Dear all,
I am running rawhide. I see the following: Is avahi-deamon doing something that it shouldn't?
Thanks,
Antonio
Summary:
SELinux is preventing avahi-daemon (avahi_t) "getcap" to <Unknown> (avahi_t).
Detailed Description:
SELinux denied access requested by avahi-daemon. It is not expected that this access is required by avahi-daemon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context system_u:system_r:avahi_t Target Context system_u:system_r:avahi_t Target Objects None [ process ] Source avahi-daemon Source Path /usr/sbin/avahi-daemon Port <Unknown> Host localhost Source RPM Packages avahi-0.6.17-1.fc7 Target RPM Packages Policy RPM selinux-policy-3.3.0-1.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost Platform Linux localhost 2.6.25-0.65.rc2.git7.fc9 #1 SMP Sat Feb 23 23:06:09 EST 2008 i686 athlon Alert Count 12 First Seen Sat 23 Feb 2008 01:04:44 PM CST Last Seen Mon 25 Feb 2008 07:19:57 AM CST Local ID e83550c8-f8d8-4109-9f8f-215e82dbb99c Line Numbers
Raw Audit Messages
host=localhost type=AVC msg=audit(1203945597.443:10): avc: denied { getcap } for pid=2159 comm="avahi-daemon" scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:system_r:avahi_t:s0 tclass=process
host=localhost type=SYSCALL msg=audit(1203945597.443:10): arch=40000003 syscall=184 success=no exit=-13 a0=8c60e3c a1=0 a2=9df0f0 a3=8c60e38 items=0 ppid=1 pid=2159 auid=4294967295 uid=70 gid=70 euid=70 suid=70 fsuid=70 egid=70 sgid=70 fsgid=70 tty=(none) ses=4294967295 comm="avahi-daemon" exe="/usr/sbin/avahi-daemon" subj=system_u:system_r:avahi_t:s0 key=(null)
____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
Dear all,
I am running rawhide. I see the following: Is avahi-deamon doing something that it shouldn't?
Thanks,
Antonio
Summary:
SELinux is preventing avahi-daemon (avahi_t) "getcap" to <Unknown> (avahi_t).
Detailed Description:
SELinux denied access requested by avahi-daemon. It is not expected that this access is required by avahi-daemon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context system_u:system_r:avahi_t Target Context system_u:system_r:avahi_t Target Objects None [ process ] Source avahi-daemon Source Path /usr/sbin/avahi-daemon Port <Unknown> Host localhost Source RPM Packages avahi-0.6.17-1.fc7 Target RPM Packages Policy RPM selinux-policy-3.3.0-1.fc9 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost Platform Linux localhost 2.6.25-0.65.rc2.git7.fc9 #1 SMP Sat Feb 23 23:06:09 EST 2008 i686 athlon Alert Count 12 First Seen Sat 23 Feb 2008 01:04:44 PM CST Last Seen Mon 25 Feb 2008 07:19:57 AM CST Local ID e83550c8-f8d8-4109-9f8f-215e82dbb99c Line Numbers
Raw Audit Messages
host=localhost type=AVC msg=audit(1203945597.443:10): avc: denied { getcap } for pid=2159 comm="avahi-daemon" scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:system_r:avahi_t:s0 tclass=process
host=localhost type=SYSCALL msg=audit(1203945597.443:10): arch=40000003 syscall=184 success=no exit=-13 a0=8c60e3c a1=0 a2=9df0f0 a3=8c60e38 items=0 ppid=1 pid=2159 auid=4294967295 uid=70 gid=70 euid=70 suid=70 fsuid=70 egid=70 sgid=70 fsgid=70 tty=(none) ses=4294967295 comm="avahi-daemon" exe="/usr/sbin/avahi-daemon" subj=system_u:system_r:avahi_t:s0 key=(null)
____________________________________________________________________________________Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
No, I am guessing that some library function or kernel change has happened to cause all apps that use setcap to need getcap. So I am making the change in policy.
selinux@lists.fedoraproject.org
-
Antonio Olivares -
Daniel J Walsh