fedora-selinux June 2009 archive
Main Archive Page > Month Archives  > fedora-selinux archives
fedora-selinux: selinux denying dev-kit, and others

selinux denying dev-kit, and others

From: Antonio Olivares <olivares14031_at_nospam>
Date: Tue Jun 16 2009 - 13:40:53 GMT
To: fedora-selinux-list@redhat.com

Summary:

SELinux is preventing gnome-clock-app (gnomeclock_t) "read" inotifyfs_t.

Detailed Description:

SELinux denied access requested by gnome-clock-app. It is not expected that this access is required by gnome-clock-app and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Additional Information: Source Context system_u:system_r:gnomeclock_t:SystemLow- SystemHigh Target Context system_u:object_r:inotifyfs_t:SystemLow Target Objects inotify [ dir ] Source gnome-clock-app Source Path /usr/libexec/gnome-clock-applet-mechanism Port <Unknown> Host localhost.localdomain Source RPM Packages gnome-panel-2.26.2-3.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.15-1.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.30-6.fc12.i586 #1 SMP Fri Jun 12 11:36:06 EDT 2009 i686 i686 Alert Count 1 First Seen Tue 16 Jun 2009 08:36:10 AM CDT Last Seen Tue 16 Jun 2009 08:36:10 AM CDT Local ID b01fae6b-cc0e-42cb-bea3-2c84383966e0 Line Numbers Raw Audit Messages

node=localhost.localdomain type=AVC msg=audit(1245159370.605:31): avc: denied { read } for pid=2250 comm="gnome-clock-app" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

node=localhost.localdomain type=SYSCALL msg=audit(1245159370.605:31): arch=40000003 syscall=11 success=yes exit=0 a0=9a9fe28 a1=9a9fce8 a2=9a9f008 a3=9aa22a8 items=0 ppid=2249 pid=2250 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="gnome-clock-app" exe="/usr/libexec/gnome-clock-applet-mechanism" subj=system_u:system_r:gnomeclock_t:s0-s0:c0.c1023 key=(null)

Summary:

SELinux is preventing devkit-disks-da (devicekit_disk_t) "getattr" inotifyfs_t.

Detailed Description:

SELinux denied access requested by devkit-disks-da. It is not expected that this access is required by devkit-disks-da and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Additional Information: Source Context system_u:system_r:devicekit_disk_t:SystemLow- SystemHigh Target Context system_u:object_r:inotifyfs_t:SystemLow Target Objects inotify [ dir ] Source devkit-disks-da Source Path /usr/libexec/devkit-disks-daemon Port <Unknown> Host localhost.localdomain Source RPM Packages DeviceKit-disks-004-3.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.15-1.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.30-6.fc12.i586 #1 SMP Fri Jun 12 11:36:06 EDT 2009 i686 i686 Alert Count 1 First Seen Tue 16 Jun 2009 08:35:52 AM CDT Last Seen Tue 16 Jun 2009 08:35:52 AM CDT Local ID 8b03ae67-6d8b-49ea-821b-c78a2b4e715e Line Numbers Raw Audit Messages

node=localhost.localdomain type=AVC msg=audit(1245159352.360:30): avc: denied { getattr } for pid=2214 comm="devkit-disks-da" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

node=localhost.localdomain type=SYSCALL msg=audit(1245159352.360:30): arch=40000003 syscall=197 success=yes exit=0 a0=7 a1=bfd94d00 a2=5ddff4 a3=95f8510 items=0 ppid=1 pid=2214 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="devkit-disks-da" exe="/usr/libexec/devkit-disks-daemon" subj=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 key=(null)

Summary:

SELinux is preventing devkit-disks-da (devicekit_disk_t) "read" inotifyfs_t.

Detailed Description:

SELinux denied access requested by devkit-disks-da. It is not expected that this access is required by devkit-disks-da and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Additional Information: Source Context system_u:system_r:devicekit_disk_t:SystemLow- SystemHigh Target Context system_u:object_r:inotifyfs_t:SystemLow Target Objects inotify [ dir ] Source devkit-disks-da Source Path /usr/libexec/devkit-disks-daemon Port <Unknown> Host localhost.localdomain Source RPM Packages DeviceKit-disks-004-3.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.15-1.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.30-6.fc12.i586 #1 SMP Fri Jun 12 11:36:06 EDT 2009 i686 i686 Alert Count 8 First Seen Tue 16 Jun 2009 07:21:24 AM CDT Last Seen Tue 16 Jun 2009 08:35:51 AM CDT Local ID 0ecb0348-2ba7-401d-a917-9c0f74a7f61d Line Numbers Raw Audit Messages

node=localhost.localdomain type=AVC msg=audit(1245159351.885:29): avc: denied { read } for pid=2214 comm="devkit-disks-da" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

node=localhost.localdomain type=SYSCALL msg=audit(1245159351.885:29): arch=40000003 syscall=11 success=yes exit=0 a0=87bbe50 a1=87be290 a2=87bb008 a3=87bbd90 items=0 ppid=2213 pid=2214 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="devkit-disks-da" exe="/usr/libexec/devkit-disks-daemon" subj=system_u:system_r:devicekit_disk_t:s0-s0:c0.c1023 key=(null)

Summary:

SELinux is preventing devkit-power-da (devicekit_power_t) "getattr" inotifyfs_t.

Detailed Description:

SELinux denied access requested by devkit-power-da. It is not expected that this access is required by devkit-power-da and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Additional Information: Source Context system_u:system_r:devicekit_power_t:SystemLow- SystemHigh Target Context system_u:object_r:inotifyfs_t:SystemLow Target Objects inotify [ dir ] Source devkit-power-da Source Path /usr/libexec/devkit-power-daemon Port <Unknown> Host localhost.localdomain Source RPM Packages DeviceKit-power-008-1.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.15-1.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.30-6.fc12.i586 #1 SMP Fri Jun 12 11:36:06 EDT 2009 i686 i686 Alert Count 1 First Seen Tue 16 Jun 2009 08:35:45 AM CDT Last Seen Tue 16 Jun 2009 08:35:45 AM CDT Local ID 48abf8a4-c9fb-4129-abd3-35ed578349eb Line Numbers Raw Audit Messages

node=localhost.localdomain type=AVC msg=audit(1245159345.55:27): avc: denied { getattr } for pid=2174 comm="devkit-power-da" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

node=localhost.localdomain type=SYSCALL msg=audit(1245159345.55:27): arch=40000003 syscall=197 success=yes exit=0 a0=5 a1=bfeb5e40 a2=5ddff4 a3=90cc030 items=0 ppid=1 pid=2174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="devkit-power-da" exe="/usr/libexec/devkit-power-daemon" subj=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 key=(null)

Summary:

SELinux is preventing devkit-daemon (devicekit_t) "read" inotifyfs_t.

Detailed Description:

SELinux denied access requested by devkit-daemon. It is not expected that this access is required by devkit-daemon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Additional Information: Source Context system_u:system_r:devicekit_t:SystemLow-SystemHigh Target Context system_u:object_r:inotifyfs_t:SystemLow Target Objects inotify [ dir ] Source devkit-daemon Source Path /usr/libexec/devkit-daemon Port <Unknown> Host localhost.localdomain Source RPM Packages DeviceKit-003-1 Target RPM Packages Policy RPM selinux-policy-3.6.15-1.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.30-6.fc12.i586 #1 SMP Fri Jun 12 11:36:06 EDT 2009 i686 i686 Alert Count 1 First Seen Tue 16 Jun 2009 08:35:45 AM CDT Last Seen Tue 16 Jun 2009 08:35:45 AM CDT Local ID a1417ce4-b120-4778-9802-f21888673601 Line Numbers Raw Audit Messages

node=localhost.localdomain type=AVC msg=audit(1245159345.63:28): avc: denied { read } for pid=2178 comm="devkit-daemon" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:devicekit_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

node=localhost.localdomain type=SYSCALL msg=audit(1245159345.63:28): arch=40000003 syscall=11 success=yes exit=0 a0=8fe4e10 a1=8fe4d98 a2=8fe4008 a3=8fe7358 items=0 ppid=2177 pid=2178 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="devkit-daemon" exe="/usr/libexec/devkit-daemon" subj=system_u:system_r:devicekit_t:s0-s0:c0.c1023 key=(null)

Summary:

SELinux is preventing devkit-power-da (devicekit_power_t) "read" inotifyfs_t.

Detailed Description:

SELinux denied access requested by devkit-power-da. It is not expected that this access is required by devkit-power-da and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.

Additional Information: Source Context system_u:system_r:devicekit_power_t:SystemLow- SystemHigh Target Context system_u:object_r:inotifyfs_t:SystemLow Target Objects inotify [ dir ] Source devkit-power-da Source Path /usr/libexec/devkit-power-daemon Port <Unknown> Host localhost.localdomain Source RPM Packages DeviceKit-power-008-1.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.15-1.fc12 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.30-6.fc12.i586 #1 SMP Fri Jun 12 11:36:06 EDT 2009 i686 i686 Alert Count 9 First Seen Tue 16 Jun 2009 07:21:24 AM CDT Last Seen Tue 16 Jun 2009 08:35:44 AM CDT Local ID a3306212-15db-4b4b-a00a-d2c310e28d4f Line Numbers Raw Audit Messages

node=localhost.localdomain type=AVC msg=audit(1245159344.629:26): avc: denied { read } for pid=2174 comm="devkit-power-da" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

node=localhost.localdomain type=SYSCALL msg=audit(1245159344.629:26): arch=40000003 syscall=11 success=yes exit=0 a0=9147e50 a1=914a290 a2=9147008 a3=9147d90 items=0 ppid=2173 pid=2174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="devkit-power-da" exe="/usr/libexec/devkit-power-daemon" subj=system_u:system_r:devicekit_power_t:s0-s0:c0.c1023 key=(null)        -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list