On 11/04/2016 10:05 AM, Lukas Vrabec wrote:
On 11/03/2016 04:03 PM, lejeczek wrote:
>
>
> On 03/11/16 01:28, Simon Sekidde wrote:
>>
>> ----- Original Message -----
>>> From: "lejeczek" <peljasz(a)yahoo.co.uk>
>>> To: selinux(a)lists.fedoraproject.org
>>> Sent: Wednesday, November 2, 2016 6:30:30 PM
>>> Subject: fail2ban to rpm??
>>>
>>> hi everybody
>>> on my one system I see something weir...
>>>
>>> setroubleshoot[58420]: SELinux is preventing
>>> /usr/bin/python2.7 from getattr access on the file
>>> /usr/bin/rpm. For complete SELinux messages. run sealert -l
>>> 892542a6-b3ea-48eb-b76f-cadffdbdbb84
>>> Nov 02 22:21:27 rider.private.ccnr.ceb.private.cam.ac.uk
>>> python[58420]: SELinux is preventing /usr/bin/python2.7 from
>>> getattr access on the file /usr/bin/rpm.
>>>
>>> Source Context
>>> system_u:system_r:fail2ban_client_t:s0
>>> Target Context system_u:object_r:rpm_exec_t:s0
>>> Target Objects /usr/bin/rpm [ file ]
>>> Source fail2ban-client
>>> Source Path /usr/bin/python2.7
>>>
>>> fail2ban wants to run rpm ???
>>> unless some binaries I have mislabelled this would be
>>> suspicious, no?? What do you think?
>> Do you know how this warning was triggered?
>> We only allow this permission for rpm files in the /tmp dir
> it was an attempt to systemctl start fail2ban, but I .autorelabeled and
> it does not appear to be a problem any more, so maybe just wrong
> selabels somewhere.
If you see this issue again, we can ask fail2ban folks what is going on
here. I don't think it was labeling issue.
system_u:system_r:fail2ban_client_t:s0
Target Context system_u:object_r:rpm_exec_t:s0
Target Objects /usr/bin/rpm [ file ]
It tells me that the /usr/bin/rpm binary was really executed and with
correct labeling and it was executed but fail2ban_client_t.
Thank you.
>
>>
>>> THXALOT
>>> L.
>>> _______________________________________________
>>> selinux mailing list -- selinux(a)lists.fedoraproject.org
>>> To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
>>>
> _______________________________________________
> selinux mailing list -- selinux(a)lists.fedoraproject.org
> To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
I see allow rule in Fedora 24:
$ sesearch -A -s fail2ban_t -t rpm_exec_t
Found 2 semantic av rules:
allow fail2ban_t file_type : filesystem getattr ;
allow fail2ban_t rpm_exec_t : file { ioctl read getattr lock execute
execute_no_trans open } ;
I believe it was caused by wrong labels on your system.
Thank you,
Lukas.
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.