LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-11-2008, 11:54 AM   #1
CyberJet
LQ Newbie
 
Registered: Nov 2008
Posts: 9

Rep: Reputation: 0
SELinux is preventing hp (hplip_t) "search" to ./dbus (system_dbusd_var_run_t).


Hi All,

I'm running Fedora Core 9. Everything is working fine with the exception of my printer installation.


SELinux is preventing hp (hplip_t) "search" to ./dbus (system_dbusd_var_run_t).

I tried to disable SELinux prior to the install. The install worked fine. I reenabled SELinux and the printer does not work.
.
I tried to restore the default system file context for ./dbus, restorecon -v './dbus', this is also a no go.

I typed these two commands still nothing.

audit2allow -M local < /tmp/avcs
audit2allow -m local -l -i /var/log/messages > local.te


Does anyone know or have a step-by-step solutions to this problem, I'm new to Linux.How can I tell if I running the audit daemon?

Thanks in advance,

R@m0ne
 
Old 11-12-2008, 02:09 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,470
Blog Entries: 54

Rep: Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900
Quote:
Originally Posted by CyberJet View Post
I typed these two commands still nothing.
I don't know if the method changed (Fedora docs or Wiki should tell you: do look) but heres two examples for building a local policy: http://www.linuxquestions.org/questi...51#post3311051 or http://www.linuxquestions.org/questi...48#post3137548.


Quote:
Originally Posted by CyberJet View Post
I'm new to Linux.How can I tell if I running the audit daemon?
Is it installed?: 'rpm -qf /sbin/auditd',
What's the service status?: '/etc/rc.d/init.d/auditd status',
Grep process name?: 'pgrep -lf "^auditd"' (the "^" to avoid confusion with kauditd or those running say ccs-auditd),
What's using the default logfile?: 'fuser -v /var/log/audit/audit.log'.
 
Old 11-12-2008, 02:10 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,470
Blog Entries: 54

Rep: Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900
And welcome to LQ BTW.
 
Old 11-13-2008, 08:22 AM   #4
CyberJet
LQ Newbie
 
Registered: Nov 2008
Posts: 9

Original Poster
Rep: Reputation: 0
Good Morning,

Thanks, unSpawn!

Here are the results form the suggested commands.

[cyberjet@Hermes ~]$ su -
Password:
[root@Hermes ~]# /etc/rc.d/init.d/auditd status
auditd (pid 1476) is running...

[root@Hermes ~]# pgrep -lf "^auditd
>

[root@Hermes ~]# fuser -v /var/log/audit/audit.log
USER PID ACCESS COMMAND
/var/log/audit/audit.log:
root 1476 F.... auditd
[root@Hermes ~]#

So now I know auditd is running. Regarding the examples on creating the policy, I don't have the fundamental knowledge to create a policy. I don't know what statements need to replaced to give the desired results. The SELinux troubleshooter gives me all this info but I don't know how to interpret it.

Summary
ELinux is preventing hp (hplip_t) "search" to ./dbus (system_dbusd_var_run_t).


Detail Description
SELinux denied access requested by hp. It is not expected that this access is required by hp and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.


Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./dbus, restorecon -v './dbus' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.


Additional Information
Source Context:**system_u:system_r:hplip_t:s0-s0:c0.c1023Target Context:**system_ubject_r:system_dbusd_var_run_t:s0Target Objects:**./dbus [ dir ]Source:**hpSource Path:**/usr/lib/cups/backend/hpPort:**<Unknown>Host:**HermesSource RPM Packages:**hplip-2.8.2-2.fc9Target RPM Packages:**Policy RPM:**selinux-policy-3.3.1-103.fc9Selinux Enabled:**TruePolicy Type:**targetedMLS Enabled:**TrueEnforcing Mode:**EnforcingPlugin Name:**catchall_fileHost Name:**HermesPlatform:**Linux Hermes 2.6.26.6-79.fc9.i686 #1 SMP Fri Oct 17 14:52:14 EDT 2008 i686 i686Alert Count:**6First Seen:**Fri 07 Nov 2008 01:53:57 PM ESTLast Seen:**Tue 11 Nov 2008 12:20:39 PM ESTLocal ID:**b5f8be53-c8d5-4abd-9bbb-c0bf566448c6Line Numbers:**Raw Audit Messages :host=Hermes type=AVC msg=audit(1226424039.391:109): avc: denied { search } for pid=13488 comm="hp" name="dbus" dev=dm-0 ino=2293851 scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023 tcontext=system_ubject_r:system_dbusd_var_run_t:s0 tclass=dir host=Hermes type=SYSCALL msg=audit(1226424039.391:109): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfad9220 a2=db9ff4 a3=1f items=0 ppid=1937 pid=13488 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="hp" exe="/usr/lib/cups/backend/hp" subj=system_u:system_r:hplip_t:s0-s0:c0.c1023 key=(null)

I am hopeful that you can interpret this info for me.

Kind Regards,

R@m0ne
 
Old 11-13-2008, 12:41 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,470
Blog Entries: 54

Rep: Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900Reputation: 2900
Quote:
Originally Posted by CyberJet View Post
I don't have the fundamental knowledge to create a policy. I don't know what statements need to replaced to give the desired results.
Sure you do. The first example should work:
Code:
umask 027; mkdir /root/.selinux/ && cd /root/.selinux/ || exit 127
( cat /var/log/audit/audit.log; cat /var/log/messages ) | audit2allow -M localpolicy
checkmodule -M -m -o localpolicy.mod localpolicy.te
semodule_package -o localpolicy.pp -m localpolicy.mod
semodule -i modules/localpolicy.pp

Quote:
Originally Posted by CyberJet View Post
denied { search } for comm="hp" scontext=hplip_t tcontext=system_dbusd_var_run_t tclass=dir
The code should look something like:
Code:
module local 1.1;

require {
        type hplip_t;
        type system_dbusd_var_run_t;
        class dir search;
}

allow hplip_t system_dbusd_var_run_t:dir search;
meaning allow the "hp" process in the "hplip_t" domain to search the dir in the "system_dbusd_var_run_t" domain. But you'd better run the 5 lines of code in the top of this post because there might be other AVC messages. Creating and loading a policy is reversible, so shouldn't permanently fsck up your machine.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 11:26 AM
"../system.h :selinux/selinux.h:no such file or directory" ashmita04 Linux From Scratch 4 02-05-2009 03:36 AM
"selinux is preventing sshd getattr to /usr/NX/home.nx" ericcarlson Fedora 3 08-25-2008 12:04 PM
Getting error "could not initialize dbus plugin" when starting beryl lillyanka Linux - Desktop 1 04-09-2007 07:08 AM
Apply "Advanced Search" options to "My LQ" searches PTrenholme LQ Suggestions & Feedback 22 03-10-2007 08:30 AM


All times are GMT -5. The time now is 06:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration