-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Valent Turkovic wrote: > On Tue, Feb 12, 2008 at 3:52 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Valent Turkovic wrote: >> >>> On Feb 9, 2008 6:36 PM, Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> wrote: >> >> Valent Turkovic wrote: >> >> >> >>> Ok, so my system is still protected but I can't see the issues what >> >>> happen becuase sel troubleshooter service crashes? >> >>> To be honesti I prefer it this way :) >> >> You can still see the issues in the logs. SELinux troubleshooter parses >> >> the AVC denied messages from the logs that are usually cryptic and >> >> attempts to convert them into a language that end users can more easily >> >> understand while attempting to also provide suggestions on actions to >> >> take. If you don't want that, you might as well as just remove the package. >> >> >> >> >> >> Rahul >> > >> > I was joking a bit :) I like selinux-troubleshooter features. >> > >> > I was thinking of danger googles from Hitchikers guide to galaxy which >> > in case od danger close their lids so you can't see the danges and are >> > there for protected from it :) I draw a paralel to sel trobleshooter >> > crashing :) >> > >> > Valent. >> > >> >> grep setroubleshoot /var/log/audit/audit.log >> >> The setroubleshooter has nothing to do with SELinux protections. It job >> is to watch for SELinux errors (avc's in /var/log/audit/audit.log), and >> then to try to translate them into actions that the user can execute. >> >> The problem is if it sees an AVC about itself, it can try to act on it, >> which might generate an AVC on itself, which it can act on, which might >> generate and AVC on itself ... >> >> So we have it commit suicide when it sees avc's on itself. >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.8 (GNU/Linux) >> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org >> >> iEYEARECAAYFAkexssgACgkQrlYvE4MpobNrgACgpdr7Bjll9OhfkOLK0IbYdgiK >> /BcAnj14frbBSAbCeQleBVUuo+s0k497 >> =Wv0t >> -----END PGP SIGNATURE----- >> >> >> >> -- >> fedora-list mailing list >> fedora-list@xxxxxxxxxx >> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list >> > > # grep setroubleshoot /var/log/audit/audit.log > type=AVC msg=audit(1201571149.355:42): avc: denied { getattr } for > pid=2274 comm="setroubleshootd" > name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2" > dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:unlabeled_t:s0 tclass=file > type=SYSCALL msg=audit(1201571149.355:42): arch=40000003 syscall=229 > success=yes exit=33 a0=97802b4 a1=ae3723 a2=96b8730 a3=ff items=0 > ppid=1 pid=2274 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1201684153.540:51): avc: denied { getattr } for > pid=2154 comm="setroubleshootd" > name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2" > dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:unlabeled_t:s0 tclass=file > type=SYSCALL msg=audit(1201684153.540:51): arch=40000003 syscall=229 > success=yes exit=33 a0=953a2b4 a1=ae3723 a2=9478498 a3=ff items=0 > ppid=1 pid=2154 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1201769937.821:56): avc: denied { getattr } for > pid=2171 comm="setroubleshootd" > name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2" > dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:unlabeled_t:s0 tclass=file > type=SYSCALL msg=audit(1201769937.821:56): arch=40000003 syscall=229 > success=yes exit=33 a0=9dce2b4 a1=ae3723 a2=9d052f0 a3=ff items=0 > ppid=1 pid=2171 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1201950125.291:41): avc: denied { getattr } for > pid=2155 comm="setroubleshootd" > name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2" > dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:unlabeled_t:s0 tclass=file > type=SYSCALL msg=audit(1201950125.291:41): arch=40000003 syscall=229 > success=yes exit=33 a0=9b3f2b4 a1=ae3723 a2=99e4d18 a3=ff items=0 > ppid=1 pid=2155 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202037784.731:45): avc: denied { getattr } for > pid=2241 comm="setroubleshootd" > name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2" > dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:unlabeled_t:s0 tclass=file > type=SYSCALL msg=audit(1202037784.731:45): arch=40000003 syscall=229 > success=yes exit=33 a0=a3012b4 a1=ae3723 a2=a2332b8 a3=ff items=0 > ppid=1 pid=2241 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202147108.451:56): avc: denied { getattr } for > pid=3725 comm="setroubleshootd" > name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2" > dev=sda6 ino=608020 > scontext=unconfined_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:unlabeled_t:s0 tclass=file > type=SYSCALL msg=audit(1202147108.451:56): arch=40000003 syscall=229 > success=yes exit=33 a0=8ad22b4 a1=ae3723 a2=8a10a60 a3=ff items=0 > ppid=1 pid=3725 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 > sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" exe="/usr/bin/python" > subj=unconfined_u:system_r:setroubleshootd_t:s0 key=(null) > type=AVC msg=audit(1202232271.895:45): avc: denied { read } for > pid=2089 comm="setroubleshootd" name="depcomp" dev=sda12 ino=367 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file > type=SYSCALL msg=audit(1202232271.895:45): arch=40000003 syscall=229 > success=yes exit=27 a0=88d18f4 a1=ae3723 a2=87ec208 a3=ff items=0 > ppid=1 pid=2089 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202232271.932:46): avc: denied { getattr } for > pid=2089 comm="setroubleshootd" > path=2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70 > dev=sda12 ino=367 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file > type=SYSCALL msg=audit(1202232271.932:46): arch=40000003 syscall=196 > success=yes exit=0 a0=87c5548 a1=b7a79748 a2=d33ff4 a3=873bbd0 items=0 > ppid=1 pid=2089 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202342788.922:91): avc: denied { read } for > pid=2106 comm="setroubleshootd" name="depcomp" dev=sda12 ino=367 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file > type=SYSCALL msg=audit(1202342788.922:91): arch=40000003 syscall=229 > success=yes exit=27 a0=946b8f4 a1=ae3723 a2=937b5e8 a3=ff items=0 > ppid=1 pid=2106 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202342788.937:92): avc: denied { getattr } for > pid=2106 comm="setroubleshootd" > path=2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70 > dev=sda12 ino=367 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file > type=SYSCALL msg=audit(1202342788.937:92): arch=40000003 syscall=196 > success=yes exit=0 a0=92e01f0 a1=b79de748 a2=d33ff4 a3=92d5bd0 items=0 > ppid=1 pid=2106 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202378035.603:44): avc: denied { getattr } for > pid=2177 comm="setroubleshootd" > name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2" > dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:unlabeled_t:s0 tclass=file > type=SYSCALL msg=audit(1202378035.603:44): arch=40000003 syscall=229 > success=yes exit=33 a0=a01b2b4 a1=ae3723 a2=9f4d2b8 a3=ff items=0 > ppid=1 pid=2177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202462227.385:51): avc: denied { read } for > pid=2195 comm="setroubleshootd" name="depcomp" dev=sda12 ino=367 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file > type=SYSCALL msg=audit(1202462227.385:51): arch=40000003 syscall=229 > success=yes exit=27 a0=b7a46974 a1=ae3723 a2=b650c270 a3=ff items=0 > ppid=1 pid=2195 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202462227.439:52): avc: denied { getattr } for > pid=2195 comm="setroubleshootd" > path=2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70 > dev=sda12 ino=367 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file > type=SYSCALL msg=audit(1202462227.439:52): arch=40000003 syscall=196 > success=yes exit=0 a0=b6505120 a1=b7a1d748 a2=d33ff4 a3=9e6d360 > items=0 ppid=1 pid=2195 auid=4294967295 uid=0 gid=0 euid=0 suid=0 > fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202556462.177:81): avc: denied { getattr } for > pid=2127 comm="setroubleshootd" > name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2" > dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:unlabeled_t:s0 tclass=file > type=SYSCALL msg=audit(1202556462.177:81): arch=40000003 syscall=229 > success=yes exit=33 a0=b7a06cb4 a1=ae3723 a2=95475a8 a3=ff items=0 > ppid=1 pid=2127 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202721977.249:48): avc: denied { read } for > pid=2110 comm="setroubleshootd" name="depcomp" dev=sda12 ino=367 > scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file > type=SYSCALL msg=audit(1202721977.249:48): arch=40000003 syscall=229 > success=yes exit=27 a0=8ac9974 a1=ae3723 a2=8b179d0 a3=ff items=0 > ppid=1 pid=2110 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202721977.303:49): avc: denied { getattr } for > pid=2110 comm="setroubleshootd" > path=2F766964656F2F305F72656D6F76652064726D2F467265654D65322F646570636F6D70 > dev=sda12 ino=367 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:fusefs_t:s0 tclass=lnk_file > type=SYSCALL msg=audit(1202721977.303:49): arch=40000003 syscall=196 > success=yes exit=0 a0=8afb840 a1=b7a53748 a2=d33ff4 a3=8a808f0 items=0 > ppid=1 pid=2110 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202809095.070:50): avc: denied { getattr } for > pid=2068 comm="setroubleshootd" > name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2" > dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:unlabeled_t:s0 tclass=file > type=SYSCALL msg=audit(1202809095.070:50): arch=40000003 syscall=229 > success=yes exit=33 a0=8d9ccb4 a1=ae3723 a2=8e97d70 a3=ff items=0 > ppid=1 pid=2068 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1202894992.290:50): avc: denied { getattr } for > pid=2029 comm="setroubleshootd" > name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2" > dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:unlabeled_t:s0 tclass=file > type=SYSCALL msg=audit(1202894992.290:50): arch=40000003 syscall=229 > success=yes exit=33 a0=9891cb4 a1=ae3723 a2=99795a0 a3=ff items=0 > ppid=1 pid=2029 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > type=AVC msg=audit(1203067253.246:63): avc: denied { getattr } for > pid=2026 comm="setroubleshootd" > name="static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2" > dev=sda6 ino=608020 scontext=system_u:system_r:setroubleshootd_t:s0 > tcontext=system_u:object_r:unlabeled_t:s0 tclass=file > type=SYSCALL msg=audit(1203067253.246:63): arch=40000003 syscall=229 > success=yes exit=33 a0=8e34cb4 a1=ae3723 a2=8f2ff18 a3=ff items=0 > ppid=1 pid=2026 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) comm="setroubleshootd" > exe="/usr/bin/python" subj=system_u:system_r:setroubleshootd_t:s0 > key=(null) > > Ok this looks like setroubleshoot is trying to read a symbolic link on a fusefs, which should be allowed. I will update rawhide. But it is also trying to read an unlabeled file static.youtube.com_yt_img_pic_blue_top_300x400-vfl30243.gif_13d6cdb2 What file system is this file on? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAke1oAYACgkQrlYvE4MpobO2cQCeP0QFtdcnE6uN7ANTsmGFnlTp 7GIAoL6LMQJxbwbxVxB8L9i4qRaCxH1j =mFdm -----END PGP SIGNATURE-----