Dear fellow testers and selinux experts,
After updating to latest updates, I get several selinux denials, but setroubleshoot does not display, them. I get to see them when the system starts and that is it :(
[olivares@localhost ~]$ rpm -qa selinux* [olivares@localhost ~]$ rpm -qa selinux [olivares@localhost ~]$ rpm -qa selinux-policy* selinux-policy-3.6.1-6.fc11.noarch selinux-policy-targeted-3.6.1-6.fc11.noarch [olivares@localhost ~]$ dmesg | grep 'avc' type=1400 audit(1228782900.945:4): avc: denied { sys_tty_config } for pid=709 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability type=1400 audit(1228782901.610:5): avc: denied { sys_tty_config } for pid=716 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability type=1400 audit(1228782924.617:6): avc: denied { sys_tty_config } for pid=1471 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability type=1400 audit(1228782926.009:7): avc: denied { write } for pid=1497 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file type=1400 audit(1228782928.136:8): avc: denied { sys_tty_config } for pid=1672 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability type=1400 audit(1228782964.027:9): avc: denied { sys_tty_config } for pid=1688 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability type=1400 audit(1228782991.682:10): avc: denied { search } for pid=2415 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir type=1400 audit(1228782992.039:11): avc: denied { search } for pid=2445 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir type=1400 audit(1228782993.853:12): avc: denied { search } for pid=2482 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir type=1400 audit(1228782995.570:13): avc: denied { search } for pid=2574 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir type=1400 audit(1228783019.890:14): avc: denied { search } for pid=2845 comm="polkit-read-aut" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir [olivares@localhost ~]$
Regards,
Antonio
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
Dear fellow testers and selinux experts,
After updating to latest updates, I get several selinux denials, but setroubleshoot does not display, them. I get to see them when the system starts and that is it :(
[olivares@localhost ~]$ rpm -qa selinux* [olivares@localhost ~]$ rpm -qa selinux [olivares@localhost ~]$ rpm -qa selinux-policy* selinux-policy-3.6.1-6.fc11.noarch selinux-policy-targeted-3.6.1-6.fc11.noarch [olivares@localhost ~]$ dmesg | grep 'avc' type=1400 audit(1228782900.945:4): avc: denied { sys_tty_config } for pid=709 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability type=1400 audit(1228782901.610:5): avc: denied { sys_tty_config } for pid=716 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability type=1400 audit(1228782924.617:6): avc: denied { sys_tty_config } for pid=1471 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability type=1400 audit(1228782926.009:7): avc: denied { write } for pid=1497 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file type=1400 audit(1228782928.136:8): avc: denied { sys_tty_config } for pid=1672 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability type=1400 audit(1228782964.027:9): avc: denied { sys_tty_config } for pid=1688 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability type=1400 audit(1228782991.682:10): avc: denied { search } for pid=2415 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir type=1400 audit(1228782992.039:11): avc: denied { search } for pid=2445 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir type=1400 audit(1228782993.853:12): avc: denied { search } for pid=2482 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir type=1400 audit(1228782995.570:13): avc: denied { search } for pid=2574 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir type=1400 audit(1228783019.890:14): avc: denied { search } for pid=2845 comm="polkit-read-aut" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir [olivares@localhost ~]$
Regards,
Antonio
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
If you update to selinux-policy-3.6.1-8.fc11.noarch These should be fixed.
If you update to selinux-policy-3.6.1-8.fc11.noarch These should be fixed. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk+2DIACgkQrlYvE4MpobN1TwCdF5LmqDAhnTEkvYVDYeahBzAW ddsAoLmrjp/0XyRA/5kiNLPqDxJ0xega =euz2 -----END PGP SIGNATURE-----
Yes, they are :), thank you very much. Now selinux is denying the setroubleshoot daemon from kicking in :(, selinux denying itself in some ways. I got new avcs:
[olivares@riohigh ~]$ dmesg | grep 'avc' type=1400 audit(1228868792.540:4): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.546:5): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.569:6): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.574:7): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.582:8): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.600:9): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.617:10): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.647:11): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.653:12): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.665:13): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.247:59): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.259:60): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.269:61): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.277:62): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.283:63): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.296:64): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.304:65): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.309:66): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.322:67): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.354:68): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868811.296:89): avc: denied { read } for pid=2492 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=23265 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868811.414:90): avc: denied { read } for pid=2492 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=23265 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868818.290:91): avc: denied { read } for pid=2502 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868818.597:92): avc: denied { read } for pid=2502 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868932.171:93): avc: denied { read } for pid=2502 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868932.997:94): avc: denied { read write } for pid=2537 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868932.997:95): avc: denied { read append } for pid=2537 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868978.329:96): avc: denied { read } for pid=3281 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868978.569:97): avc: denied { read } for pid=3281 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868986.153:98): avc: denied { read } for pid=3281 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868986.899:99): avc: denied { read write } for pid=3315 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868986.899:100): avc: denied { read append } for pid=3315 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868986.901:101): avc: denied { read } for pid=3315 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868986.906:102): avc: denied { unlink } for pid=3315 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file [olivares@riohigh ~]$ rpm -qa selinux-policy selinux-policy-3.6.1-8.fc11.noarch
Thanks,
Antonio
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
If you update to selinux-policy-3.6.1-8.fc11.noarch These should be fixed. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk+2DIACgkQrlYvE4MpobN1TwCdF5LmqDAhnTEkvYVDYeahBzAW ddsAoLmrjp/0XyRA/5kiNLPqDxJ0xega =euz2 -----END PGP SIGNATURE-----
Yes, they are :), thank you very much. Now selinux is denying the setroubleshoot daemon from kicking in :(, selinux denying itself in some ways. I got new avcs:
[olivares@riohigh ~]$ dmesg | grep 'avc' type=1400 audit(1228868792.540:4): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.546:5): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.569:6): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.574:7): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.582:8): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.600:9): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.617:10): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.647:11): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.653:12): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868792.665:13): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.247:59): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.259:60): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.269:61): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.277:62): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.283:63): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.296:64): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.304:65): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.309:66): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.322:67): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868798.354:68): avc: denied { write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir type=1400 audit(1228868811.296:89): avc: denied { read } for pid=2492 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=23265 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868811.414:90): avc: denied { read } for pid=2492 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=23265 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868818.290:91): avc: denied { read } for pid=2502 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868818.597:92): avc: denied { read } for pid=2502 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868932.171:93): avc: denied { read } for pid=2502 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868932.997:94): avc: denied { read write } for pid=2537 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868932.997:95): avc: denied { read append } for pid=2537 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868978.329:96): avc: denied { read } for pid=3281 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868978.569:97): avc: denied { read } for pid=3281 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868986.153:98): avc: denied { read } for pid=3281 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868986.899:99): avc: denied { read write } for pid=3315 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868986.899:100): avc: denied { read append } for pid=3315 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868986.901:101): avc: denied { read } for pid=3315 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file type=1400 audit(1228868986.906:102): avc: denied { unlink } for pid=3315 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file [olivares@riohigh ~]$ rpm -qa selinux-policy selinux-policy-3.6.1-8.fc11.noarch
Thanks,
Antonio
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
restorecon -R -v ~/
Also did you edit some files in /usr/share/setroubleshoot/plugins directory?
pychecker /usr/share/setroubleshoot/plugins/*.py
Should fix
--- On Wed, 12/10/08, Daniel J Walsh dwalsh@redhat.com wrote:
From: Daniel J Walsh dwalsh@redhat.com Subject: Re: denied avc's on rawhide To: olivares14031@yahoo.com Cc: fedora-test-list@redhat.com, fedora-selinux-list@redhat.com Date: Wednesday, December 10, 2008, 8:33 AM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Antonio Olivares wrote:
If you update to
selinux-policy-3.6.1-8.fc11.noarch
These should be fixed. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk+2DIACgkQrlYvE4MpobN1TwCdF5LmqDAhnTEkvYVDYeahBzAW
ddsAoLmrjp/0XyRA/5kiNLPqDxJ0xega =euz2 -----END PGP SIGNATURE-----
Yes, they are :), thank you very much. Now selinux is
denying the setroubleshoot daemon from kicking in :(, selinux denying itself in some ways. I got new avcs:
[olivares@riohigh ~]$ dmesg | grep 'avc' type=1400 audit(1228868792.540:4): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868792.546:5): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868792.569:6): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868792.574:7): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868792.582:8): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868792.600:9): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868792.617:10): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868792.647:11): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868792.653:12): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868792.665:13): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868798.247:59): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868798.259:60): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868798.269:61): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868798.277:62): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868798.283:63): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868798.296:64): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868798.304:65): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868798.309:66): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868798.322:67): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868798.354:68): avc: denied {
write } for pid=2038 comm="setroubleshootd" name="plugins" dev=sda5 ino=142832 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir
type=1400 audit(1228868811.296:89): avc: denied {
read } for pid=2492 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=23265 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868811.414:90): avc: denied {
read } for pid=2492 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=23265 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868818.290:91): avc: denied {
read } for pid=2502 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868818.597:92): avc: denied {
read } for pid=2502 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868932.171:93): avc: denied {
read } for pid=2502 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868932.997:94): avc: denied {
read write } for pid=2537 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868932.997:95): avc: denied {
read append } for pid=2537 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868978.329:96): avc: denied {
read } for pid=3281 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868978.569:97): avc: denied {
read } for pid=3281 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868986.153:98): avc: denied {
read } for pid=3281 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868986.899:99): avc: denied {
read write } for pid=3315 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868986.899:100): avc: denied {
read append } for pid=3315 comm="gdm-session-wor" name=".xsession-errors" dev=sda5 ino=298 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868986.901:101): avc: denied {
read } for pid=3315 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
type=1400 audit(1228868986.906:102): avc: denied {
unlink } for pid=3315 comm="gdm-session-wor" name=".dmrc" dev=sda5 ino=18585 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_home_t:s0 tclass=file
[olivares@riohigh ~]$ rpm -qa selinux-policy selinux-policy-3.6.1-8.fc11.noarch
Thanks,
Antonio
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list restorecon -R -v ~/
I'll try that. Thanks :)
Also did you edit some files in /usr/share/setroubleshoot/plugins directory?
No, I have not messed with anything manually.
pychecker /usr/share/setroubleshoot/plugins/*.py
Should fix
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk/708ACgkQrlYvE4MpobPPJACeKiH91oxxXywvIiHKvad0qSnM U0kAoNpMW3+vCD8lInhtdvAwtgn+nuk5 =/cQM -----END PGP SIGNATURE-----
Will report back. Thank you for advising.
Regards,
Antonio
selinux@lists.fedoraproject.org