On 06/26/2009 11:20 AM, Paolo Galtieri wrote:
I keep getting the following SELinux alert. SELinux is preventing hostname (hostname_t) "read" security_t The alert data is shown below. I'm not sure what I might have changed to cause this. Paolo Summary: SELinux is preventing hostname (hostname_t) "read" security_t. Detailed Description: SELinux denied access requested by hostname. It is not expected that this access is required by hostname and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:hostname_t:s0 Target Context system_u:object_r:security_t:s0 Target Objects mls [ file ] Source hostname Source Path /bin/hostname Port <Unknown> Host peglaptop10 Source RPM Packages net-tools-1.60-92.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-50.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name peglaptop10 Platform Linux peglaptop10 2.6.29.5-191.fc11.x86_64 #1 SMP Tue Jun 16 23:23:21 EDT 2009 x86_64 x86_64 Alert Count 108 First Seen Fri 19 Jun 2009 06:33:48 PM MST Last Seen Fri 26 Jun 2009 07:31:49 AM MST Local ID 2bc187c8-f1ab-4a44-8c0b-cc092191743b Line Numbers Raw Audit Messages node=peglaptop10 type=AVC msg=audit(1246026709.145:1331): avc: denied { read } for pid=14213 comm="hostname" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=file node=peglaptop10 type=SYSCALL msg=audit(1246026709.145:1331): arch=c000003e syscall=2 success=no exit=-13 a0=7fff3f294550 a1=0 a2=7fff3f29455c a3=fffffff8 items=0 ppid=14200 pid=14213 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hostname" exe="/bin/hostname" subj=system_u:system_r:hostname_t:s0 key=(null)
You can ignore this for now and update to selinux-policy-3.6.12-57.fc11.noarch, when it becomes available.
Or you can grab it now at https://admin.fedoraproject.org/updates/selinux-policy-3.6.12-57.fc11 -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines