[DSE-Dev] Bug#503565: marked as done (selinux-policy-default: avc denial messages with bind and resolvconf)

Debian Bug Tracking System Thu, 08 Aug 2013 09:31:30 -0700

Your message dated Thu, 8 Aug 2013 18:18:14 +0200
with message-id <[email protected]>
and subject line Old and unreproducible
has caused the Debian Bug report #503565,
regarding selinux-policy-default: avc denial messages with bind and resolvconf
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
503565: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503565
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: selinux-policy-default
Version: 2:0.0.20080702-13
Severity: normal

Hi,

I get the following messages when starting a network interface with ifup:

[397311.840230] type=1400 audit(1225019985.641:675): avc:  denied  { search } 
for  pid=14593 comm="dhclient-script" name="samba" dev=sda1 ino=436979 
scontext=unconfined_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:samba_etc_t:s0 tclass=dir
[397311.840230] type=1400 audit(1225019985.641:676): avc:  denied  { getattr } 
for  pid=14593 comm="dhclient-script" path="/etc/samba/dhcp.conf" dev=sda1 
ino=435503 scontext=unconfined_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:samba_etc_t:s0 tclass=file
[397311.843904] type=1400 audit(1225019985.641:677): avc:  denied  { use } for  
pid=14595 comm="hostname" path="/dev/pts/8" dev=devpts ino=10 
scontext=unconfined_u:system_r:hostname_t:s0 
tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=fd
[397311.891927] type=1400 audit(1225019985.692:678): avc:  denied  { execute } 
for  pid=14599 comm="run-parts" name="bind" dev=sda1 ino=436702 
scontext=unconfined_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:etc_t:s0 
tclass=file
[397311.895904] type=1400 audit(1225019985.692:679): avc:  denied  { 
execute_no_trans } for  pid=14602 comm="run-parts" 
path="/etc/resolvconf/update.d/bind" dev=sda1 ino=436702 
scontext=unconfined_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:etc_t:s0 
tclass=file
[397311.898564] type=1400 audit(1225019985.696:680): avc:  denied  { getattr } 
for  pid=14602 comm="bind" path="/usr/sbin/named" dev=sda1 ino=541401 
scontext=unconfined_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:named_exec_t:s0 tclass=file
[397311.898783] type=1400 audit(1225019985.696:681): avc:  denied  { execute } 
for  pid=14602 comm="bind" name="named" dev=sda1 ino=541401 
scontext=unconfined_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:named_exec_t:s0 tclass=file
[397311.899137] type=1400 audit(1225019985.696:682): avc:  denied  { search } 
for  pid=14602 comm="bind" name="bind" dev=sda1 ino=435744 
scontext=unconfined_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:named_zone_t:s0 tclass=dir
[397311.899172] type=1400 audit(1225019985.696:683): avc:  denied  { getattr } 
for  pid=14602 comm="bind" path="/etc/bind/named.conf.options" dev=sda1 
ino=437827 scontext=unconfined_u:system_r:dhcpc_t:s0 
tcontext=system_u:object_r:named_zone_t:s0 tclass=file

The first two seem to be already reported in #502309.  I have no idea
about the third.  The following messages come from the chain
/etc/network/if-up.d/000resolvconf -> /sbin/resolvconf ->
/etc/resolvconf/update.d/bind.

Cheers,
Julien

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules                1.0.1-4    Pluggable Authentication Modules f
ii  libselinux1                   2.0.65-5   SELinux shared libraries
ii  libsepol1                     2.0.30-2   Security Enhanced Linux policy lib
ii  policycoreutils               2.0.49-6   SELinux core policy utilities
ii  python                        2.5.2-2    An interactive high-level object-o

Versions of packages selinux-policy-default recommends:
ii  checkpolicy                   2.0.16-2   SELinux policy compiler
ii  setools                       3.3.5.ds-5 tools for Security Enhanced Linux 

Versions of packages selinux-policy-default suggests:
pn  logcheck                      <none>     (no description available)
pn  syslog-summary                <none>     (no description available)

-- no debconf information

--- End Message ---

--- Begin Message ---

Hi,

this bug report was old and unreproducible back in 2009. Using a
freshly installed wheezy, I have no problems anymore getting an IP via
dhcp, no AVC denials due to bind or dhclient; therefore, closing this
bug.

Cheers,

Mika

--

signature.asc
Description: PGP signature

--- End Message ---

_______________________________________________
SELinux-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel

[DSE-Dev] Bug#503565: marked as done (selinux-policy-default: avc denial messages with bind and resolvconf)

Reply via email to