On 12/14/2009 06:01 AM, Bob Goodwin wrote: > > I keep seeing a star icon in the F-12 box which produces the message > below. I wonder if it has anything to do with my ssh problems? > > What does it mean? What must I do to satisfy it? > > Bob > > # > > Summary: > > SELinux is preventing /usr/libexec/polkit-1/polkit-agent-helper-1 > "sys_tty_config" access. > > Detailed Description: > > [polkit-agent-he has a permissive type (policykit_auth_t). This access > was not > denied.] > > SELinux denied access requested by polkit-agent-he. It is not expected > that this > access is required by polkit-agent-he and this access may signal an > intrusion > attempt. It is also possible that the specific version or configuration > of the > application is causing it to require additional access. > > Allowing Access: > > You can generate a local policy module to allow this access - see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a > bug > report. > > Additional Information: > > Source Context > unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c > 0.c1023 > Target Context > unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c > 0.c1023 > Target Objects None [ capability ] > Source polkit-agent-he > Source Path /usr/libexec/polkit-1/polkit-agent-helper-1 > Port <Unknown> > Host box6 > Source RPM Packages polkit-0.95-0.git20090913.3.fc12 > Target RPM Packages > Policy RPM selinux-policy-3.6.32-55.fc12 > Selinux Enabled True > Policy Type targeted > Enforcing Mode Enforcing > Plugin Name catchall > Host Name box6 > Platform Linux box6 2.6.31.6-166.fc12.i686.PAE #1 > SMP Wed > Dec 9 11:00:30 EST 2009 i686 i686 > Alert Count 10 > First Seen Wed 09 Dec 2009 10:03:47 AM EST > Last Seen Sun 13 Dec 2009 07:36:40 PM EST > Local ID 71279b6b-af71-4208-85fe-64503a292646 > Line Numbers > > Raw Audit Messages > > node=box6 type=AVC msg=audit(1260751000.112:20114): avc: denied { > sys_tty_config } for pid=15535 comm="polkit-agent-he" capability=26 > scontext=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 > tclass=capability > > node=box6 type=SYSCALL msg=audit(1260751000.112:20114): arch=40000003 > syscall=54 success=yes exit=0 a0=2 a1=5401 a2=bfa30888 a3=bfa3099c > items=0 ppid=14661 pid=15535 auid=501 uid=501 gid=501 euid=0 suid=0 > fsuid=0 egid=501 sgid=501 fsgid=501 tty=(none) ses=1 > comm="polkit-agent-he" exe="/usr/libexec/polkit-1/polkit-agent-helper-1" > subj=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 key=(null) > > > > > > . > I am not sure why policykit_auth_t would need to configure the tty and I am dontauditing it in the next update release. Which I will push as soon as fedora infastructure gets put back up. Fixed in selinux-policy-3.6.32-59.fc12.noarch -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
