Re: Selinux message F-12 -

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/14/2009 06:01 AM, Bob Goodwin wrote:
> 
> I keep seeing a star icon in the F-12 box which produces the message
> below. I wonder if it has anything to do with my ssh problems?
> 
> What does it mean? What must I do to satisfy it?
> 
> Bob
> 
> #
> 
> Summary:
> 
> SELinux is preventing /usr/libexec/polkit-1/polkit-agent-helper-1
> "sys_tty_config" access.
> 
> Detailed Description:
> 
> [polkit-agent-he has a permissive type (policykit_auth_t). This access
> was not
> denied.]
> 
> SELinux denied access requested by polkit-agent-he. It is not expected
> that this
> access is required by polkit-agent-he and this access may signal an
> intrusion
> attempt. It is also possible that the specific version or configuration
> of the
> application is causing it to require additional access.
> 
> Allowing Access:
> 
> You can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a
> bug
> report.
> 
> Additional Information:
> 
> Source Context               
> unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c
>                               0.c1023
> Target Context               
> unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c
>                               0.c1023
> Target Objects                None [ capability ]
> Source                        polkit-agent-he
> Source Path                   /usr/libexec/polkit-1/polkit-agent-helper-1
> Port <Unknown>
> Host                          box6
> Source RPM Packages           polkit-0.95-0.git20090913.3.fc12
> Target RPM Packages
> Policy RPM                    selinux-policy-3.6.32-55.fc12
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Plugin Name                   catchall
> Host Name                     box6
> Platform                      Linux box6 2.6.31.6-166.fc12.i686.PAE #1
> SMP Wed
>                               Dec 9 11:00:30 EST 2009 i686 i686
> Alert Count                   10
> First Seen                    Wed 09 Dec 2009 10:03:47 AM EST
> Last Seen                     Sun 13 Dec 2009 07:36:40 PM EST
> Local ID                      71279b6b-af71-4208-85fe-64503a292646
> Line Numbers
> 
> Raw Audit Messages
> 
> node=box6 type=AVC msg=audit(1260751000.112:20114): avc:  denied  {
> sys_tty_config } for  pid=15535 comm="polkit-agent-he" capability=26
> scontext=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023
> tcontext=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023
> tclass=capability
> 
> node=box6 type=SYSCALL msg=audit(1260751000.112:20114): arch=40000003
> syscall=54 success=yes exit=0 a0=2 a1=5401 a2=bfa30888 a3=bfa3099c
> items=0 ppid=14661 pid=15535 auid=501 uid=501 gid=501 euid=0 suid=0
> fsuid=0 egid=501 sgid=501 fsgid=501 tty=(none) ses=1
> comm="polkit-agent-he" exe="/usr/libexec/polkit-1/polkit-agent-helper-1"
> subj=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 key=(null)
> 
> 
> 
> 
> 
> .
> 
I am not sure why policykit_auth_t would need to configure the tty and I am dontauditing it in the next update release.  Which I will
push as soon as fedora infastructure gets put back up.

Fixed in selinux-policy-3.6.32-59.fc12.noarch

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux