On 09/19/2009 02:10 PM, Les wrote: > I have upgraded to F11 using the upgrade from the update process. And > it went smoothly. However, I am now getting a lot of SElinux messages > (I had to set it to permissive to get anything done at all.) I have > submitted bugs on two of them, and will submit more bugs later. I have > relabled the system (extensive and took time) used the restorecon > command where it was recommended, but still there are messages, and I > need to get those resolved prior to turning SELinux back on. > > So I am including a few of the most predominate messages in this > message. If you have had these and have a cure, or know some approach > that is safe to turning these off so I can re-enable SELinux, please let > me know. If I get no responses in a day or so I will submit bugzillas > on these as well. > > I should note that while the first shows a time of around 0300, my > system was idle at that time. I went to bed at about 2:30 and rebooted > at that time. Also I emptied the que of alerts when I logged on, so > these showed up today since about 9:30. There were four more of these > all targeting different objects. > > Regards, > Les H > > > ******************************************************************************** > > Summary: > > SELinux is preventing dbus-daemon (system_dbusd_t) "search" > unconfined_t. > > Detailed Description: > > [SELinux is in permissive mode, the operation would have been denied but > was > permitted due to permissive mode.] > > SELinux denied access requested by dbus-daemon. It is not expected that > this > access is required by dbus-daemon and this access may signal an > intrusion > attempt. It is also possible that the specific version or configuration > of the > application is causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can > disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context > system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > Target Context > unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 > 023 > Target Objects 9374 [ dir ] > Source dbus-daemon > Source Path /bin/dbus-daemon > Port <Unknown> > Host localhost.localdomain > Source RPM Packages dbus-1.2.12-2.fc11 > Target RPM Packages > Policy RPM selinux-policy-3.6.12-82.fc11 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Permissive > Plugin Name catchall > Host Name localhost.localdomain > Platform Linux localhost.localdomain > 2.6.30.5-43.fc11.i586 > #1 SMP Thu Aug 27 21:18:54 EDT 2009 i686 > i686 > Alert Count 2 > First Seen Sat 19 Sep 2009 11:03:18 AM PDT > Last Seen Sat 19 Sep 2009 11:03:18 AM PDT > Local ID 136137e2-5f20-4d7d-88e5-a65c26b266a6 > Line Numbers > > Raw Audit Messages > > node=localhost.localdomain type=AVC msg=audit(1253383398.33:262): avc: > denied { search } for pid=1472 comm="dbus-daemon" name="9374" dev=proc > ino=42807 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tclass=dir > > node=localhost.localdomain type=AVC msg=audit(1253383398.33:262): avc: > denied { read } for pid=1472 comm="dbus-daemon" name="cmdline" > dev=proc ino=42818 > scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > tclass=file > > node=localhost.localdomain type=SYSCALL msg=audit(1253383398.33:262): > arch=40000003 syscall=5 success=yes exit=41 a0=2bd1290 a1=0 a2=249e > a3=bfca767c items=0 ppid=1 pid=1472 auid=4294967295 uid=81 gid=81 > euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) > ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon" > subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null) > > ************************************************************************ > > Summary: > > SELinux is preventing dbus-daemon (system_dbusd_t) "search" > unconfined_t. > > Detailed Description: > > [SELinux is in permissive mode, the operation would have been denied but > was > permitted due to permissive mode.] > > SELinux denied access requested by dbus-daemon. It is not expected that > this > access is required by dbus-daemon and this access may signal an > intrusion > attempt. It is also possible that the specific version or configuration > of the > application is causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can > disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context > system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > Target Context > system_u:system_r:unconfined_t:s0-s0:c0.c1023 > Target Objects 9349 [ dir ] > Source dbus-daemon > Source Path /bin/dbus-daemon > Port <Unknown> > Host localhost.localdomain > Source RPM Packages dbus-1.2.12-2.fc11 > Target RPM Packages > Policy RPM selinux-policy-3.6.12-82.fc11 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Permissive > Plugin Name catchall > Host Name localhost.localdomain > Platform Linux localhost.localdomain > 2.6.30.5-43.fc11.i586 > #1 SMP Thu Aug 27 21:18:54 EDT 2009 i686 > i686 > Alert Count 2 > First Seen Sat 19 Sep 2009 11:01:01 AM PDT > Last Seen Sat 19 Sep 2009 11:01:01 AM PDT > Local ID 057fe84b-ff84-49ce-9360-17a76fc9aca5 > Line Numbers > > Raw Audit Messages > > node=localhost.localdomain type=AVC msg=audit(1253383261.273:257): avc: > denied { search } for pid=1472 comm="dbus-daemon" name="9349" dev=proc > ino=42679 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=dir > > node=localhost.localdomain type=AVC msg=audit(1253383261.273:257): avc: > denied { read } for pid=1472 comm="dbus-daemon" name="cmdline" > dev=proc ino=42680 > scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=file > > node=localhost.localdomain type=SYSCALL msg=audit(1253383261.273:257): > arch=40000003 syscall=5 success=yes exit=47 a0=2bdae88 a1=0 a2=2485 > a3=bfca767c items=0 ppid=1 pid=1472 auid=4294967295 uid=81 gid=81 > euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none) > ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon" > subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null) > > ************************************************************************* > > > > Les, I believe something went wrong on your upgrade Could you execute yum reinstall selinux-policy-targeted And make sure this succeeds? If it does then see if you still see these messages. Also check the following semodule -l | grep unconfined To make sure you have 2 packages. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
