<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
Thanks, I didn't expect it to be a bug, thought I had a security problem. I've done the updating mentioned on Comment #3 and will keep an eye on it.<br><br>Now I turn my attention to Alert 2 at bottom of email. I also found it in bugzilla<br>https://bugzilla.redhat.com/show_bug.cgi?id=485921<br>I did the check shown on Comment #3 and found tons of files labeled file_t<br>(# ls -lZ /home/family/.gconf/desktop/gnome/applications/window_manager<br>-rw-------. family users system_u:object_r:file_t:s0 %gconf.xml)<br><br>But I don't know what to do with that info (am not familiar with labels at all). The suggestion on Comment #2 is to do the follwoing:<br>touch /.autorelabel;reboot<br><br>Does that seem like a good idea? Would it be done for all of the directories involved? Any dangers to avoid?<br><br>Thanks again,<br><br>John.<br><br><br>> Date: Mon, 15 Mar 2010 11:00:27 -0400<br>> Subject: Re: [TLUG]:<br>> From: vanaltj-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org<br>> To: tlug-lxSQFCZeNF4@public.gmane.org<br>> <br>> As a Fedora user, Red Hat Bugzilla (and google) is your friend :D<br>> <br>> https://bugzilla.redhat.com/show_bug.cgi?id=562328<br>> <br>> So I'd try a #yum update (or otherwise confirm that your<br>> selinux-policy package is at least as new as the version mentioned in<br>> Comment #3), then if you still get these alerts add your 2 cents to<br>> the bug report, to help the root cause get fixed. But if you care<br>> only about your own system, the command mentioned in Comment 1 should<br>> do the trick.<br>> <br>> cheers,<br>> <br>> jon<br>> <br>> On Mon, Mar 15, 2010 at 10:45 AM, <john.moniz-rieW9WUcm8FFJ04o6PK0Fg@public.gmane.org> wrote:<br>> > I'm getting these SELinux security alerts on my Fedora 12. I don't know if<br>> > it's a misconfiguration or a real threat. Does anyone know what it means?<br>> > I've been getting the first alert from the time I installed the distro, but<br>> > haven't come up with a pattern yet. They have always been the same until<br>> > today - I received a new alert, which follows the first one.<br>> ><br>> > I'll be executing some of the commands suggested on the alerts once I have a<br>> > better idea of what's happening.<br>> ><br>> > Thanks,<br>> ><br>> > John.<br>> ><br>> ><br>> > {Alert 1}<br>> > Summary:<br>> ><br>> > SELinux is preventing /usr/sbin/NetworkManager "create" access on<br>> > NetworkManager.state.R4GQ8U.<br>> ><br>> > Detailed Description:<br>> ><br>> > SELinux denied access requested by NetworkManager. It is not expected that<br>> > this<br>> > access is required by NetworkManager and this access may signal an intrusion<br>> > attempt. It is also possible that the specific version or configuration of<br>> > the<br>> > application is causing it to require additional access.<br>> ><br>> > Allowing Access:<br>> ><br>> > You can generate a local policy module to allow this access - see FAQ<br>> > (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug<br>> > report.<br>> ><br>> > Additional Information:<br>> ><br>> > Source Context system_u:system_r:NetworkManager_t:s0<br>> > Target Context system_u:object_r:var_lib_t:s0<br>> > Target Objects NetworkManager.state.R4GQ8U [ file ]<br>> > Source NetworkManager<br>> > Source Path /usr/sbin/NetworkManager<br>> > Port <Unknown><br>> > Host <hostname><br>> > Source RPM Packages NetworkManager-0.7.998-2.git20100106.fc12<br>> > Target RPM Packages<br>> > Policy RPM selinux-policy-3.6.32-78.fc12<br>> > Selinux Enabled True<br>> > Policy Type targeted<br>> > Enforcing Mode Enforcing<br>> > Plugin Name catchall<br>> > Host Name <hostname><br>> > Platform Linux <hostname> 2.6.32.7-37.fc12.x86_64 #1<br>> > SMP Fri<br>> > Jan 29 14:19:39 UTC 2010 x86_64 x86_64<br>> > Alert Count 1<br>> > First Seen Sun 21 Feb 2010 05:42:11 AM EST<br>> > Last Seen Sun 21 Feb 2010 05:42:11 AM EST<br>> > Local ID bbe2d9d8-17c5-4dd0-b99b-971acd50d151<br>> > Line Numbers<br>> ><br>> > Raw Audit Messages<br>> ><br>> > node=<hostname> type=AVC msg=audit(1266748931.439:6): avc: denied { create<br>> > } for pid=1148 comm="NetworkManager" name="NetworkManager.state.R4GQ8U"<br>> > scontext=system_u:system_r:NetworkManager_t:s0<br>> > tcontext=system_u:object_r:var_lib_t:s0 tclass=file<br>> ><br>> > node=<hostname> type=SYSCALL msg=audit(1266748931.439:6): arch=c000003e<br>> > syscall=2 success=no exit=-13 a0=22c2170 a1=c2 a2=1b6 a3=4d6b726f7774654e<br>> > items=0 ppid=1147 pid=1148 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0<br>> > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager"<br>> > exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0<br>> > key=(null)<br>> ><br>> > {Alert 2}<br>> ><br>> > Summary:<br>> ><br>> > SELinux is preventing access to files with the label, file_t.<br>> ><br>> > Detailed Description:<br>> ><br>> > SELinux permission checks on files labeled file_t are being denied. file_t<br>> > is<br>> > the context the SELinux kernel gives to files that do not have a label. This<br>> > indicates a serious labeling problem. No files on an SELinux box should ever<br>> > be<br>> > labeled file_t. If you have just added a disk drive to the system you can<br>> > relabel it using the restorecon command. For example if you saved the home<br>> > directory from a previous installation that did not use SELinux, 'restorecon<br>> > -R<br>> > -v /home' will fix the labels. Otherwise you should relabel the entire file<br>> > system.<br>> ><br>> > Allowing Access:<br>> ><br>> > You can execute the following command as root to relabel your computer<br>> > system:<br>> > "touch /.autorelabel; reboot"<br>> ><br>> > Additional Information:<br>> ><br>> > Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023<br>> > Target Context system_u:object_r:file_t:s0<br>> > Target Objects /home/john [ dir ]<br>> > Source gdm-simple-gree<br>> > Source Path /usr/libexec/gdm-simple-greeter<br>> > Port <Unknown><br>> > Host apollo<br>> > Source RPM Packages gdm-2.28.2-1.fc12<br>> > Target RPM Packages<br>> > Policy RPM selinux-policy-3.6.32-89.fc12<br>> > Selinux Enabled True<br>> > Policy Type targeted<br>> > Enforcing Mode Enforcing<br>> > Plugin Name file<br>> > Host Name apollo<br>> > Platform Linux apollo 2.6.32.7-37.fc12.x86_64 #1 SMP<br>> > Fri<br>> > Jan 29 14:19:39 UTC 2010 x86_64 x86_64<br>> > Alert Count 281<br>> > First Seen Sun 21 Feb 2010 05:42:32 AM EST<br>> > Last Seen Mon 15 Mar 2010 10:12:19 AM EDT<br>> > Local ID 76dd86e3-aa08-4fd1-a645-cfa884cc8337<br>> > Line Numbers<br>> ><br>> > Raw Audit Messages<br>> ><br>> > node=apollo type=AVC msg=audit(1268662339.365:28903): avc: denied { read }<br>> > for pid=1813 comm="gdm-simple-gree" name="john" dev=sda6 ino=6422529<br>> > scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023<br>> > tcontext=system_u:object_r:file_t:s0 tclass=dir<br>> ><br>> > node=apollo type=SYSCALL msg=audit(1268662339.365:28903): arch=c000003e<br>> > syscall=254 success=no exit=-13 a0=12 a1=27f0180 a2=1002fce a3=1 items=0<br>> > ppid=1742 pid=1813 auid=4294967295 uid=42 gid=475 euid=42 suid=42 fsuid=42<br>> > egid=475 sgid=475 fsgid=475 tty=(none) ses=4294967295 comm="gdm-simple-gree"<br>> > exe="/usr/libexec/gdm-simple-greeter"<br>> > subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)<br>> ><br>> ><br>> ><br>> ><br>> --<br>> The Toronto Linux Users Group. Meetings: http://gtalug.org/<br>> TLUG requests: Linux topics, No HTML, wrap text below 80 columns<br>> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists<br> </body>
</html>