[DSE-Dev] Bug#739050: selinux-policy-default: boot audit trail. restorecon. alsactl. dhclient-script

Alberto Fuentes pajaro at gmail.com
Sat Feb 15 12:42:24 UTC 2014 

Package: selinux-policy-default
Version: 2:2.20140206-1
Severity: normal

This is my boot audit trail

[    0.649639] audit: initializing netlink socket (disabled)
[    0.649649] type=2000 audit(1392465433.648:1): initialized
[    2.895708] type=1403 audit(1392465436.705:2): policy loaded auid=4294967295
ses=4294967295
[    3.787984] type=1400 audit(1392465437.597:3): avc:  denied  { getattr } for
pid=346 comm="restorecon" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0
tclass=filesystem
[    3.788007] type=1400 audit(1392465437.597:4): avc:  denied  { getattr } for
pid=346 comm="restorecon" name="/" dev="devtmpfs" ino=2049
scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=filesystem
[    3.788051] type=1400 audit(1392465437.597:5): avc:  denied  { getattr } for
pid=346 comm="restorecon" name="/" dev="devpts" ino=1
scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:devpts_t:s0
tclass=filesystem
[    3.788123] type=1400 audit(1392465437.597:6): avc:  denied  { getattr } for
pid=346 comm="restorecon" name="/" dev="tmpfs" ino=4788
scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:tmpfs_t:s0
tclass=filesystem
[    4.275469] type=1400 audit(1392465438.085:7): avc:  denied  { getattr } for
pid=410 comm="restorecon" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:setfiles_t:s0-s0:c0.c1023
tcontext=system_u:object_r:sysfs_t:s0 tclass=filesystem
[    4.275509] type=1400 audit(1392465438.085:8): avc:  denied  { getattr } for
pid=410 comm="restorecon" name="/" dev="devtmpfs" ino=2049
scontext=system_u:system_r:setfiles_t:s0-s0:c0.c1023
tcontext=system_u:object_r:device_t:s0 tclass=filesystem
[    4.275561] type=1400 audit(1392465438.085:9): avc:  denied  { getattr } for
pid=410 comm="restorecon" name="/" dev="devpts" ino=1
scontext=system_u:system_r:setfiles_t:s0-s0:c0.c1023
tcontext=system_u:object_r:devpts_t:s0 tclass=filesystem
[    4.275646] type=1400 audit(1392465438.085:10): avc:  denied  { getattr }
for  pid=410 comm="restorecon" name="/" dev="tmpfs" ino=4788
scontext=system_u:system_r:setfiles_t:s0-s0:c0.c1023
tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem
[   10.459674] type=1400 audit(1392465444.279:11): avc:  denied  { write } for
pid=1503 comm="alsactl" name="/" dev="tmpfs" ino=4788
scontext=system_u:system_r:alsa_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
[   10.459701] type=1400 audit(1392465444.279:12): avc:  denied  { add_name }
for  pid=1503 comm="alsactl" name="alsa"
scontext=system_u:system_r:alsa_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
[   10.459733] type=1400 audit(1392465444.279:13): avc:  denied  { create } for
pid=1503 comm="alsactl" name="alsa"
scontext=system_u:system_r:alsa_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
[   10.459820] type=1400 audit(1392465444.279:14): avc:  denied  { create } for
pid=1503 comm="alsactl" name="cookie"
scontext=system_u:system_r:alsa_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_run_t:s0 tclass=file
[   10.459854] type=1400 audit(1392465444.279:15): avc:  denied  { read write
open } for  pid=1503 comm="alsactl" path="/run/alsa/.config/pulse/cookie"
dev="tmpfs" ino=836 scontext=system_u:system_r:alsa_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_run_t:s0 tclass=file
[   10.459857] type=1400 audit(1392465444.279:16): avc:  denied  { read write }
for  pid=1474 comm="alsactl" name="cookie" dev="tmpfs" ino=836
scontext=system_u:system_r:alsa_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_run_t:s0 tclass=file
[   10.459881] type=1400 audit(1392465444.279:17): avc:  denied  { lock } for
pid=1503 comm="alsactl" path="/run/alsa/.config/pulse/cookie" dev="tmpfs"
ino=836 scontext=system_u:system_r:alsa_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_run_t:s0 tclass=file
[   10.460194] type=1400 audit(1392465444.279:18): avc:  denied  { setattr }
for  pid=1474 comm="alsactl" name="pulse" dev="tmpfs" ino=835
scontext=system_u:system_r:alsa_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_run_t:s0 tclass=dir
[   10.784613] type=1400 audit(1392465444.603:19): avc:  denied  { getattr }
for  pid=1587 comm="restorecon" name="/" dev="sysfs" ino=1
scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:sysfs_t:s0
tclass=filesystem
[   19.627984] type=1400 audit(1392465453.455:20): avc:  denied  { getattr }
for  pid=2295 comm="restorecon" name="/" dev="devtmpfs" ino=2049
scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=filesystem
[   19.628008] type=1400 audit(1392465453.455:21): avc:  denied  { getattr }
for  pid=2295 comm="restorecon" name="/" dev="devpts" ino=1
scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:devpts_t:s0
tclass=filesystem
[   22.761998] type=1400 audit(1392465456.591:22): avc:  denied  { search } for
pid=2594 comm="dhclient-script" name="samba" dev="dm-0" ino=2491977
scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:samba_etc_t:s0
tclass=dir
[   22.768121] type=1400 audit(1392465456.599:23): avc:  denied  { getattr }
for  pid=2594 comm="dhclient-script" path="/etc/samba/dhcp.conf" dev="dm-0"
ino=2490375 scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:samba_etc_t:s0 tclass=file
[   22.768198] type=1400 audit(1392465456.599:24): avc:  denied  { write } for
pid=2594 comm="dhclient-script" name="samba" dev="dm-0" ino=2491977
scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:samba_etc_t:s0
tclass=dir
[   22.768205] type=1400 audit(1392465456.599:25): avc:  denied  { add_name }
for  pid=2594 comm="dhclient-script" name="dhcp.conf.new"
scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:samba_etc_t:s0
tclass=dir
[   22.768215] type=1400 audit(1392465456.599:26): avc:  denied  { create } for
pid=2594 comm="dhclient-script" name="dhcp.conf.new"
scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:samba_etc_t:s0
tclass=file
[   22.774656] type=1400 audit(1392465456.603:27): avc:  denied  { write open }
for  pid=2594 comm="dhclient-script" path="/etc/samba/dhcp.conf.new" dev="dm-0"
ino=2490423 scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:samba_etc_t:s0 tclass=file
[   22.791964] type=1400 audit(1392465456.623:28): avc:  denied  { remove_name
} for  pid=2596 comm="mv" name="dhcp.conf.new" dev="dm-0" ino=2490423
scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:samba_etc_t:s0
tclass=dir
[   22.791973] type=1400 audit(1392465456.623:29): avc:  denied  { rename } for
pid=2596 comm="mv" name="dhcp.conf.new" dev="dm-0" ino=2490423
scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:samba_etc_t:s0
tclass=file
[   25.086418] audit_printk_skb: 27 callbacks suppressed
[   25.086420] type=1400 audit(1392465458.919:39): avc:  denied  { getattr }
for  pid=2977 comm="restorecon" name="/" dev="devtmpfs" ino=2049
scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=filesystem
[   25.086501] type=1400 audit(1392465458.919:40): avc:  denied  { getattr }
for  pid=2977 comm="restorecon" name="/" dev="tmpfs" ino=4788
scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:tmpfs_t:s0
tclass=filesystem
[   25.094420] type=1400 audit(1392465458.927:41): avc:  denied  { getattr }
for  pid=2987 comm="restorecon" name="/" dev="devpts" ino=1
scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:devpts_t:s0
tclass=filesystem
[   26.026651] type=1305 audit(1392465459.859:42): audit_pid=3208 old=0
auid=4294967295 ses=4294967295
[   26.026651]  subj=system_u:system_r:auditd_t:s0 res=1



-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.3-9
ii  libselinux1      2.2.2-1
ii  libsepol1        2.2-1
ii  policycoreutils  2.2.5-1
ii  python           2.7.5-5
ii  selinux-utils    2.2.2-1

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.2-1
ii  setools      3.3.8-3

Versions of packages selinux-policy-default suggests:
pn  logcheck        <none>
ii  syslog-summary  1.14-2

-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local'

-- debconf-show failed

More information about the SELinux-devel mailing list