avc: denied

avc: denied

[Subba Rao]

Finally I got booted the SELinux image for the first time and saw quite a few messages with "avc: denied"

I am at step 13 in the README file.  In the policy directory I did "make relabel" and got similar type of messages.  These
are the same type of messages I saw at boot up time.

===================
avc:  denied  { search } for  pid=848 exe=/usr/bin/perl path=/var/www/mrtg dev=03:01 ino=272926 scontext=system_u:system_r:crond_t tcontext=system_u:object_r:httpd_sys_content_t tclass=dir

avc:  denied  { remove_name } for  pid=848 exe=/usr/bin/perl path=/var/lock/mrtg/_etc_mrtg.cfg_l_848 dev=03:01 ino=337074 scontext=system_u:system_r:crond_t tcontext=system_u:object_r:var_lock_mrtg_t tclass=dir

avc:  denied  { unlink } for  pid=848 exe=/usr/bin/perl path=/var/lock/mrtg/_etc_mrtg.cfg_l_848 dev=03:01 ino=337074 scontext=system_u:system_r:crond_t tcontext=system_u:object_r:var_lock_mrtg_t tclass=file

avc:  denied  { write } for  pid=848 exe=/usr/bin/perl path=/var/lib/mrtg/_etc_mrtg.cfg dev=03:01 ino=337333 scontext=system_u:system_r:crond_t tcontext=system_u:object_r:var_lib_mrtg_t tclass=file
===================

What part of the policy do I need to look at to avoid these messages?  Or is this a standard security message?

Subba Rao
sailorn@attglobal.net
2002-12-22



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: avc: denied

[Russell Coker]

On Sun, 22 Dec 2002 15:58, Subba Rao wrote:
> ===================
> avc:  denied  { search } for  pid=848 exe=/usr/bin/perl path=/var/www/mrtg
> dev=03:01 ino=272926 scontext=system_u:system_r:crond_t
> tcontext=system_u:object_r:httpd_sys_content_t tclass=dir

Did you install my mrtg policy?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

test

[Ed Street]

testing


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: avc: denied

[Russell Coker]

On Wed, 25 Dec 2002 01:47, Subba Rao wrote:
> I downloaded your policy.tgz and compared the "mrtg.fc" file with the your
> file. They are the same.

OK, it's your system that is weird then.

> In the listed example, you are seeing only mrtg, but there are lot more
> than the MRTG errors (or messages).

I have just noticed that the error message below concerns crond_t which means 
that the cron job is not running in the correct context.  I guess that you 
aren't using the modified crond.

You need modified utilities to rotate log files, run cron jobs, and login.  
Without the SE Linux modified utilities things won't work.

> ======= At 2002-12-22, 16:52:00 you wrote: =======
>
> >On Sun, 22 Dec 2002 15:58, Subba Rao wrote:
> >> ===================
> >> avc:  denied  { search } for  pid=848 exe=/usr/bin/perl
> >> path=/var/www/mrtg dev=03:01 ino=272926
> >> scontext=system_u:system_r:crond_t
> >> tcontext=system_u:object_r:httpd_sys_content_t tclass=dir
> >
> >Did you install my mrtg policy?
>
> = = = = = = = = = = = = = = = = = = = =

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: avc: denied

[Subba Rao]

I downloaded your policy.tgz and compared the "mrtg.fc" file with the your file.
They are the same.

In the listed example, you are seeing only mrtg, but there are lot more than the MRTG errors (or messages).

Please remember that most of this "avc: denied" message comes on at bootup time and during login sessions
as well.  When in VI the messages keep poping up.

Subba Rao
sailorn@attglobal.net
2002-12-24

======= At 2002-12-22, 16:52:00 you wrote: =======

>On Sun, 22 Dec 2002 15:58, Subba Rao wrote:
>> ===================
>> avc:  denied  { search } for  pid=848 exe=/usr/bin/perl path=/var/www/mrtg
>> dev=03:01 ino=272926 scontext=system_u:system_r:crond_t
>> tcontext=system_u:object_r:httpd_sys_content_t tclass=dir
>
>Did you install my mrtg policy?
>

= = = = = = = = = = = = = = = = = = = =
			





--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.