5:30 p.m.
hi everybody
on my one system I see something weir...
setroubleshoot[58420]: SELinux is preventing
/usr/bin/python2.7 from getattr access on the file
/usr/bin/rpm. For complete SELinux messages. run sealert -l
892542a6-b3ea-48eb-b76f-cadffdbdbb84
Nov 02 22:21:27 rider.private.ccnr.ceb.private.cam.ac.uk
python[58420]: SELinux is preventing /usr/bin/python2.7 from
getattr access on the file /usr/bin/rpm.
Source Context
system_u:system_r:fail2ban_client_t:s0
Target Context system_u:object_r:rpm_exec_t:s0
Target Objects /usr/bin/rpm [ file ]
Source fail2ban-client
Source Path /usr/bin/python2.7
fail2ban wants to run rpm ???
unless some binaries I have mislabelled this would be
suspicious, no?? What do you think?
THXALOT
L.
8:28 p.m.
----- Original Message -----
From: "lejeczek" <peljasz(a)yahoo.co.uk>
To: selinux(a)lists.fedoraproject.org
Sent: Wednesday, November 2, 2016 6:30:30 PM
Subject: fail2ban to rpm??
hi everybody
on my one system I see something weir...
setroubleshoot[58420]: SELinux is preventing
/usr/bin/python2.7 from getattr access on the file
/usr/bin/rpm. For complete SELinux messages. run sealert -l
892542a6-b3ea-48eb-b76f-cadffdbdbb84
Nov 02 22:21:27 rider.private.ccnr.ceb.private.cam.ac.uk
python[58420]: SELinux is preventing /usr/bin/python2.7 from
getattr access on the file /usr/bin/rpm.
Source Context
system_u:system_r:fail2ban_client_t:s0
Target Context system_u:object_r:rpm_exec_t:s0
Target Objects /usr/bin/rpm [ file ]
Source fail2ban-client
Source Path /usr/bin/python2.7
fail2ban wants to run rpm ???
unless some binaries I have mislabelled this would be
suspicious, no?? What do you think?
Do you know how this warning was triggered?
We only allow this permission for rpm files in the /tmp dir
THXALOT
L.
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
--
Simon Sekidde * Red Hat, Inc. * Tyson's Corner, VA
gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E
10:03 a.m.
On 03/11/16 01:28, Simon Sekidde wrote:
----- Original Message -----
> From: "lejeczek" <peljasz(a)yahoo.co.uk>
> To: selinux(a)lists.fedoraproject.org
> Sent: Wednesday, November 2, 2016 6:30:30 PM
> Subject: fail2ban to rpm??
>
> hi everybody
> on my one system I see something weir...
>
> setroubleshoot[58420]: SELinux is preventing
> /usr/bin/python2.7 from getattr access on the file
> /usr/bin/rpm. For complete SELinux messages. run sealert -l
> 892542a6-b3ea-48eb-b76f-cadffdbdbb84
> Nov 02 22:21:27 rider.private.ccnr.ceb.private.cam.ac.uk
> python[58420]: SELinux is preventing /usr/bin/python2.7 from
> getattr access on the file /usr/bin/rpm.
>
> Source Context
> system_u:system_r:fail2ban_client_t:s0
> Target Context system_u:object_r:rpm_exec_t:s0
> Target Objects /usr/bin/rpm [ file ]
> Source fail2ban-client
> Source Path /usr/bin/python2.7
>
> fail2ban wants to run rpm ???
> unless some binaries I have mislabelled this would be
> suspicious, no?? What do you think?
Do you know how this warning was triggered?
We only allow this permission for rpm files in the /tmp dir
it was an attempt to
systemctl start fail2ban, but I
.autorelabeled and it does not appear to be a problem any
more, so maybe just wrong selabels somewhere.
> THXALOT
> L.
> _______________________________________________
> selinux mailing list -- selinux(a)lists.fedoraproject.org
> To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
>
4:05 a.m.
On 11/03/2016 04:03 PM, lejeczek wrote:
On 03/11/16 01:28, Simon Sekidde wrote:
>
> ----- Original Message -----
>> From: "lejeczek" <peljasz(a)yahoo.co.uk>
>> To: selinux(a)lists.fedoraproject.org
>> Sent: Wednesday, November 2, 2016 6:30:30 PM
>> Subject: fail2ban to rpm??
>>
>> hi everybody
>> on my one system I see something weir...
>>
>> setroubleshoot[58420]: SELinux is preventing
>> /usr/bin/python2.7 from getattr access on the file
>> /usr/bin/rpm. For complete SELinux messages. run sealert -l
>> 892542a6-b3ea-48eb-b76f-cadffdbdbb84
>> Nov 02 22:21:27 rider.private.ccnr.ceb.private.cam.ac.uk
>> python[58420]: SELinux is preventing /usr/bin/python2.7 from
>> getattr access on the file /usr/bin/rpm.
>>
>> Source Context
>> system_u:system_r:fail2ban_client_t:s0
>> Target Context system_u:object_r:rpm_exec_t:s0
>> Target Objects /usr/bin/rpm [ file ]
>> Source fail2ban-client
>> Source Path /usr/bin/python2.7
>>
>> fail2ban wants to run rpm ???
>> unless some binaries I have mislabelled this would be
>> suspicious, no?? What do you think?
> Do you know how this warning was triggered?
> We only allow this permission for rpm files in the /tmp dir
it was an attempt to systemctl start fail2ban, but I .autorelabeled and
it does not appear to be a problem any more, so maybe just wrong
selabels somewhere.
>
>> THXALOT
>> L.
>> _______________________________________________
>> selinux mailing list -- selinux(a)lists.fedoraproject.org
>> To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
>>
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
I see allow rule in Fedora 24:
$ sesearch -A -s fail2ban_t -t rpm_exec_t
Found 2 semantic av rules:
allow fail2ban_t file_type : filesystem getattr ;
allow fail2ban_t rpm_exec_t : file { ioctl read getattr lock execute
execute_no_trans open } ;
I believe it was caused by wrong labels on your system.
Thank you,
Lukas.
--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.
5:44 a.m.
On 11/04/2016 10:05 AM, Lukas Vrabec wrote:
On 11/03/2016 04:03 PM, lejeczek wrote:
>
>
> On 03/11/16 01:28, Simon Sekidde wrote:
>>
>> ----- Original Message -----
>>> From: "lejeczek" <peljasz(a)yahoo.co.uk>
>>> To: selinux(a)lists.fedoraproject.org
>>> Sent: Wednesday, November 2, 2016 6:30:30 PM
>>> Subject: fail2ban to rpm??
>>>
>>> hi everybody
>>> on my one system I see something weir...
>>>
>>> setroubleshoot[58420]: SELinux is preventing
>>> /usr/bin/python2.7 from getattr access on the file
>>> /usr/bin/rpm. For complete SELinux messages. run sealert -l
>>> 892542a6-b3ea-48eb-b76f-cadffdbdbb84
>>> Nov 02 22:21:27 rider.private.ccnr.ceb.private.cam.ac.uk
>>> python[58420]: SELinux is preventing /usr/bin/python2.7 from
>>> getattr access on the file /usr/bin/rpm.
>>>
>>> Source Context
>>> system_u:system_r:fail2ban_client_t:s0
>>> Target Context system_u:object_r:rpm_exec_t:s0
>>> Target Objects /usr/bin/rpm [ file ]
>>> Source fail2ban-client
>>> Source Path /usr/bin/python2.7
>>>
>>> fail2ban wants to run rpm ???
>>> unless some binaries I have mislabelled this would be
>>> suspicious, no?? What do you think?
>> Do you know how this warning was triggered?
>> We only allow this permission for rpm files in the /tmp dir
> it was an attempt to systemctl start fail2ban, but I .autorelabeled and
> it does not appear to be a problem any more, so maybe just wrong
> selabels somewhere.
If you see this issue again, we can ask fail2ban folks what is going on
here. I don't think it was labeling issue.
system_u:system_r:fail2ban_client_t:s0
Target Context system_u:object_r:rpm_exec_t:s0
Target Objects /usr/bin/rpm [ file ]
It tells me that the /usr/bin/rpm binary was really executed and with
correct labeling and it was executed but fail2ban_client_t.
Thank you.
>
>>
>>> THXALOT
>>> L.
>>> _______________________________________________
>>> selinux mailing list -- selinux(a)lists.fedoraproject.org
>>> To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
>>>
> _______________________________________________
> selinux mailing list -- selinux(a)lists.fedoraproject.org
> To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
I see allow rule in Fedora 24:
$ sesearch -A -s fail2ban_t -t rpm_exec_t
Found 2 semantic av rules:
allow fail2ban_t file_type : filesystem getattr ;
allow fail2ban_t rpm_exec_t : file { ioctl read getattr lock execute
execute_no_trans open } ;
I believe it was caused by wrong labels on your system.
Thank you,
Lukas.
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
2750
days inactive
2752
days old
selinux@lists.fedoraproject.org
4 comments
4 participants
participants (4)
-
lejeczek -
Lukas Vrabec -
Miroslav Grepl -
Simon Sekidde