Re: Lots of SELinux denial messages.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/19/2009 02:10 PM, Les wrote:
> I have upgraded to F11 using the upgrade from the update process.  And
> it went smoothly.  However, I am now getting a lot of SElinux messages
> (I had to set it to permissive to get anything done at all.)  I have
> submitted bugs on two of them, and will submit more bugs later.  I have
> relabled the system (extensive and took time) used the restorecon
> command where it was recommended, but still there are messages, and I
> need to get those resolved prior to turning SELinux back on.
> 
> 	So I am including a few of the most predominate messages in this
> message.  If you have had these and have a cure, or know some approach
> that is safe to turning these off so I can re-enable SELinux, please let
> me know.  If I get no responses in a day or so I will submit bugzillas
> on these as well.
> 
> 	I should note that while the first shows a time of around 0300, my
> system was idle at that time.  I went to bed at about 2:30 and rebooted
> at that time.  Also I emptied the que of alerts when I logged on, so
> these showed up today since about 9:30.  There were four more of these
> all targeting different objects.
> 
> Regards, 
> Les H
> 
> 
> ********************************************************************************
> 
> Summary:
> 
> SELinux is preventing dbus-daemon (system_dbusd_t) "search"
> unconfined_t.
> 
> Detailed Description:
> 
> [SELinux is in permissive mode, the operation would have been denied but
> was
> permitted due to permissive mode.]
> 
> SELinux denied access requested by dbus-daemon. It is not expected that
> this
> access is required by dbus-daemon and this access may signal an
> intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context
> system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> Target Context
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
>                               023
> Target Objects                9374 [ dir ]
> Source                        dbus-daemon
> Source Path                   /bin/dbus-daemon
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           dbus-1.2.12-2.fc11
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.6.12-82.fc11
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Permissive
> Plugin Name                   catchall
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
> 2.6.30.5-43.fc11.i586
>                               #1 SMP Thu Aug 27 21:18:54 EDT 2009 i686
> i686
> Alert Count                   2
> First Seen                    Sat 19 Sep 2009 11:03:18 AM PDT
> Last Seen                     Sat 19 Sep 2009 11:03:18 AM PDT
> Local ID                      136137e2-5f20-4d7d-88e5-a65c26b266a6
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1253383398.33:262): avc:
> denied  { search } for  pid=1472 comm="dbus-daemon" name="9374" dev=proc
> ino=42807 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tclass=dir
> 
> node=localhost.localdomain type=AVC msg=audit(1253383398.33:262): avc:
> denied  { read } for  pid=1472 comm="dbus-daemon" name="cmdline"
> dev=proc ino=42818
> scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
> tclass=file
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1253383398.33:262):
> arch=40000003 syscall=5 success=yes exit=41 a0=2bd1290 a1=0 a2=249e
> a3=bfca767c items=0 ppid=1 pid=1472 auid=4294967295 uid=81 gid=81
> euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none)
> ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon"
> subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)
> 
> ************************************************************************
> 
> Summary:
> 
> SELinux is preventing dbus-daemon (system_dbusd_t) "search"
> unconfined_t.
> 
> Detailed Description:
> 
> [SELinux is in permissive mode, the operation would have been denied but
> was
> permitted due to permissive mode.]
> 
> SELinux denied access requested by dbus-daemon. It is not expected that
> this
> access is required by dbus-daemon and this access may signal an
> intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended.
> Please file a bug report
> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
> 
> Additional Information:
> 
> Source Context
> system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> Target Context
> system_u:system_r:unconfined_t:s0-s0:c0.c1023
> Target Objects                9349 [ dir ]
> Source                        dbus-daemon
> Source Path                   /bin/dbus-daemon
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           dbus-1.2.12-2.fc11
> Target RPM Packages           
> Policy RPM                    selinux-policy-3.6.12-82.fc11
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Permissive
> Plugin Name                   catchall
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
> 2.6.30.5-43.fc11.i586
>                               #1 SMP Thu Aug 27 21:18:54 EDT 2009 i686
> i686
> Alert Count                   2
> First Seen                    Sat 19 Sep 2009 11:01:01 AM PDT
> Last Seen                     Sat 19 Sep 2009 11:01:01 AM PDT
> Local ID                      057fe84b-ff84-49ce-9360-17a76fc9aca5
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> node=localhost.localdomain type=AVC msg=audit(1253383261.273:257): avc:
> denied  { search } for  pid=1472 comm="dbus-daemon" name="9349" dev=proc
> ino=42679 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=dir
> 
> node=localhost.localdomain type=AVC msg=audit(1253383261.273:257): avc:
> denied  { read } for  pid=1472 comm="dbus-daemon" name="cmdline"
> dev=proc ino=42680
> scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=file
> 
> node=localhost.localdomain type=SYSCALL msg=audit(1253383261.273:257):
> arch=40000003 syscall=5 success=yes exit=47 a0=2bdae88 a1=0 a2=2485
> a3=bfca767c items=0 ppid=1 pid=1472 auid=4294967295 uid=81 gid=81
> euid=81 suid=81 fsuid=81 egid=81 sgid=81 fsgid=81 tty=(none)
> ses=4294967295 comm="dbus-daemon" exe="/bin/dbus-daemon"
> subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 key=(null)
> 
> *************************************************************************
> 
> 
> 
> 
Les, I believe something went wrong on your upgrade

Could you execute

yum reinstall selinux-policy-targeted

And make sure this succeeds?

If it does then see if you still see these messages.

Also check the following 
semodule -l | grep unconfined

To make sure you have 2 packages.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux