Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListLVM/PostgreSQL/Sendmail AVC Messages
From: Alex Ackerman <alex_at_darkhonor.com>
Date: Tue, 5 Oct 2004 18:04:56 -0400
LVM AVC Errors: Oct 5 17:37:03 baal kernel: audit(1097012179.383:0): avc: denied { getattr } for pid=892 exe=/sbin/lvm.static path=/dev/shm dev=hda3 ino=391699 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t tclass=dir Sendmail AVC Errors: Oct 5 17:37:15 baal kernel: audit(1097012235.639:0): avc: denied { read write } for pid=1735 exe=/usr/sbin/sendmail.sendmail name=utmp dev=hda3 ino=783370 scontext=system_u:system_r:sendmail_t tcontext=system_u:object_r:initrc_var_run_t tclass=file Oct 5 17:37:15 baal kernel: audit(1097012235.649:0): avc: denied { read } for pid=1735 exe=/usr/sbin/sendmail.sendmail name=utmp dev=hda3 ino=783370 scontext=system_u:system_r:sendmail_t tcontext=system_u:object_r:initrc_var_run_t tclass=file Oct 5 17:37:15 baal kernel: audit(1097012235.659:0): avc: denied { read write } for pid=1735 exe=/usr/sbin/sendmail.sendmail name=utmp dev=hda3 ino=783370 scontext=system_u:system_r:sendmail_t tcontext=system_u:object_r:initrc_var_run_t tclass=file Oct 5 17:37:15 baal kernel: audit(1097012235.670:0): avc: denied { read } for pid=1735 exe=/usr/sbin/sendmail.sendmail name=utmp dev=hda3 ino=783370 scontext=system_u:system_r:sendmail_t tcontext=system_u:object_r:initrc_var_run_t tclass=file PostgreSQL AVC Errors:
Oct 5 17:37:18 baal kernel: audit(1097012238.340:0): avc: denied {
sys_admin } for pid=1774 exe=/sbin/consoletype capability=21
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:18 baal kernel: audit(1097012238.662:0): avc: denied {
search } for pid=1782 exe=/bin/su name=selinux dev=hda3 ino=2434464
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:18 baal kernel: audit(1097012238.825:0): avc: denied {
search } for pid=1782 exe=/bin/su dev=selinuxfs ino=1005
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:18 baal kernel: audit(1097012238.840:0): avc: denied {
search } for pid=1782 exe=/bin/su dev=selinuxfs ino=1005
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:19 baal kernel: audit(1097012239.058:0): avc: denied {
read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:19 baal kernel: audit(1097012239.074:0): avc: denied {
read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:19 baal kernel: audit(1097012239.091:0): avc: denied {
read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:19 baal kernel: audit(1097012239.109:0): avc: denied {
read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:19 baal kernel: audit(1097012239.128:0): avc: denied {
read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:19 baal kernel: audit(1097012239.147:0): avc: denied {
read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:19 baal kernel: audit(1097012239.168:0): avc: denied {
read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:19 baal kernel: audit(1097012239.189:0): avc: denied {
read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295
scontext=system_u:system_r:postgresql_t
Oct 5 17:37:19 baal kernel: audit(1097012239.235:0): avc: denied {
execute } for pid=1783 exe=/bin/su name=unix_chkpwd dev=hda3 ino=32696
scontext=system_u:system_r:postgresql_t
System details are: Fedora Core 2 2.6.8-1.521 kernel enforcing=true checkpolicy-1.17.5-1 libselinux-1.17.13-3 selinux-policy-strict-1.17.26-3 postgresql-7.4.2-1 sendmail-8.12.11-4.6
I upgraded mkinitrd because of a message I noticed in Bugzilla
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133236) to
4.1.14-1, but haven't upgraded the initrd image for the running kernel.
/dev/shm is mounted (per a response
I'm willing to try coming up with a policy patch for the postgres.te and postgres.tc files, but I'd like to know if anyone else is seeing these errors first. Thoughts? Thank you ahead of time. Alex Ackerman http://www.darkhonor.com <http://www.darkhonor.com/> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Tue 5 Oct 2004 - 18:01:55 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |