packages python-2.5.1-15.fc8
Target RPM Packages glibc-2.7-2
Policy RPM selinux-policy-3.0.8-95.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall


Raw Audit Messages

type=AVC msg=audit(1208774766.511:30956): avc: denied { transition }
for pid=4487 comm="yum" path="/sbin/ldconfig" dev=dm-0 ino=852080
scontext=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023
tclass=process

type=SYSCALL msg=audit(1208774766.511:30956): arch=c000003e syscall=59
success=no exit=-13 a0=1637234f a1=7fff43a32a40 a2=947ac50
a3=3d4fc13bb2 items=0 ppid=4089 pid=4487 auid=500 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts9 comm="yum"
exe="/usr/bin/python" subj=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
key=(null)

and

Summary:

SELinux is preventing yum (mono_t) "transition" to /bin/bash (rpm_script_t).

Additional Information:

Source Context unconfined_u:system_r:mono_t:SystemLow-SystemHigh
Target Context
unconfined_u:system_r:rpm_script_t:SystemLow-SystemHigh
Target Objects /bin/bash [ process ]
Source yum
Source Path /usr/bin/python
Port <Unknown>
Source RPM Packages python-2.5.1-15.fc8
Target RPM Packages bash-3.2-20.fc8
Policy RPM selinux-policy-3.0.8-95.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Alert Count 69
First Seen Mon 07 Apr 2008 13:02:19 BST
Last Seen Mon 21 Apr 2008 11:46:06 BST
Local ID e148a133-5374-43a6-953b-45076d5c667b
Line Numbers

Raw Audit Messages

type=AVC msg=audit(1208774766.470:30955): avc: denied { transition }
for pid=4486 comm="yum" path="/bin/bash" dev=dm-0 ino=65580
scontext=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023
tclass=process

type=SYSCALL msg=audit(1208774766.470:30955): arch=c000003e syscall=59
success=no exit=-13 a0=1658931a a1=7fff43a32a40 a2=947ac50
a3=3d4fc13bb2 items=0 ppid=4089 pid=4486 auid=500 uid=0 gid=0 euid=0
suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts9 comm="yum"
exe="/usr/bin/python" subj=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
key=(null)

Does this look like a local problem and relabelling is needed?

Adam

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-21-2008, 07:32 PM
Daniel J Walsh
 
Default Denials when installing from updates-testing

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adam Huffman wrote:
> This morning I used yum to install the latest packages from the
> updates-testing repository for F8. Some SELinux denials meant that
> problems were reported with a lot of these updates e.g.
>
> Updating : libxml2 ##################### [ 1/145]
> error: %post(libxml2-2.6.32-1.fc8.x86_64) scriptlet failed, exit status 255
> Updating : gtk2 ##################### [ 2/145]
> error: %post(gtk2-2.12.8-2.fc8.x86_64) scriptlet failed, exit status 255
> Updating : libxslt ##################### [ 3/145]
> error: %post(libxslt-1.1.23-1.fc8.x86_64) scriptlet failed, exit status 255
> Updating : evolution-data-server ##################### [ 4/145]
> error: %post(evolution-data-server-1.12.3-5.fc8.x86_64) scriptlet
> failed, exit status 255
>
> and here are excerpts of the sealert messages:
>
> Summary:
>
> SELinux is preventing yum (mono_t) "transition" to /sbin/ldconfig
> (rpm_script_t).
>
> Source Context unconfined_u:system_r:mono_t:SystemLow-SystemHigh
> Target Context
> unconfined_u:system_r:rpm_script_t:SystemLow-SystemHigh
> Target Objects /sbin/ldconfig [ process ]
> Source yum
> Source Path /usr/bin/python
> Port <Unknown>
>
> Source RPM Packages python-2.5.1-15.fc8
> Target RPM Packages glibc-2.7-2
> Policy RPM selinux-policy-3.0.8-95.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
>
>
> Raw Audit Messages
>
> type=AVC msg=audit(1208774766.511:30956): avc: denied { transition }
> for pid=4487 comm="yum" path="/sbin/ldconfig" dev=dm-0 ino=852080
> scontext=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023
> tclass=process
>
> type=SYSCALL msg=audit(1208774766.511:30956): arch=c000003e syscall=59
> success=no exit=-13 a0=1637234f a1=7fff43a32a40 a2=947ac50
> a3=3d4fc13bb2 items=0 ppid=4089 pid=4487 auid=500 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts9 comm="yum"
> exe="/usr/bin/python" subj=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> key=(null)
>
> and
>
> Summary:
>
> SELinux is preventing yum (mono_t) "transition" to /bin/bash (rpm_script_t).
>
> Additional Information:
>
> Source Context unconfined_u:system_r:mono_t:SystemLow-SystemHigh
> Target Context
> unconfined_u:system_r:rpm_script_t:SystemLow-SystemHigh
> Target Objects /bin/bash [ process ]
> Source yum
> Source Path /usr/bin/python
> Port <Unknown>
> Source RPM Packages python-2.5.1-15.fc8
> Target RPM Packages bash-3.2-20.fc8
> Policy RPM selinux-policy-3.0.8-95.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall
> Alert Count 69
> First Seen Mon 07 Apr 2008 13:02:19 BST
> Last Seen Mon 21 Apr 2008 11:46:06 BST
> Local ID e148a133-5374-43a6-953b-45076d5c667b
> Line Numbers
>
> Raw Audit Messages
>
> type=AVC msg=audit(1208774766.470:30955): avc: denied { transition }
> for pid=4486 comm="yum" path="/bin/bash" dev=dm-0 ino=65580
> scontext=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> tcontext=unconfined_u:system_r:rpm_script_t:s0-s0:c0.c1023
> tclass=process
>
> type=SYSCALL msg=audit(1208774766.470:30955): arch=c000003e syscall=59
> success=no exit=-13 a0=1658931a a1=7fff43a32a40 a2=947ac50
> a3=3d4fc13bb2 items=0 ppid=4089 pid=4486 auid=500 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts9 comm="yum"
> exe="/usr/bin/python" subj=unconfined_u:system_r:mono_t:s0-s0:c0.c1023
> key=(null)
>
> Does this look like a local problem and relabelling is needed?
>
Well why would yum be running as mono_t? So this looks like something
is definitely wrong with your machine. Probably labeling.

> Adam
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkgM69sACgkQrlYvE4MpobPiZQCghe5p/qVzmYGqeW6mwnXtvhuH
lgIAn0TMStfqPnh/DNDgwDESiPm3Sghh
=5SWY
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 12:59 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org