Bug#624425: issue that only occurs on SE Linux

Mon, 12 Sep 2011 01:45:19 -0700 

On Mon, Sep 12, 2011 at 04:07:05PM +1000, Russell Coker wrote:
> The problem that Paul reported only occurs on one system (I have not been 
> able 
> to reproduce it on other AMD64 Xen DomU systems with a similar 
> configuration).  
> It only occurs when SE Linux is in enforcing mode and when the default policy 
> is in use which doesn't permit the following access.  sshd aborts after the 
> below messages are logged.
> 
> I don't think that the problem Paul reported is a security problem and I 
> suspect that it may not be closely related to the original bug report.
> 
> type=AVC msg=audit(1315807424.338:39): avc:  denied  { unix_read unix_write } 
> for  pid=1363 comm="sshd" key=58236  scontext=system_u:system_r:sshd_t:s0-
> s0:c0.c1023 tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
> type=SYSCALL msg=audit(1315807424.338:39): arch=c000003e syscall=29 
> success=no 
> exit=-131939286884392 a0=e37c a1=200048 a2=1b6 a3=0 items=0 ppid=627 pid=1363 
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
> tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" 
> subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1315807424.338:40): avc:  denied  { unix_read unix_write } 
> for  pid=1363 comm="sshd" key=58771  scontext=system_u:system_r:sshd_t:s0-
> s0:c0.c1023 tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=sem
> type=SYSCALL msg=audit(1315807424.338:40): arch=c000003e syscall=64 
> success=no 
> exit=-131939286884392 a0=e593 a1=8 a2=1b6 a3=0 items=0 ppid=627 pid=1363 
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
> tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd" 
> subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)

These are shmget and semget.  Odd, since openssh has no code to call
those itself as far as I can see.  Can you get a backtrace from the
point where shmget is called?

-- 
Colin Watson                                       [[email protected]]



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: 
http://lists.debian.org/[email protected]

Reply via email to