SE Linux notification

Pedroski · 02-02-2010, 03:44 AM

Using Fedora 12,I get this message. Should I be worried?
Summary:

SELinux is preventing /usr/bin/python "write" access.

Detailed Description:

[smoltSendProfil has a permissive type (smoltclient_t). This access was not
denied.]

SELinux denied access requested by smoltSendProfil. It is not expected that this
access is required by smoltSendProfil and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinu...fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context system_u:system_r:smoltclient_t:s0-s0:c0.c1023
Target Context system_u:system_r:smoltclient_t:s0-s0:c0.c1023
Target Objects None [ unix_dgram_socket ]
Source smoltSendProfil
Source Path /usr/bin/python
Port <Unknown>
Host pedro-laptop
Source RPM Packages python-2.6.2-2.fc12
Target RPM Packages
Policy RPM selinux-policy-3.6.32-69.fc12
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Plugin Name catchall
Host Name pedro-laptop
Platform Linux pedro-laptop 2.6.31.12-174.2.3.fc12.x86_64
#1 SMP Mon Jan 18 19:52:07 UTC 2010 x86_64 x86_64
Alert Count 1
First Seen Wed 27 Jan 2010 08:20:09 AM CST
Last Seen Wed 27 Jan 2010 08:20:09 AM CST
Local ID e852086b-c715-426c-b1e4-a5e12bb57a41
Line Numbers

Raw Audit Messages

node=pedro-laptop type=AVC msg=audit(1264551609.933:27): avc: denied { write } for pid=2558 comm="smoltSendProfil" scontext=system_u:system_r:smoltclient_t:s0-s0:c0.c1023 tcontext=system_u:system_r:smoltclient_t:s0-s0:c0.c1023 tclass=unix_dgram_socket

node=pedro-laptop type=SYSCALL msg=audit(1264551609.933:27): arch=c000003e syscall=44 success=yes exit=4294967424 a0=6 a1=26587b0 a2=64 a3=4000 items=0 ppid=2557 pid=2558 auid=494 uid=494 gid=486 euid=494 suid=494 fsuid=494 egid=486 sgid=486 fsgid=486 tty=(none) ses=3 comm="smoltSendProfil" exe="/usr/bin/python" subj=system_u:system_r:smoltclient_t:s0-s0:c0.c1023 key=(null)

business_kid · 02-02-2010, 04:06 AM

in /etc/Selinux,conf you can set up basic stuff - disable, normal, or paranoid. Read up on it.

jiobo · 02-08-2010, 06:17 PM

In Fedora 12, the location of the SE Linux configuration file is:

/etc/selinux/config

Code:

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

You can run the Live CD, and try to modify the settings on the Firewall, and you will get an SE Linux alert just like you did get. The SE Security Alert should allow you to send a bug report as well, if after reading the details for the alert you would like to send a bug report. Here you can see some of the output of those details, where it tells you where you can go to change that module access:

Code:

SELinux denied access requested by system-config-f. It is not expected that this
access is required by system-config-f and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Someone could explain the details: SElinux prevented /usr/bin/python from having write access to a file, but system-config-f has a permissive type (firewallgui_t)so the access was not denied? But /etc/selinux/config has a SELINUX=enforcing policy.