Results 1 to 2 of 2
  1. #1
    Join Date
    Sep 2003
    Posts
    83

    Fighting with SELinux

    hello

    ever since the instalation of my recent ded server the process "/usr/bin/python -E /usr/sbin/setroubleshootd" has always been very active so i started to look up the audit_listener_database.xml in order to fix the issues. I fixed one or two and i am now stuck on the last issue... i am going to paste the report and hopefully someone can help me out.


    HTML Code:
    - <siginfo>
      <analysis_id>file</analysis_id> 
    - <audit_event>
      <event_id host="server1.MYHOST.COM" milli="573" seconds="1253191134" serial="174288" /> 
    - <records>
    - <audit_record record_type="AVC">
      <body_text>avc: denied { read } for pid=6097 comm="mysqld" path=2F746D702F4D5974636B6B7255202864656C6574656429 dev=loop0 ino=6193 scontext=system_u:system_r:mysqld_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file</body_text> 
      <event_id host="server1.MYHOST.COM" milli="573" seconds="1253191134" serial="174288" /> 
      </audit_record>
    - <audit_record record_type="SYSCALL">
      <body_text>arch=c000003e syscall=17 success=yes exit=1047840 a0=4d4 a1=18506850 a2=ffd20 a3=0 items=0 ppid=3841 pid=6097 auid=4294967295 uid=101 gid=102 euid=101 suid=101 fsuid=101 egid=102 sgid=102 fsgid=102 tty=(none) ses=4294967295 comm="mysqld" exe="/usr/sbin/mysqld" subj=system_u:system_r:mysqld_t:s0 key=(null)</body_text> 
      <event_id host="server1.MYHOST.COM" milli="573" seconds="1253191134" serial="174288" /> 
      </audit_record>
      </records>
      </audit_event>
      <category>File Label</category> 
    - <environment version="1.0">
      <enforce>Permissive</enforce> 
      <hostname>server1.MYHOST.COM</hostname> 
      <kernel>2.6.18-128.7.1.el5 x86_64</kernel> 
      <platform>CentOS release 5.3 (Final)</platform> 
      <policy_rpm>selinux-policy-2.4.6-203.el5</policy_rpm> 
      <policy_type>targeted</policy_type> 
      <policyvers>21</policyvers> 
      <selinux_enabled>True</selinux_enabled> 
      <selinux_mls_enabled>True</selinux_mls_enabled> 
      <uname>Linux server1.MYHOST.COM 2.6.18-128.7.1.el5 #1 SMP Mon Aug 24 08:21:56 EDT 2009 x86_64 x86_64</uname> 
      </environment>
      <first_seen_date>2009-09-17T12:38:54Z</first_seen_date> 
      <host>server1.MYHOST.COM</host> 
      <last_seen_date>2009-09-17T12:38:54Z</last_seen_date> 
      <local_id>86031ca5-fc3b-4775-a8bd-0ec661e2f292</local_id> 
      <report_count>1</report_count> 
      <scontext mls="s0" role="system_r" type="mysqld_t" user="system_u" /> 
    - <sig version="3.0">
    - <access>
      <operation>read</operation> 
      </access>
      <analysis_id>file</analysis_id> 
      <host>server1.MYHOST.COM</host> 
      <scontext mls="s0" role="system_r" type="mysqld_t" user="system_u" /> 
      <tclass>file</tclass> 
      <tcontext mls="s0" role="object_r" type="file_t" user="system_u" /> 
      <tpath>2F746D702F4D5974636B6B7255202864656C6574656429</tpath> 
      </sig>
    - <solution version="1.0">
      <fix_cmd /> 
    - <fix_description>
    - <![CDATA[     You can execute the following command as root to relabel your
        computer system: "touch /.autorelabel; reboot"
        
      ]]> 
      </fix_description>
    - <problem_description>
    - <![CDATA[     SELinux permission checks on files labeled file_t are being
        denied.  file_t is the context the SELinux kernel gives to files
        that do not have a label. This indicates a serious labeling
        problem. No files on an SELinux box should ever be labeled file_t.
        If you have just added a new disk drive to the system you can
        relabel it using the restorecon command.  Otherwise you should
        relabel the entire files system.
        
      ]]> 
      </problem_description>
    - <summary>
    - <![CDATA[     SELinux is preventing access to files with the label, file_t.
        
      ]]> 
      </summary>
      </solution>
      <source>mysqld</source> 
      <spath>/usr/sbin/mysqld</spath> 
    - <src_rpm_list>
      <rpm>MySQL-server-5.0.81-0.glibc23</rpm> 
      </src_rpm_list>
      <tclass>file</tclass> 
      <tcontext mls="s0" role="object_r" type="file_t" user="system_u" /> 
      <tpath>2F746D702F4D5974636B6B7255202864656C6574656429</tpath> 
      </siginfo>

    i have tried the command "touch /.autorelabel; reboot" but that didnt fix it, what else should i do ?

    thanks in advance

  2. #2
    /etc/selinux/config - replce to disabled

    use APF firewall or something like that for security
    Professional Streaming services - http://www.tulix.com - info at tulix.com
    Double optimized - AS36820) network, best for live streaming/VoIP/gaming
    The best quality network - AS7219

Similar Threads

  1. Why *don't* you use SELinux?
    By MartHUK in forum Hosting Security and Technology
    Replies: 7
    Last Post: 09-22-2006, 06:34 AM
  2. Is SELinux worth it?
    By MartHUK in forum Hosting Security and Technology
    Replies: 0
    Last Post: 09-19-2006, 12:00 PM
  3. Help with SELinux
    By millerg in forum Web Hosting
    Replies: 0
    Last Post: 05-10-2006, 11:42 AM
  4. Selinux issue
    By Froggy in forum Dedicated Server
    Replies: 0
    Last Post: 09-25-2005, 01:36 AM
  5. qmail and SELinux
    By jenniffer27 in forum Hosting Security and Technology
    Replies: 2
    Last Post: 06-04-2005, 12:02 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •