search for: fsuid

On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look

...225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe="/usr/sbin/asterisk" subj=system_u:system_r:asterisk_t:s0 key=(null) > type=AVC msg=audit(1489588777.432:1172): avc: denied { getattr } for pid=3844 comm="asterisk" path="/var/lib/asterisk...

...ext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1329395502.681:61927): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unc...

...etail?id=784062 details: this should effect chrom-os too, https://chromium.googlesource.com/chromiumos/third_party/drm/+/292da616fe1f936ca78a3fa8e1b1b19883e343b6/nouveau/nouveau.h this is the kernel stack: comm="webbrowser-app" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 Nov 10 11:22:13 nitro kernel: [ 53.352636] audit: type=1400 audit(1510305733.908:25): apparmor="DENIED" operation="connect" profile="webbrowser-app" pid=1903 comm="webbrowser-app" family="unix" sock_type="stream" protocol=0 r...

...r:httpd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0 tclass=file type=SYSCALL msg=audit(1506168999.456:2350): arch=c000003e syscall=4 success=yes exit=0 a0=55eea817ec80 a1=7ffe668ef300 a2=7ffe668ef300 a3=7ffe668ef270 items=0 ppid=1 pid=28956 auid=4294967295 uid=996 gid=994 euid=996 suid=996 fsuid=996 egid=994 sgid=994 fsgid=994 tty=(none) ses=4294967295 comm="lighttpd" exe="/usr/sbin/lighttpd" subj=system_u:system_r:httpd_t:s0 key=(null) type=AVC msg=audit(1506168999.456:2351): avc: denied { open } for pid=28956 comm="lighttpd" path="/srv/data/files_art...

...em_u:system_r:svirt_t:s0:c219,c564 tcontext=system_u:object_r:svirt_image_t:s0:c122,c658 tclass=file type=SYSCALL msg=audit(1332310963.333:10313): arch=c000003e syscall=18 success=no exit=-13 a0=9 a1=7fd3bc59d000 a2=1000 a3=10891b000 items=0 ppid=1 pid=16241 auid=0 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=3 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c219,c564 key=(null) type=AVC msg=audit(1332310963.337:10314): avc: denied { read } for pid=16241 comm="qemu-kvm" path="/var/lib/libvir...

...dmail -t -oi -oem -fwawi-genimp type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root suid=root fsuid=root egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) ses=unset comm=sendmail exe=/usr/sbin/exim subj=system_u:system_r:httpd_sys_script_t:s0 key=(null) type=AVC msg=audit(09/22/2017 12:08:29.911:1023) : avc: denied { setgid } for pid=19418 comm=sendmail capability=setgid scontext=system_u...

...urnalctl shows this. May 14 14:22:32 audit[2117]: AVC apparmor="DENIED" operation="file_lock" profile="/usr/sbin/named" name="/var/lib/samba/private/dns.keytab" pid=2117 comm="isc-worker0000" requested_mask="k" denied_mask="k" fsuid=111 ouid=0 May 14 14:22:32 kernel: audit: type=1400 audit(1557865352.085:35): apparmor="DENIED" operation="file_lock" profile="/usr/sbin/named" name="/var/lib/samba/private/dns.keytab" pid=2117 comm="isc-worker0000" requested_mask="k" d...

...nfined_u:object_r:user_home_t:s0 tclass=file permissive=1 > > > type=SYSCALL msg=audit(1679486264.987:145): arch=x86_64 > syscall=mprotect success=yes exit=0 a0=7f761e694000 a1=3000 a2=1 > a3=55744feb9c80 items=0 ppid=2749 pid=2752 auid=1000 uid=1000 gid=1000 > euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts0 > ses=2 comm=bash exe=/bin/bash > subj=system_u:system_r:container_t:s0:c62,c364 key=(null)ARCH=x86_64 > SYSCALL=mprotect AUID=lacos UID=lacos GID=lacos EUID=lacos SUID=lacos > FSUID=lacos EGID=lacos SGID=lacos FSGID=lacos > > Hash: bas...

On 3/22/23 12:42, Daniel P. Berrang? wrote: > On Wed, Mar 22, 2023 at 12:13:49PM +0100, Laszlo Ersek wrote: >> On 3/22/23 11:42, Laszlo Ersek wrote: >> >>> Now the "podman build -f ci/containers/alpine-edge.Dockerfile -t >>> libnbd-alpine-edge" command is failing with a different error message -- >>> the download completes, but the internal

...10.0.77.80, lip=10.0.78.223, mpid=29696, TLS, session=<0C+M3A/9OwCsEQFQ> audispd: node=myhost.somewhere type=SYSCALL msg=audit(1404144473.421:46298): arch=c000003e syscall=2 success=no exit=-13 a0=7fff97f77ce0 a1=c2 a2=1a4 a3=0 items=1 ppid=29697 pid=29699 auid=7033 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=108 comm="sqlite3" exe="/usr/bin/sqlite3" subj=system_u:system_r:dovecot_t:s0 key="access" audispd: node=myhost.somewhere type=CWD msg=audit(1404144473.421:46298): cwd="/var/run/dovecot" audispd: node=myhost.somewher...

...-oi -oem -fwawi-genimp >> type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root suid=root fsuid=root egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) ses=unset comm=sendmail exe=/usr/sbin/exim subj=system_u:system_r:httpd_sys_script_t:s0 key=(null) >> type=AVC msg=audit(09/22/2017 12:08:29.911:1023) : avc: denied { setgid } for pid=19418 comm=sendmail capability=setgid scontext=...

...tcontext=unconfined_u:object_r:etc_runtime_t:s0 tclass=dir permissive=0 type=SYSCALL msg=audit(1586604621.637:6736): arch=c000003e syscall=83 success=no exit=-13 a0=55b493a7f338 a1=1ed a2=ffffffff a3=fffffffffffffcd8 items=0 ppid=12735 pid=12750 auid=4294967295 uid=1005 gid=1005 euid=1005 suid=1005 fsuid=1005 egid=1005 sgid=1005 fsgid=1005 tty=(none) ses=4294967295 comm="imap" exe="/usr/libexec/dovecot/imap" subj=system_u:system_r:dovecot_t:s0 key=(null) type=PROCTITLE msg=audit(1586604621.637:6736): proctitle="dovecot/imap" type=AVC msg=audit(1586604621.638:6737): avc...

...): arch=c000003e syscall=83 </div> <div> success=no exit=-13 a0=55b493a7f338 a1=1ed a2=ffffffff a3=fffffffffffffcd8 </div> <div> items=0 ppid=12735 pid=12750 auid=4294967295 uid=1005 gid=1005 euid=1005 </div> <div> suid=1005 fsuid=1005 egid=1005 sgid=1005 fsgid=1005 tty=(none) </div> <div> ses=4294967295 comm="imap" exe="/usr/libexec/dovecot/imap" </div> <div> subj=system_u:system_r:dovecot_t:s0 key=(null) </div> <div> type=PROCTIT...

...NIED" operation="file_mmap" info="Failed name lookup - disconnected path" error=-13 profile="/usr/lib/dovecot/indexer-worker" name="var/cache/nscd/hosts" pid=10540 comm="indexer-worker" requested_mask="r" denied_mask="r" fsuid=1001 ouid=0 ------------ The indexer worker is trying to open the file "var/cache/nscd/hosts" instead of "/var/cache/nscd/hosts", which of course fails. Can someone double check the code of the indexer worker, or this has been fixed? Thanks, Andr? -- https://github.com/pr...

Is it possible to audit the Linux User Shell? I am trying to gather what commands a user is running no our systems. Can auditd handle this? TIA -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070903/3d4d491d/attachment.html>

...onfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1385112688.399:67769): arch=c000003e syscall=2 success=no exit=-13 a0=7fffdecf5c60 a1=c1 a2=180 a3=8 items=0 ppid=8217 pid=8218 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=9 comm="xauth" exe="/usr/bin/xauth" subj=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 key=(null) Can anybody help me overcome this without disabling Selinux? Many thanks. Greetings, J. -- Johan Vermeulen IT-medewerker Op...

...m_r:svirt_t:s0:c772,c779 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28): arch=c000003e syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null) I've attached the alert email as a quote below, (hostname removed) Any help is greatly appreciated, I've had to...

...Nov 23 10:12:12 debpdc audit[16080]: AVC apparmor="DENIED" operation="file_mmap" profile="/usr/sbin/named" name="/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so" pid=16080 comm="named" requested_mask="m" denied_mask="m" fsuid=109 ouid=0 Nov 23 10:12:12 debpdc named[16080]: dlz_dlopen failed to open library '/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so' - /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so: failed to map segment from shared object Nov 23 10:12:12 debpdc kernel: audit: type=1400 aud...

On 09/20/2017 07:19 AM, hw wrote: > hw wrote: >> >> Hi, >> >> how do I allow CGI programs to print (using 'lpr -P some-printer >> some-file.pdf') when >> lighttpd is being used for a web server? >> >> When selinux is permissive, the printer prints; when it?s enforcing, >> the printer >> does not print, and I?m getting the log