"SELinux Has detected suspicious behaviour on your system " RHEL 6
 

Hi,

I have been using Red Hat enterprise Linux for while to practise for RHCE & RHCSA. Lately i installed Virtualization on my PC (RHEL 6) and i have been getting a lot of SELinux Alert/warning.

Following is the summary of the latest alerts i got:

Since the logs are a little big, am attaching them.

Please let me know if it is a real concern.

Thanks.

Few more Attachments
 

Hi Again,

More Alerts in addition to earlier.

have you installed "SELinuxTroubleShooter"
and what is it's output

95% of the time it's suggestion is the correct solution

thanks for the suggestion
 

Will post the output of troubleshooter as soon as possible.

With respect to the first two logs (GDM-related): don't use the system as root but as unprivileged user.
With respect to the last two logs: what have you been doing to cause this?
Was the system properly labeled?
Have you introduced source-based software or software from non-RHEL repos?

My add/remove program was not working. So I downloaded some rpms related to qemu from rpm site. Am not sure if libvirt was also a part of it.

When I start virtual-manager the libvirtd daemon is not able to start. I have tried to start it still it showing not running.

Will post few more updates in some time.

Thanks in advance for all suggestions.:-)

installing random rpm's from some random site is the FASTEST !! way to kill a redhat install
-- the FASTEST WAY

some are NOT compatible with others
rpmfusion is NOT compatible with the base install
and rpmforge can not be mixed with elrepo

RedHat is really not free
you DO have to buy the required support contract
or do not use redhat !!!

install the free rebuild CentOS 6.4 or ScientificLinux 6.4

without that REQUIRED support contract you really do not install anything


so just HOW did you install these files from some unknown website ?

did you use yum and a "local install" or use "rpm" or from the gnome GUI double click on the rpm file ?

and what was the site and what were the files ?

I downloaded from http://rpm.pbone.net/ but only some dependencies which i didnt found in Centos.... but later when my system crashed due to some reason and i rebooted after some troubleshooting when i restored my system, i found that some packages were not there. so again i used Centos Repo to install packages like qemu-img quemu-kvm esound-libs SDL SDL-devel. I don't have a RHN subscription since i am using it for personal training purpose. Only when CentOS repo doesn't work i install rpms from external source.

About the logs: mostly all logs are related to virsh GDM and Network manager. is it that the original files like devices have been modified by these virtual machine files?

Thanks.

so you are trying to use the cent repos and the web to bypass the FACT that you ARE NOT going to pay for the REQUIRED support contract !!!!


buy the required license from redhat !!!!!!!!!!
https://www.redhat.com/wapps/store/catalog.html
the single desktop price is at the bottom of the page or
https://www.redhat.com/apps/store/desktop/
the 1 year standard support contract is $299 / year

or install CentOS 6.4

and seeing AS you ARE studying for
RHCE & RHCSA

then BUY the operating system that this test is FOR !!!
it is a "no-brainer" it's like buying the needed text books for a class

I think i will just carry on. since i cant afford the subscription better is that i will practise with what i have. just that i want to do redhat certification i downloaded the trial RHEL 6. otherwise i have other distributions. I that time didn't know CentOS was the same other wise i would have downloaded that. All Non_linux users use microsoft windows buy most of them use pirated and those who do windows server certifications don't buy license. It doesnt make sense. Linux is open source and thats why i like it because i can try it.

I was hoping that i could get some help on my issue but you directed me to the Red Hat support team. I mean i could have done that before. But rather i posted it here, expecting for some help.

The only this i did wrong that i related it to RHEL and thats why no one even bothered to solve it. i am not disappointed but from such a big forum i expected at least some help.

Thanks.

install CentOS 6.4
that will solve most of the problems

mixing a unregistered RHEL6 ( WITHOUT access to RHN ) with some cent repos and things from pbone
will cause all kinds of unsolvable problems , or at lease very hard to solve ones


buying the support contract and installing from RHN will solve most things

or
use CentOS

finally problem is solved
 

So I did what was suggested here and send an email to Selinux maillist support and they have replied. I am analyzing it and think the problem will be solved.

Thanks all :-)

Hope this mailing list will be helpful for someone with selinux issues in future.

selinux@lists.fedoraproject.org

Cheers.

Marking thread NOT solved as you haven't shared how this was actually fixed. Please do. The concept is called reciprocity.

Here is reply i got from Redhat SELinux mailing list
 

Your AVCs show the following in Fedora.
audit2allow -i /tmp/SELinux\ Alerts.txt


#============= NetworkManager_t ==============

#!!!! This avc has a dontaudit rule in the current policy
allow NetworkManager_t self:capability sys_module;

#============= dnsmasq_t ==============

#!!!! This avc is allowed in the current policy
allow dnsmasq_t virt_var_run_t:dir write;

#============= xdm_t ==============

#!!!! This avc is allowed in the current policy
allow xdm_t admin_home_t:dir { write read };

#============= xm_t ==============

#!!!! This avc is allowed in the current policy
allow xm_t random_device_t:chr_file read;


You can get a preview release of the RHEL6.5 selinux-policy package at

people.redhat.com/dwalsh/SELinux/RHEL6/noarch