Bug#624425: issue that only occurs on SE Linux
On Mon, Sep 12, 2011 at 04:07:05PM +1000, Russell Coker wrote:
> The problem that Paul reported only occurs on one system (I have not been able
> to reproduce it on other AMD64 Xen DomU systems with a similar configuration).
> It only occurs when SE Linux is in enforcing mode and when the default policy
> is in use which doesn't permit the following access. sshd aborts after the
> below messages are logged.
>
> I don't think that the problem Paul reported is a security problem and I
> suspect that it may not be closely related to the original bug report.
>
> type=AVC msg=audit(1315807424.338:39): avc: denied { unix_read unix_write }
> for pid=1363 comm="sshd" key=58236 scontext=system_u:system_r:sshd_t:s0-
> s0:c0.c1023 tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=shm
> type=SYSCALL msg=audit(1315807424.338:39): arch=c000003e syscall=29 success=no
> exit=-131939286884392 a0=e37c a1=200048 a2=1b6 a3=0 items=0 ppid=627 pid=1363
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd"
> subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1315807424.338:40): avc: denied { unix_read unix_write }
> for pid=1363 comm="sshd" key=58771 scontext=system_u:system_r:sshd_t:s0-
> s0:c0.c1023 tcontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=sem
> type=SYSCALL msg=audit(1315807424.338:40): arch=c000003e syscall=64 success=no
> exit=-131939286884392 a0=e593 a1=8 a2=1b6 a3=0 items=0 ppid=627 pid=1363
> auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> tty=(none) ses=4294967295 comm="sshd" exe="/usr/sbin/sshd"
> subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
These are shmget and semget. Odd, since openssh has no code to call
those itself as far as I can see. Can you get a backtrace from the
point where shmget is called?
--
Colin Watson [cjwatson@debian.org]
Reply to: