SELinux advisory

[Paolo Galtieri]

I keep getting the following SELinux alert. 


 SELinux is preventing hostname (hostname_t) read security_t

The alert data is shown below.  I'm not sure what I might have changed 
to cause this.


Paolo

Summary:

SELinux is preventing hostname (hostname_t) read security_t.

Detailed Description:

SELinux denied access requested by hostname. It is not expected that 
this access
is required by hostname and this access may signal an intrusion attempt. 
It is
also possible that the specific version or configuration of the 
application is

causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can 
disable
SELinux protection altogether. Disabling SELinux protection is not 
recommended.

Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Contextsystem_u:system_r:hostname_t:s0
Target Contextsystem_u:object_r:security_t:s0
Target Objectsmls [ file ]
Sourcehostname
Source Path   /bin/hostname
Port  Unknown
Host  peglaptop10
Source RPM Packages   net-tools-1.60-92.fc11
Target RPM Packages  
Policy RPMselinux-policy-3.6.12-50.fc11

Selinux Enabled   True
Policy Type   targeted
MLS Enabled   True
Enforcing ModeEnforcing
Plugin Name   catchall
Host Name peglaptop10
Platform  Linux peglaptop10 2.6.29.5-191.fc11.x86_64 
#1 SMP

 Tue Jun 16 23:23:21 EDT 2009 x86_64 x86_64
Alert Count   108
First SeenFri 19 Jun 2009 06:33:48 PM MST
Last Seen Fri 26 Jun 2009 07:31:49 AM MST
Local ID  2bc187c8-f1ab-4a44-8c0b-cc092191743b
Line Numbers 

Raw Audit Messages   

node=peglaptop10 type=AVC msg=audit(1246026709.145:1331): avc:  denied  
{ read } for  pid=14213 comm=hostname name=mls dev=selinuxfs ino=12 
scontext=system_u:system_r:hostname_t:s0 
tcontext=system_u:object_r:security_t:s0 tclass=file


node=peglaptop10 type=SYSCALL msg=audit(1246026709.145:1331): 
arch=c03e syscall=2 success=no exit=-13 a0=7fff3f294550 a1=0 
a2=7fff3f29455c a3=fff8 items=0 ppid=14200 pid=14213 auid=4294967295 
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) 
ses=4294967295 comm=hostname exe=/bin/hostname 
subj=system_u:system_r:hostname_t:s0 key=(null)


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: SELinux advisory

[Daniel J Walsh]

On 06/26/2009 11:20 AM, Paolo Galtieri wrote:

I keep getting the following SELinux alert.
SELinux is preventing hostname (hostname_t) read security_t

The alert data is shown below. I'm not sure what I might have changed to
cause this.

Paolo

Summary:

SELinux is preventing hostname (hostname_t) read security_t.

Detailed Description:

SELinux denied access requested by hostname. It is not expected that
this access
is required by hostname and this access may signal an intrusion attempt.
It is
also possible that the specific version or configuration of the
application is
causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context system_u:system_r:hostname_t:s0
Target Context system_u:object_r:security_t:s0
Target Objects mls [ file ]
Source hostname
Source Path /bin/hostname
Port Unknown
Host peglaptop10
Source RPM Packages net-tools-1.60-92.fc11
Target RPM Packages Policy RPM selinux-policy-3.6.12-50.fc11
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name catchall
Host Name peglaptop10
Platform Linux peglaptop10 2.6.29.5-191.fc11.x86_64 #1 SMP
Tue Jun 16 23:23:21 EDT 2009 x86_64 x86_64
Alert Count 108
First Seen Fri 19 Jun 2009 06:33:48 PM MST
Last Seen Fri 26 Jun 2009 07:31:49 AM MST
Local ID 2bc187c8-f1ab-4a44-8c0b-cc092191743b
Line Numbers
Raw Audit Messages
node=peglaptop10 type=AVC msg=audit(1246026709.145:1331): avc: denied {
read } for pid=14213 comm=hostname name=mls dev=selinuxfs ino=12
scontext=system_u:system_r:hostname_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=file

node=peglaptop10 type=SYSCALL msg=audit(1246026709.145:1331):
arch=c03e syscall=2 success=no exit=-13 a0=7fff3f294550 a1=0
a2=7fff3f29455c a3=fff8 items=0 ppid=14200 pid=14213 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm=hostname exe=/bin/hostname
subj=system_u:system_r:hostname_t:s0 key=(null)



You can ignore this for now and update to 
selinux-policy-3.6.12-57.fc11.noarch, when it becomes available.


Or you can grab it now at

https://admin.fedoraproject.org/updates/selinux-policy-3.6.12-57.fc11


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines