Selinux message F-12 -

2009-12-14 Thread Bob Goodwin 


I keep seeing a star icon in the F-12 box which produces the message 
below. I wonder if it has anything to do with my ssh problems?


What does it mean? What must I do to satisfy it?

Bob

#

Summary:

SELinux is preventing /usr/libexec/polkit-1/polkit-agent-helper-1
sys_tty_config access.

Detailed Description:

[polkit-agent-he has a permissive type (policykit_auth_t). This access 
was not

denied.]

SELinux denied access requested by polkit-agent-he. It is not expected 
that this
access is required by polkit-agent-he and this access may signal an 
intrusion
attempt. It is also possible that the specific version or configuration 
of the

application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context
unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c

  0.c1023
Target Context
unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c

  0.c1023
Target ObjectsNone [ capability ]
Sourcepolkit-agent-he
Source Path   /usr/libexec/polkit-1/polkit-agent-helper-1
Port Unknown
Host  box6
Source RPM Packages   polkit-0.95-0.git20090913.3.fc12
Target RPM Packages
Policy RPMselinux-policy-3.6.32-55.fc12
Selinux Enabled   True
Policy Type   targeted
Enforcing ModeEnforcing
Plugin Name   catchall
Host Name box6
Platform  Linux box6 2.6.31.6-166.fc12.i686.PAE #1 
SMP Wed

  Dec 9 11:00:30 EST 2009 i686 i686
Alert Count   10
First SeenWed 09 Dec 2009 10:03:47 AM EST
Last Seen Sun 13 Dec 2009 07:36:40 PM EST
Local ID  71279b6b-af71-4208-85fe-64503a292646
Line Numbers

Raw Audit Messages

node=box6 type=AVC msg=audit(1260751000.112:20114): avc:  denied  { 
sys_tty_config } for  pid=15535 comm=polkit-agent-he capability=26 
scontext=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 
tcontext=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 
tclass=capability


node=box6 type=SYSCALL msg=audit(1260751000.112:20114): arch=4003 
syscall=54 success=yes exit=0 a0=2 a1=5401 a2=bfa30888 a3=bfa3099c 
items=0 ppid=14661 pid=15535 auid=501 uid=501 gid=501 euid=0 suid=0 
fsuid=0 egid=501 sgid=501 fsgid=501 tty=(none) ses=1 
comm=polkit-agent-he exe=/usr/libexec/polkit-1/polkit-agent-helper-1 
subj=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 key=(null)






.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Selinux message F-12 -

2009-12-14 Thread Daniel J Walsh 
On 12/14/2009 06:01 AM, Bob Goodwin wrote:
 
 I keep seeing a star icon in the F-12 box which produces the message
 below. I wonder if it has anything to do with my ssh problems?
 
 What does it mean? What must I do to satisfy it?
 
 Bob
 
 #
 
 Summary:
 
 SELinux is preventing /usr/libexec/polkit-1/polkit-agent-helper-1
 sys_tty_config access.
 
 Detailed Description:
 
 [polkit-agent-he has a permissive type (policykit_auth_t). This access
 was not
 denied.]
 
 SELinux denied access requested by polkit-agent-he. It is not expected
 that this
 access is required by polkit-agent-he and this access may signal an
 intrusion
 attempt. It is also possible that the specific version or configuration
 of the
 application is causing it to require additional access.
 
 Allowing Access:
 
 You can generate a local policy module to allow this access - see FAQ
 (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a
 bug
 report.
 
 Additional Information:
 
 Source Context   
 unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c
   0.c1023
 Target Context   
 unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c
   0.c1023
 Target ObjectsNone [ capability ]
 Sourcepolkit-agent-he
 Source Path   /usr/libexec/polkit-1/polkit-agent-helper-1
 Port Unknown
 Host  box6
 Source RPM Packages   polkit-0.95-0.git20090913.3.fc12
 Target RPM Packages
 Policy RPMselinux-policy-3.6.32-55.fc12
 Selinux Enabled   True
 Policy Type   targeted
 Enforcing ModeEnforcing
 Plugin Name   catchall
 Host Name box6
 Platform  Linux box6 2.6.31.6-166.fc12.i686.PAE #1
 SMP Wed
   Dec 9 11:00:30 EST 2009 i686 i686
 Alert Count   10
 First SeenWed 09 Dec 2009 10:03:47 AM EST
 Last Seen Sun 13 Dec 2009 07:36:40 PM EST
 Local ID  71279b6b-af71-4208-85fe-64503a292646
 Line Numbers
 
 Raw Audit Messages
 
 node=box6 type=AVC msg=audit(1260751000.112:20114): avc:  denied  {
 sys_tty_config } for  pid=15535 comm=polkit-agent-he capability=26
 scontext=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023
 tcontext=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023
 tclass=capability
 
 node=box6 type=SYSCALL msg=audit(1260751000.112:20114): arch=4003
 syscall=54 success=yes exit=0 a0=2 a1=5401 a2=bfa30888 a3=bfa3099c
 items=0 ppid=14661 pid=15535 auid=501 uid=501 gid=501 euid=0 suid=0
 fsuid=0 egid=501 sgid=501 fsgid=501 tty=(none) ses=1
 comm=polkit-agent-he exe=/usr/libexec/polkit-1/polkit-agent-helper-1
 subj=unconfined_u:unconfined_r:policykit_auth_t:s0-s0:c0.c1023 key=(null)
 
 
 
 
 
 .
 
I am not sure why policykit_auth_t would need to configure the tty and I am 
dontauditing it in the next update release.  Which I will
push as soon as fedora infastructure gets put back up.

Fixed in selinux-policy-3.6.32-59.fc12.noarch

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines