:
Jon VanAlten
vanaltj-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Mar 15 15:00:27 UTC 2010
As a Fedora user, Red Hat Bugzilla (and google) is your friend :D
https://bugzilla.redhat.com/show_bug.cgi?id=562328
So I'd try a #yum update (or otherwise confirm that your
selinux-policy package is at least as new as the version mentioned in
Comment #3), then if you still get these alerts add your 2 cents to
the bug report, to help the root cause get fixed. But if you care
only about your own system, the command mentioned in Comment 1 should
do the trick.
cheers,
jon
On Mon, Mar 15, 2010 at 10:45 AM, <john.moniz-rieW9WUcm8FFJ04o6PK0Fg at public.gmane.org> wrote:
> I'm getting these SELinux security alerts on my Fedora 12. I don't know if
> it's a misconfiguration or a real threat. Does anyone know what it means?
> I've been getting the first alert from the time I installed the distro, but
> haven't come up with a pattern yet. They have always been the same until
> today - I received a new alert, which follows the first one.
>
> I'll be executing some of the commands suggested on the alerts once I have a
> better idea of what's happening.
>
> Thanks,
>
> John.
>
>
> {Alert 1}
> Summary:
>
> SELinux is preventing /usr/sbin/NetworkManager "create" access on
> NetworkManager.state.R4GQ8U.
>
> Detailed Description:
>
> SELinux denied access requested by NetworkManager. It is not expected that
> this
> access is required by NetworkManager and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of
> the
> application is causing it to require additional access.
>
> Allowing Access:
>
> You can generate a local policy module to allow this access - see FAQ
> (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
> report.
>
> Additional Information:
>
> Source Context system_u:system_r:NetworkManager_t:s0
> Target Context system_u:object_r:var_lib_t:s0
> Target Objects NetworkManager.state.R4GQ8U [ file ]
> Source NetworkManager
> Source Path /usr/sbin/NetworkManager
> Port <Unknown>
> Host <hostname>
> Source RPM Packages NetworkManager-0.7.998-2.git20100106.fc12
> Target RPM Packages
> Policy RPM selinux-policy-3.6.32-78.fc12
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name catchall
> Host Name <hostname>
> Platform Linux <hostname> 2.6.32.7-37.fc12.x86_64 #1
> SMP Fri
> Jan 29 14:19:39 UTC 2010 x86_64 x86_64
> Alert Count 1
> First Seen Sun 21 Feb 2010 05:42:11 AM EST
> Last Seen Sun 21 Feb 2010 05:42:11 AM EST
> Local ID bbe2d9d8-17c5-4dd0-b99b-971acd50d151
> Line Numbers
>
> Raw Audit Messages
>
> node=<hostname> type=AVC msg=audit(1266748931.439:6): avc: denied { create
> } for pid=1148 comm="NetworkManager" name="NetworkManager.state.R4GQ8U"
> scontext=system_u:system_r:NetworkManager_t:s0
> tcontext=system_u:object_r:var_lib_t:s0 tclass=file
>
> node=<hostname> type=SYSCALL msg=audit(1266748931.439:6): arch=c000003e
> syscall=2 success=no exit=-13 a0=22c2170 a1=c2 a2=1b6 a3=4d6b726f7774654e
> items=0 ppid=1147 pid=1148 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="NetworkManager"
> exe="/usr/sbin/NetworkManager" subj=system_u:system_r:NetworkManager_t:s0
> key=(null)
>
> {Alert 2}
>
> Summary:
>
> SELinux is preventing access to files with the label, file_t.
>
> Detailed Description:
>
> SELinux permission checks on files labeled file_t are being denied. file_t
> is
> the context the SELinux kernel gives to files that do not have a label. This
> indicates a serious labeling problem. No files on an SELinux box should ever
> be
> labeled file_t. If you have just added a disk drive to the system you can
> relabel it using the restorecon command. For example if you saved the home
> directory from a previous installation that did not use SELinux, 'restorecon
> -R
> -v /home' will fix the labels. Otherwise you should relabel the entire file
> system.
>
> Allowing Access:
>
> You can execute the following command as root to relabel your computer
> system:
> "touch /.autorelabel; reboot"
>
> Additional Information:
>
> Source Context system_u:system_r:xdm_t:s0-s0:c0.c1023
> Target Context system_u:object_r:file_t:s0
> Target Objects /home/john [ dir ]
> Source gdm-simple-gree
> Source Path /usr/libexec/gdm-simple-greeter
> Port <Unknown>
> Host apollo
> Source RPM Packages gdm-2.28.2-1.fc12
> Target RPM Packages
> Policy RPM selinux-policy-3.6.32-89.fc12
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Plugin Name file
> Host Name apollo
> Platform Linux apollo 2.6.32.7-37.fc12.x86_64 #1 SMP
> Fri
> Jan 29 14:19:39 UTC 2010 x86_64 x86_64
> Alert Count 281
> First Seen Sun 21 Feb 2010 05:42:32 AM EST
> Last Seen Mon 15 Mar 2010 10:12:19 AM EDT
> Local ID 76dd86e3-aa08-4fd1-a645-cfa884cc8337
> Line Numbers
>
> Raw Audit Messages
>
> node=apollo type=AVC msg=audit(1268662339.365:28903): avc: denied { read }
> for pid=1813 comm="gdm-simple-gree" name="john" dev=sda6 ino=6422529
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:file_t:s0 tclass=dir
>
> node=apollo type=SYSCALL msg=audit(1268662339.365:28903): arch=c000003e
> syscall=254 success=no exit=-13 a0=12 a1=27f0180 a2=1002fce a3=1 items=0
> ppid=1742 pid=1813 auid=4294967295 uid=42 gid=475 euid=42 suid=42 fsuid=42
> egid=475 sgid=475 fsgid=475 tty=(none) ses=4294967295 comm="gdm-simple-gree"
> exe="/usr/libexec/gdm-simple-greeter"
> subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list