Re: ifconfig/pipefs avc messages.: msg#00129

dragoran wrote:

Daniel J Walsh wrote:
dragoran wrote:
dragoran wrote:

> I have found this messages in /var/log/audit/audit.log:
>
>> type=AVC msg=audit(1120371250.432:658540): avc:  denied  { write }
>> for  pid=3342 comm="ifconfig" name=[11205] dev=pipefs ino=11205
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371250.432:658540): avc:  denied  { read }
>> for  pid=3342 comm="ifconfig" name=[11205] dev=pipefs ino=11205
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371250.432:658540): avc:  denied  { write }
>> for  pid=3342 comm="ifconfig" name=[11203] dev=pipefs ino=11203
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371250.432:658540): avc:  denied  { read }
>> for  pid=3342 comm="ifconfig" name=[11203] dev=pipefs ino=11203
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371250.432:658540): avc:  denied  { write }
>> for  pid=3342 comm="ifconfig" name=[11202] dev=pipefs ino=11202
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371250.432:658540): avc:  denied  { read }
>> for  pid=3342 comm="ifconfig" name=[11202] dev=pipefs ino=11202
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371250.432:658540): avc:  denied  { write }
>> for  pid=3342 comm="ifconfig" name=[11201] dev=pipefs ino=11201
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371250.432:658540): avc:  denied  { read }
>> for  pid=3342 comm="ifconfig" name=[11201] dev=pipefs ino=11201
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371250.432:658540): avc:  denied  { write }
>> for  pid=3342 comm="ifconfig" name=[11687] dev=pipefs ino=11687
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371250.432:658540): avc:  denied  { write }
>> for  pid=3342 comm="ifconfig" name=[11687] dev=pipefs ino=11687
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=PATH msg=audit(1120371251.502:661490): item=1 inode=2127845
>> dev=08:05 mode=0100755 ouid=0 ogid=0 rdev=00:00
>> type=PATH msg=audit(1120371251.502:661490): item=0
>> name="/sbin/ifconfig" inode=9297060 dev=08:05 mode=0100755 ouid=0
>> ogid=0 rdev=00:00
>> type=AVC_PATH msg=audit(1120371251.502:661490):  path="pipe:[11687]"
>> type=AVC_PATH msg=audit(1120371251.502:661490):  path="pipe:[11687]"
>> type=AVC_PATH msg=audit(1120371251.502:661490):  path="pipe:[11201]"
>> type=AVC_PATH msg=audit(1120371251.502:661490):  path="pipe:[11201]"
>> type=AVC_PATH msg=audit(1120371251.502:661490):  path="pipe:[11202]"
>> type=AVC_PATH msg=audit(1120371251.502:661490):  path="pipe:[11202]"
>> type=AVC_PATH msg=audit(1120371251.502:661490):  path="pipe:[11203]"
>> type=AVC_PATH msg=audit(1120371251.502:661490):  path="pipe:[11203]"
>> type=AVC_PATH msg=audit(1120371251.502:661490):  path="pipe:[11205]"
>> type=AVC_PATH msg=audit(1120371251.502:661490):  path="pipe:[11205]"
>> type=SYSCALL msg=audit(1120371251.502:661490): arch=c000003e
>> syscall=59 success=yes exit=0 a0=627990 a1=627cb0 a2=608440
>> a3=2aaaaaac5000 items=2 pid=3370 auid=4294967295 uid=0 gid=0 euid=0
>> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ifconfig"
>> exe="/sbin/ifconfig"
>> type=AVC msg=audit(1120371251.502:661490): avc:  denied  { write }
>> for  pid=3370 comm="ifconfig" name=[11205] dev=pipefs ino=11205
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371251.502:661490): avc:  denied  { read }
>> for  pid=3370 comm="ifconfig" name=[11205] dev=pipefs ino=11205
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371251.502:661490): avc:  denied  { write }
>> for  pid=3370 comm="ifconfig" name=[11203] dev=pipefs ino=11203
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371251.502:661490): avc:  denied  { read }
>> for  pid=3370 comm="ifconfig" name=[11203] dev=pipefs ino=11203
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371251.502:661490): avc:  denied  { write }
>> for  pid=3370 comm="ifconfig" name=[11202] dev=pipefs ino=11202
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371251.502:661490): avc:  denied  { read }
>> for  pid=3370 comm="ifconfig" name=[11202] dev=pipefs ino=11202
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371251.502:661490): avc:  denied  { write }
>> for  pid=3370 comm="ifconfig" name=[11201] dev=pipefs ino=11201
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371251.502:661490): avc:  denied  { read }
>> for  pid=3370 comm="ifconfig" name=[11201] dev=pipefs ino=11201
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371251.502:661490): avc:  denied  { write }
>> for  pid=3370 comm="ifconfig" name=[11687] dev=pipefs ino=11687
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=AVC msg=audit(1120371251.502:661490): avc:  denied  { write }
>> for  pid=3370 comm="ifconfig" name=[11687] dev=pipefs ino=11687
>> scontext=root:system_r:ifconfig_ttcontext=root:system_r:unconfined_t
>> tclass=fifo_file
>> type=PATH msg=audit(1120371251.510:662032): item=1 inode=2127845
>> dev=08:05 mode=0100755 ouid=0 ogid=0 rdev=00:00
>> type=PATH msg=audit(1120371251.510:662032): item=0 name="/sbin/ip"
>> inode=9297052 dev=08:05 mode=0100755 ouid=0 ogid=0 rdev=00:00
>
>
> I did fixfiles relabel but it have'nt fixed them.
> Whats the problem?
> bug in the policy? (using fc4 and selinux-policy-targeted-1.25.3-12)
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
found out that iplugd from fc extras was causing this.
its labeled as:

> ls -Z /usr/sbin/ifplugd
> -rwxr-xr-x root root system_u:object_r:sbin_t >/usr/sbin/ifplugd
Could you label this NetworkManager_exec_t?  And do a restart?
Do the messages go away?
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
now I get:
type=SYSCALL msg=audit(1125406870.081:3285657): arch=c000003esyscall=59 success=yes exit=0 a0=6c5320 a1=6c5360 a2=6c1e50a3=7fffffd67208 items=2 pid=3240 auid=4294967295 uid=0 gid=0 euid=0suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ifplugd"exe="/usr/sbin/ifplugd"
type=AVC_PATH msg=audit(1125406870.081:3285657):  path="pipe:[15843]"
type=CWD msg=audit(1125406870.081:3285657):  cwd="/"
type=PATH msg=audit(1125406870.081:3285657): item=0name="/usr/sbin/ifplugd" flags=101 inode=14024587 dev=08:05mode=0100755 ouid=0 ogid=0 rdev=00:00type=PATH msg=audit(1125406870.081:3285657): item=1 flags=101inode=2128071 dev=08:05 mode=0100755 ouid=0 ogid=0 rdev=00:00type=USER_END msg=audit(1125406872.563:3293540): user pid=3137 uid=500auid=4294967295 msg='PAM session close: user=rootexe="/usr/sbin/userhelper" (hostname=?, addr=?, terminal=?result=Success)'type=AVC msg=audit(1125406889.406:3343428): avc: denied { execute }for pid=3261 comm="ifplugd" name="ifplugd.action" dev=sda5ino=1705807 scontext=root:system_r:NetworkManager_ttcontext=system_u:object_r:etc_t tclass=filetype=SYSCALL msg=audit(1125406889.406:3343428): arch=c000003esyscall=59 success=no exit=-13 a0=40450c a1=7fffffa549f0 a2=609300a3=2aaaaaad89b0 items=1 pid=3261 auid=4294967295 uid=0 gid=0 euid=0suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="ifplugd"exe="/usr/sbin/ifplugd"
type=CWD msg=audit(1125406889.406:3343428):  cwd="/"
type=PATH msg=audit(1125406889.406:3343428): item=0name="/etc/ifplugd/ifplugd.action" flags=101 inode=1705807 dev=08:05mode=0100755 ouid=0 ogid=0 rdev=00:00

chcon -t bin_t /etc/ifplugd/ifplugd.action

You might want to do this for executables/scripts in this directory.



--

Previous by Date:	Re: policy version problem, Stephen Smalley
Next by Date:	selinux-policy-targeted 1.25.4-10 and dovecot, Paul Howarth
Previous by Thread:	Re: ifconfig/pipefs avc messages., dragoran
Next by Thread:	vsftpd and ~/public_html, Dawid Gajownik
Indexes:	[Date] [Thread] [Top] [All Lists]

<Prev in Thread]	Current Thread	[Next in Thread>

Re: ifconfig/pipefs avc messages.: msg#00129

Free Magazines