LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-22-2017, 10:45 PM   #1
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Rep: Reputation: Disabled
SELinux not sending some log message?


I created this directory for anynomous upload.
Code:
[root@server1 ~]# ls -alZd /var/ftp/uploads/
drwxr-x---. root root unconfined_u:object_r:public_content_t:s0 /var/ftp/uploads/
Now I use lftp to access and put a file in the upload subdirectory.
Then, on another terminal, I attempt to put a file like so:
Code:
[user1@server1 ~]$ lftp server1                                                                                          
lftp server1:~> ls              
drwxr-xr-x    2 0        0               6 Nov 05 19:43 pub
drwxr-x---    2 0        0               6 Feb 23 02:36 uploads
lftp server1:/> put /etc/hosts  
put: [Access failed: 553 Could not create file. (hosts) 
lftp server1:/>

This should cause a SELinux log to be sent to audit.log, correct?
So I decided to look for what is happening in audit.log.

Quote:
[root@server1 ~]# grep -i AVC /var/log/audit/audit.log
type=USER_AVC msg=audit(1484850001.270:507): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

type=USER_AVC msg=audit(1484928001.515:694): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received setenforce notice (enforcing=0) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

...
...


type=USER_AVC msg=audit(1485928330.770:255): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { disable } for auid=1000 uid=0 gid=0 cmdline="systemctl -t service mask all" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'

type=USER_AVC msg=audit(1487819347.532:243): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received policyload notice (seqno=2) exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
[root@server1 ~]#
But there is no such SELinux log message related to denial of access to copy a file into /var/ftp/uploads.
Why?

Thank you.
 
Old 02-23-2017, 10:19 AM   #2
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,047

Rep: Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798Reputation: 1798
It might be that this denial has a "dontaudit" rule, though offhand that doesn't seem likely to me. You can disable all of the "dontaudit" rules by running "semodule -DB". Then see if your expected AVC denial shows up. Run "semodule -B" to turn the "dontaudit" rules back on and stop the flood.
 
1 members found this post helpful.
Old 02-23-2017, 11:00 AM   #3
fanoflq
Member
 
Registered: Nov 2015
Posts: 397

Original Poster
Rep: Reputation: Disabled
Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SELinux - Why am I getting this Error message? dman777 Linux - Security 3 02-13-2011 05:33 PM
neat command not working azx_get_response timeout message in /var/log/message ninadshaha Red Hat 1 02-19-2008 03:32 PM
SELinux Message when trying automount/autofs louisb Linux - Security 1 07-28-2007 05:27 AM
Strange Repeating Error message in /var/log/message lucktsm Linux - Security 2 10-27-2006 09:29 AM
message, message.1 in /var/log/ can be deleted for space? phpsharma Linux - Newbie 4 11-17-2004 01:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 08:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration