Re: I feel left out :-).

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2007-07-22 at 00:13 -0400, Tom Horsley wrote:
> Updated my system with new kernel, and nothing horrible
> has happened. Everything seems to work perfectly :-).

I'm tempted to say "me too," but I'm not sure.  Things appear fine
(graphics, sound, network, etc.), though the first time I plugged a USB
flashdrive I got a SELinux alert, but I wasn't prevented from doing
anything.  I don't know if it was co-incidental, directly related to
plugging in the drive, or even important, but the message wasn't
repeated after dismounting, unplugging, waiting quite some time, and
replugging the drive in.  Removeable drive options were set to
auto-mount and auto-browse newly connected devices, at the time.

This is what I saw in the report, below, perhaps someone can illuminate
the situation.  I'm curious what the local ID is based on.

------------------------ start copy of report ------------------------

Summary:
SELinux is preventing /sbin/pam_console_apply (pam_console_t) "read" to / (boot_t).

Detailed Description:
SELinux denied access requested by /sbin/pam_console_apply. It is not
expected that this access is required by /sbin/pam_console_apply and
this access may signal an intrusion attempt. It is also possible that
the specific version or configuration of the application is causing it
to require additional access.

Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for /, restorecon -v / If this
does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access -
see FAQ Or you can disable SELinux protection altogether. Disabling
SELinux protection is not recommended. Please file a bug report against
this package.

Additional Information
       Source Context:  system_u:system_r:pam_console_t:SystemLow-SystemHigh
       Target Context:  system_u:object_r:boot_t
       Target Objects:  / [ dir ]
Affected RPM Packages:  pam-0.99.7.1-5.1.fc7 [application]filesystem-2.4.6-1.fc7 [target]
           Policy RPM:  selinux-policy-2.6.4-26.fc7
      Selinux Enabled:  True
          Policy Type:  targeted
          MLS Enabled:  True
       Enforcing Mode:  Enforcing
          Plugin Name:  plugins.catchall_file
            Host Name:  bigblack
             Platform:  Linux bigblack 2.6.22.1-27.fc7 #1 SMP Tue Jul 17 17:13:26 EDT 2007 i686 i686
          Alert Count:  153
           First Seen:  Fri 22 Jun 2007 18:22:34 CST
            Last Seen:  Sun 22 Jul 2007 18:16:32 CST
             Local ID:  cff890f3-609b-42c2-a807-71ed31de268c
         Line Numbers:  

Raw Audit Messages:
avc: denied { read } for comm="pam_console_app" dev=sda1 egid=0 euid=0 exe="/sbin/pam_console_apply" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/" pid=3376 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:pam_console_t:s0-s0:c0.c1023 suid=0 tclass=dir tcontext=system_u:object_r:boot_t:s0 tty=(none) uid=0 

------------------------- end copy of report -------------------------

[root@bigblack log]# lspci
00:00.0 Host bridge: Silicon Integrated Systems [SiS] 650/M650 Host (rev 01)
00:01.0 PCI bridge: Silicon Integrated Systems [SiS] Virtual PCI-to-PCI bridge (AGP)
00:02.0 ISA bridge: Silicon Integrated Systems [SiS] SiS961 [MuTIOL Media IO]
00:02.1 SMBus: Silicon Integrated Systems [SiS] SiS961/2 SMBus Controller
00:02.2 USB Controller: Silicon Integrated Systems [SiS] USB 1.0 Controller (rev 07)
00:02.3 USB Controller: Silicon Integrated Systems [SiS] USB 1.0 Controller (rev 07)
00:02.5 IDE interface: Silicon Integrated Systems [SiS] 5513 [IDE] (rev d0)
00:02.7 Multimedia audio controller: Silicon Integrated Systems [SiS] AC'97 Sound Controller (rev a0)
00:03.0 Ethernet controller: Silicon Integrated Systems [SiS] SiS900 PCI Fast Ethernet (rev 90)
01:00.0 VGA compatible controller: nVidia Corporation NV25 [GeForce4 Ti 4200] (rev a3)

-- 
[tim@bigblack ~]$ uname -ipr
2.6.22.1-27.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5.  Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux