major/sealert_output.txt

## sealert_output.txt
Red Hat Bugzilla ticket made: https://bugzilla.redhat.com/show_bug.cgi?id=839287

[root@helium ~]# sealert -l b1392df4-dda4-4b82-914c-1e20c62fc898
WARNING: Policy would be downgraded from version 27 to 26.
SELinux is preventing /usr/bin/python2.7 from read access on the file group.

*****  Plugin xen_image (91.4 confidence) suggests  **************************

If you want to allow python2.7 to have read access on the group file
Then you need to change the label on 'group'
Do
# semanage fcontext -a -t xen_image_t 'group'
# restorecon -v 'group'

*****  Plugin catchall (9.59 confidence) suggests  ***************************

If you believe that python2.7 should be allowed read access on the group file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep xend /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


WARNING: Policy would be downgraded from version 27 to 26.
WARNING: Policy would be downgraded from version 27 to 26.
Additional Information:
Source Context                system_u:system_r:xend_t:s0
Target Context                system_u:object_r:passwd_file_t:s0
Target Objects                group [ file ]
Source                        xend
Source Path                   /usr/bin/python2.7
Port                          <Unknown>
Host                          helium.mhtx.net
Source RPM Packages           python-2.7.3-6.fc17.x86_64
Target RPM Packages
Policy RPM                    selinux-policy-3.10.0-134.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     helium.mhtx.net
Platform                      Linux helium.mhtx.net 3.4.4-5.fc17.x86_64 #1 SMP
                              Thu Jul 5 20:20:59 UTC 2012 x86_64 x86_64
Alert Count                   2
First Seen                    Tue 10 Jul 2012 04:31:26 AM UTC
Last Seen                     Tue 10 Jul 2012 04:38:27 AM UTC
Local ID                      b1392df4-dda4-4b82-914c-1e20c62fc898

Raw Audit Messages
type=AVC msg=audit(1341895107.913:435): avc:  denied  { read } for  pid=2975 comm="xend" name="group" dev="dm-0" ino=917980 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file


type=SYSCALL msg=audit(1341895107.913:435): arch=x86_64 syscall=open success=no exit=EACCES a0=7fa9b42966bf a1=80000 a2=1b6 a3=238 items=0 ppid=1 pid=2975 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xend exe=/usr/bin/python2.7 subj=system_u:system_r:xend_t:s0 key=(null)

Hash: xend,xend_t,passwd_file_t,file,read

audit2allow

#============= xend_t ==============
#!!!! This avc is allowed in the current policy

allow xend_t passwd_file_t:file read;

audit2allow -R

#============= xend_t ==============
#!!!! This avc is allowed in the current policy

allow xend_t passwd_file_t:file read;


[root@helium ~]# sealert -l 3e09edc3-aeb7-49f5-96e1-d8148afda48f
WARNING: Policy would be downgraded from version 27 to 26.
SELinux is preventing /usr/bin/python2.7 from setattr access on the chr_file 1.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that python2.7 should be allowed setattr access on the 1 chr_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep xend /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


WARNING: Policy would be downgraded from version 27 to 26.
WARNING: Policy would be downgraded from version 27 to 26.
Additional Information:
Source Context                system_u:system_r:xend_t:s0
Target Context                system_u:object_r:devpts_t:s0
Target Objects                1 [ chr_file ]
Source                        xend
Source Path                   /usr/bin/python2.7
Port                          <Unknown>
Host                          helium.mhtx.net
Source RPM Packages           python-2.7.3-6.fc17.x86_64
Target RPM Packages
Policy RPM                    selinux-policy-3.10.0-134.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     helium.mhtx.net
Platform                      Linux helium.mhtx.net 3.4.4-5.fc17.x86_64 #1 SMP
                              Thu Jul 5 20:20:59 UTC 2012 x86_64 x86_64
Alert Count                   2
First Seen                    Tue 10 Jul 2012 04:31:26 AM UTC
Last Seen                     Tue 10 Jul 2012 04:38:27 AM UTC
Local ID                      3e09edc3-aeb7-49f5-96e1-d8148afda48f

Raw Audit Messages
type=AVC msg=audit(1341895107.913:436): avc:  denied  { setattr } for  pid=2975 comm="xend" name="1" dev="devpts" ino=4 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file


type=SYSCALL msg=audit(1341895107.913:436): arch=x86_64 syscall=chown success=no exit=EACCES a0=7fa9acff2ce0 a1=0 a2=0 a3=238 items=0 ppid=1 pid=2975 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xend exe=/usr/bin/python2.7 subj=system_u:system_r:xend_t:s0 key=(null)

Hash: xend,xend_t,devpts_t,chr_file,setattr

audit2allow

#============= xend_t ==============
#!!!! This avc is allowed in the current policy

allow xend_t devpts_t:chr_file setattr;

audit2allow -R

#============= xend_t ==============
#!!!! This avc is allowed in the current policy

allow xend_t devpts_t:chr_file setattr;


[root@helium ~]# sealert -l 86395f09-5f33-4f66-8d02-519b61e54139
WARNING: Policy would be downgraded from version 27 to 26.
SELinux is preventing /usr/bin/python2.7 from execute access on the file pt_chown.

*****  Plugin leaks (86.2 confidence) suggests  ******************************

If you want to ignore python2.7 trying to execute access the pt_chown file, because you believe it should not need this access.
Then you should report this as a bug.
You can generate a local policy module to dontaudit this access.
Do
# grep /usr/bin/python2.7 /var/log/audit/audit.log | audit2allow -D -M mypol
# semodule -i mypol.pp

*****  Plugin catchall (14.7 confidence) suggests  ***************************

If you believe that python2.7 should be allowed execute access on the pt_chown file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep xend /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp


WARNING: Policy would be downgraded from version 27 to 26.
WARNING: Policy would be downgraded from version 27 to 26.
Additional Information:
Source Context                system_u:system_r:xend_t:s0
Target Context                system_u:object_r:ptchown_exec_t:s0
Target Objects                pt_chown [ file ]
Source                        xend
Source Path                   /usr/bin/python2.7
Port                          <Unknown>
Host                          helium.mhtx.net
Source RPM Packages           python-2.7.3-6.fc17.x86_64
Target RPM Packages
Policy RPM                    selinux-policy-3.10.0-134.fc17.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     helium.mhtx.net
Platform                      Linux helium.mhtx.net 3.4.4-5.fc17.x86_64 #1 SMP
                              Thu Jul 5 20:20:59 UTC 2012 x86_64 x86_64
Alert Count                   2
First Seen                    Tue 10 Jul 2012 04:31:26 AM UTC
Last Seen                     Tue 10 Jul 2012 04:38:27 AM UTC
Local ID                      86395f09-5f33-4f66-8d02-519b61e54139

Raw Audit Messages
type=AVC msg=audit(1341895107.920:437): avc:  denied  { execute } for  pid=2976 comm="xend" name="pt_chown" dev="dm-0" ino=1966878 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:ptchown_exec_t:s0 tclass=file


type=SYSCALL msg=audit(1341895107.920:437): arch=x86_64 syscall=execve success=no exit=EACCES a0=7fa9c276af2e a1=7fa9acff0770 a2=0 a3=19 items=0 ppid=953 pid=2976 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xend exe=/usr/bin/python2.7 subj=system_u:system_r:xend_t:s0 key=(null)

Hash: xend,xend_t,ptchown_exec_t,file,execute

audit2allow

#============= xend_t ==============
#!!!! This avc is allowed in the current policy

allow xend_t ptchown_exec_t:file execute;

audit2allow -R

#============= xend_t ==============
#!!!! This avc is allowed in the current policy

allow xend_t ptchown_exec_t:file execute;


[root@helium ~]#
	Red Hat Bugzilla ticket made: https://bugzilla.redhat.com/show_bug.cgi?id=839287

	[root@helium ~]# sealert -l b1392df4-dda4-4b82-914c-1e20c62fc898
	WARNING: Policy would be downgraded from version 27 to 26.
	SELinux is preventing /usr/bin/python2.7 from read access on the file group.

	*** Plugin xen_image (91.4 confidence) suggests ************************

	If you want to allow python2.7 to have read access on the group file
	Then you need to change the label on 'group'
	Do
	# semanage fcontext -a -t xen_image_t 'group'
	# restorecon -v 'group'

	*** Plugin catchall (9.59 confidence) suggests *************************

	If you believe that python2.7 should be allowed read access on the group file by default.
	Then you should report this as a bug.
	You can generate a local policy module to allow this access.
	Do
	allow this access for now by executing:
	# grep xend /var/log/audit/audit.log \| audit2allow -M mypol
	# semodule -i mypol.pp


	WARNING: Policy would be downgraded from version 27 to 26.
	WARNING: Policy would be downgraded from version 27 to 26.
	Additional Information:
	Source Context system_u:system_r:xend_t:s0
	Target Context system_u:object_r:passwd_file_t:s0
	Target Objects group [ file ]
	Source xend
	Source Path /usr/bin/python2.7
	Port <Unknown>
	Host helium.mhtx.net
	Source RPM Packages python-2.7.3-6.fc17.x86_64
	Target RPM Packages
	Policy RPM selinux-policy-3.10.0-134.fc17.noarch
	Selinux Enabled True
	Policy Type targeted
	Enforcing Mode Enforcing
	Host Name helium.mhtx.net
	Platform Linux helium.mhtx.net 3.4.4-5.fc17.x86_64 #1 SMP
	Thu Jul 5 20:20:59 UTC 2012 x86_64 x86_64
	Alert Count 2
	First Seen Tue 10 Jul 2012 04:31:26 AM UTC
	Last Seen Tue 10 Jul 2012 04:38:27 AM UTC
	Local ID b1392df4-dda4-4b82-914c-1e20c62fc898

	Raw Audit Messages
	type=AVC msg=audit(1341895107.913:435): avc: denied { read } for pid=2975 comm="xend" name="group" dev="dm-0" ino=917980 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:passwd_file_t:s0 tclass=file


	type=SYSCALL msg=audit(1341895107.913:435): arch=x86_64 syscall=open success=no exit=EACCES a0=7fa9b42966bf a1=80000 a2=1b6 a3=238 items=0 ppid=1 pid=2975 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xend exe=/usr/bin/python2.7 subj=system_u:system_r:xend_t:s0 key=(null)

	Hash: xend,xend_t,passwd_file_t,file,read

	audit2allow

	#============= xend_t ==============
	#!!!! This avc is allowed in the current policy

	allow xend_t passwd_file_t:file read;

	audit2allow -R

	#============= xend_t ==============
	#!!!! This avc is allowed in the current policy

	allow xend_t passwd_file_t:file read;


	[root@helium ~]# sealert -l 3e09edc3-aeb7-49f5-96e1-d8148afda48f
	WARNING: Policy would be downgraded from version 27 to 26.
	SELinux is preventing /usr/bin/python2.7 from setattr access on the chr_file 1.

	*** Plugin catchall (100. confidence) suggests *************************

	If you believe that python2.7 should be allowed setattr access on the 1 chr_file by default.
	Then you should report this as a bug.
	You can generate a local policy module to allow this access.
	Do
	allow this access for now by executing:
	# grep xend /var/log/audit/audit.log \| audit2allow -M mypol
	# semodule -i mypol.pp


	WARNING: Policy would be downgraded from version 27 to 26.
	WARNING: Policy would be downgraded from version 27 to 26.
	Additional Information:
	Source Context system_u:system_r:xend_t:s0
	Target Context system_u:object_r:devpts_t:s0
	Target Objects 1 [ chr_file ]
	Source xend
	Source Path /usr/bin/python2.7
	Port <Unknown>
	Host helium.mhtx.net
	Source RPM Packages python-2.7.3-6.fc17.x86_64
	Target RPM Packages
	Policy RPM selinux-policy-3.10.0-134.fc17.noarch
	Selinux Enabled True
	Policy Type targeted
	Enforcing Mode Enforcing
	Host Name helium.mhtx.net
	Platform Linux helium.mhtx.net 3.4.4-5.fc17.x86_64 #1 SMP
	Thu Jul 5 20:20:59 UTC 2012 x86_64 x86_64
	Alert Count 2
	First Seen Tue 10 Jul 2012 04:31:26 AM UTC
	Last Seen Tue 10 Jul 2012 04:38:27 AM UTC
	Local ID 3e09edc3-aeb7-49f5-96e1-d8148afda48f

	Raw Audit Messages
	type=AVC msg=audit(1341895107.913:436): avc: denied { setattr } for pid=2975 comm="xend" name="1" dev="devpts" ino=4 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file


	type=SYSCALL msg=audit(1341895107.913:436): arch=x86_64 syscall=chown success=no exit=EACCES a0=7fa9acff2ce0 a1=0 a2=0 a3=238 items=0 ppid=1 pid=2975 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xend exe=/usr/bin/python2.7 subj=system_u:system_r:xend_t:s0 key=(null)

	Hash: xend,xend_t,devpts_t,chr_file,setattr

	audit2allow

	#============= xend_t ==============
	#!!!! This avc is allowed in the current policy

	allow xend_t devpts_t:chr_file setattr;

	audit2allow -R

	#============= xend_t ==============
	#!!!! This avc is allowed in the current policy

	allow xend_t devpts_t:chr_file setattr;


	[root@helium ~]# sealert -l 86395f09-5f33-4f66-8d02-519b61e54139
	WARNING: Policy would be downgraded from version 27 to 26.
	SELinux is preventing /usr/bin/python2.7 from execute access on the file pt_chown.

	*** Plugin leaks (86.2 confidence) suggests ****************************

	If you want to ignore python2.7 trying to execute access the pt_chown file, because you believe it should not need this access.
	Then you should report this as a bug.
	You can generate a local policy module to dontaudit this access.
	Do
	# grep /usr/bin/python2.7 /var/log/audit/audit.log \| audit2allow -D -M mypol
	# semodule -i mypol.pp

	*** Plugin catchall (14.7 confidence) suggests *************************

	If you believe that python2.7 should be allowed execute access on the pt_chown file by default.
	Then you should report this as a bug.
	You can generate a local policy module to allow this access.
	Do
	allow this access for now by executing:
	# grep xend /var/log/audit/audit.log \| audit2allow -M mypol
	# semodule -i mypol.pp


	WARNING: Policy would be downgraded from version 27 to 26.
	WARNING: Policy would be downgraded from version 27 to 26.
	Additional Information:
	Source Context system_u:system_r:xend_t:s0
	Target Context system_u:object_r:ptchown_exec_t:s0
	Target Objects pt_chown [ file ]
	Source xend
	Source Path /usr/bin/python2.7
	Port <Unknown>
	Host helium.mhtx.net
	Source RPM Packages python-2.7.3-6.fc17.x86_64
	Target RPM Packages
	Policy RPM selinux-policy-3.10.0-134.fc17.noarch
	Selinux Enabled True
	Policy Type targeted
	Enforcing Mode Enforcing
	Host Name helium.mhtx.net
	Platform Linux helium.mhtx.net 3.4.4-5.fc17.x86_64 #1 SMP
	Thu Jul 5 20:20:59 UTC 2012 x86_64 x86_64
	Alert Count 2
	First Seen Tue 10 Jul 2012 04:31:26 AM UTC
	Last Seen Tue 10 Jul 2012 04:38:27 AM UTC
	Local ID 86395f09-5f33-4f66-8d02-519b61e54139

	Raw Audit Messages
	type=AVC msg=audit(1341895107.920:437): avc: denied { execute } for pid=2976 comm="xend" name="pt_chown" dev="dm-0" ino=1966878 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:ptchown_exec_t:s0 tclass=file


	type=SYSCALL msg=audit(1341895107.920:437): arch=x86_64 syscall=execve success=no exit=EACCES a0=7fa9c276af2e a1=7fa9acff0770 a2=0 a3=19 items=0 ppid=953 pid=2976 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=xend exe=/usr/bin/python2.7 subj=system_u:system_r:xend_t:s0 key=(null)

	Hash: xend,xend_t,ptchown_exec_t,file,execute

	audit2allow

	#============= xend_t ==============
	#!!!! This avc is allowed in the current policy

	allow xend_t ptchown_exec_t:file execute;

	audit2allow -R

	#============= xend_t ==============
	#!!!! This avc is allowed in the current policy

	allow xend_t ptchown_exec_t:file execute;


	[root@helium ~]#