Nabble - Fedora SELinux List

RE: how to restrict a SOCK_RAW by interface

2009-12-16T07:00:23Z

On Mon, 2009-12-14 at 16:56 -0600, Cernak, James E (IS) wrote:
> Hello,
>
> Thanks for the hint, However it does not solve my problem I still can
> read from eth0.

eth0 or eth1? Your example showed eth1 configured as iface_test_t.
>
> I did have to add allow rules for netif_t:netif but my policy still
> does not allow iface_test_t.

Hmmm..are you sure? Did you declare any type attributes for
iface_test_t? Use sesearch or apol to confirm that there are no allow
rules to it in the final binary policy.

>
> James
>
>
> -----Original Message-----
> From: Stephen Smalley [mailto:sds@...]
> Sent: Mon 12/14/2009 1:49 PM
> To: Cernak, James E (IS)
> Cc: fedora-selinux-list@...
> Subject: Re: how to restrict a SOCK_RAW by interface
>
> On Mon, 2009-12-14 at 13:29 -0600, Cernak, James E (IS) wrote:
> > Hello,
> >
> > I am trying to restrict an application to using only some interfaces
> > on the system. I have defined a new type and assigned the interface
> on
> > my RHEL5.4-x64 system to the new type with semanage. The system
> > indicates that the interface is now configured.
> > # semanage interface -l
> > SELinux Interface Context
> >
> > eth1
> system_u:object_r:iface_test_t:s0
> > This does restrict applications like tcpdump or wireshark from
> listing
> > the interface that was configured.
> > # tcpdump -D
> > 1.peth0
> > 2.virbr0
> > 3.vif0.0
> > 4.eth0
> > 5.xenbr0
> > 6.eth2
> > 7.eth3
> > 8.any (Pseudo-device that captures on all interfaces)
> > 9.lo
> >
> > My problem comes that my application can still open eth1 and read
> and
> > write packets to this interface.
> > The application is opening a socket as SOCK_RAW then binding with a
> > struct sockaddr_LL that has the ssll_ifindex field configured with
> the
> > index of ETH1.
> > How do I write a selinux policy to restrict this application from
> > using some interfaces.
> >
>
> In RHEL5 (Linux 2.6.18), you might need to enable compat_net (echo 1
> > /selinux/compat_net or boot with selinux_compat_net=1 on the kernel
> command line).
>
> --
> Stephen Smalley
> National Security Agency
>
>
>
>

--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Logrotate frustration

2009-12-15T08:26:18Z

On Tue, 2009-12-15 at 09:39 -0500, Daniel J Walsh wrote:
> On 12/14/2009 05:01 AM, Arthur Dent wrote:
> > On Mon, 2009-12-07 at 22:30 +0000, Arthur Dent wrote:
> >> On Mon, 2009-12-07 at 16:24 -0500, Daniel J Walsh wrote:
> >>> On 12/06/2009 04:38 AM, Arthur Dent wrote:

[Snip]

> >>> I can allow logrotate to manage log lnk_files, and allow it to write to the fail2ban socket.
> >>>
> >>> Are you using a custom logrotate to rotate mail_spool?

[Snip]

> >
> > OK - Following another arm of this thread I have (last week) done a
> > complete relabel and removed my existing fail2ban and logrotate local
> > policies.
> >
> > As a result of yesterday's weekly log rotate squid threw up another
> > couple of AVCs related to log_lnk (see below).
> >
> > I have created another local policy but, do I understand you correctly
> > Daniel that you may include log_lnk in a future targeted policy?
> >
> > Here is my new logrotate policy:
> >
> > ===============8<==================================================
> >
> > module mylogr 11.2.2;
> >
> > require {
> > type mail_spool_t;
> > type logrotate_t;
> > type squid_log_t;
> > class file getattr;
> > class lnk_file { rename unlink };
> > }
> >
> > #============= logrotate_t ==============
> > allow logrotate_t mail_spool_t:file getattr;
> > allow logrotate_t squid_log_t:lnk_file { rename unlink };
> >
> > ===============8<==================================================
> >
> > Is this OK?

[Snip]

>
> Yes the squid access will not be needed.
>
> Fixed in selinux-policy-3.6.32-59.fc12.noarch
>
> logrotate looking at /mnt/backup/mail/rawmail
> Looks like a local customization.

Thanks Daniel,

OK - I am running F11:
# rpm -qa | grep -i selinux-policy
selinux-policy-targeted-3.6.12-91.fc11.noarch
selinux-policy-3.6.12-91.fc11.noarch

Will there be a F11 version? (If so what version will it be in?)

In the meantime I should keep using my local policy I guess?...

Thanks again

Mark

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

signature.asc (204 bytes) Download Attachment

Re: Fedora 12 and unconfined_u sshdfilter

2009-12-15T00:55:59Z

On Mon, Dec 14, 2009 at 04:21:41PM -0800, David Highley wrote:

> "Dominick Grift wrote:"
> >
> >
> > --===============1862406356==
> > Content-Type: multipart/signed; micalg=pgp-sha1;
> > protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S"
> > Content-Disposition: inline
> >
> >
> > --AhhlLboLdkugWU4S
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> > > "Dominick Grift wrote:"
> > > >=20
> > > >=20
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D
> > > > Content-Type: multipart/signed; micalg=3Dpgp-sha1;
> > > > protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm"
> > > > Content-Disposition: inline
> > > >=20
> > > >=20
> > > > --uAKRQypu60I7Lcqm
> > > > Content-Type: text/plain; charset=3Dutf-8
> > > > Content-Disposition: inline
> > > > Content-Transfer-Encoding: quoted-printable
> > > >=20
> > > > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > > > James Carter wrote:
> > > > > >Dan's example used Refpolicy interfaces. Interfaces are very useful=
> > and
> > > > > >provide a better layer of abstraction, but they are just m4 macros,
> > > > > >which have always been used in SELinux policy.
> > > > > >
> > > > > >Interfaces should be used as much as possible, but it is not true th=
> > at
> > > > > >you can't mix the old and new ways.
> > > > >=3D20
> > > > > Mixing the plain rules and the m4 macros didn't work when I tried it =
> > - bu=3D
> > > > t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=
> > policy tut=3D
> > > > orial anywhere?
> > > >=20
> > > > I spend a little time today writing about the policy structure in Fedor=
> > a. M=3D
> > > > aybe it can help you or others:
> > > >=20
> > > > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=
> > Fedo=3D
> > > > ra_12.pdf
> > >=20
> > >=20
> > > Still have not mastered this one yet. Here is the policy file created by
> > > grep of /var/log/audit/audit.log file piped to audit2allow:
> > >=20
> > > module mysshdfilter 1.0;
> > >=20
> > > require {
> > > type var_run_t;
> > > type iptables_exec_t;
> > > type bin_t;
> > > type sshd_t;
> > > type iptables_t;
> > > class lnk_file read;
> > > class file { read getattr open execute execute_no_trans };
> > > class fifo_file { read write ioctl getattr };
> > > }
> > >=20
> > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=
> > =3D=3D=3D=3D=3D=3D=3D
> > > allow iptables_t bin_t:lnk_file read;
> > > allow iptables_t self:fifo_file { read write ioctl getattr };
> >
> > echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
> > echo "optional_policy(\`" >> newiptables.te
> > echo "gen_require(\'" >> newiptables.te
> > echo "type iptables_t;" >> newiptables.te
> > echo "')" >> newiptables.te
> > echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te
> > echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te
> > echo "')" >> newiptables.te
> >
> > make -f /usr/share/selinux/devel/Makefile newiptables.pp
> > sudo semodule -i newiptables.pp
> >
> > >=20
> > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=
> > =3D=3D=3D=3D=3D=3D
> > > allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
> >
> > echo "policy_module(newsshd, 1.0.0)" > newsshd.te
> > echo "optional_policy(\`" >> newsshd.te
> > echo "gen_require(\`" >> newsshd.te
> > echo "type sshd_t;" >> newsshd.te
> > echo "')" >> newsshd.te
> > echo "iptables_domtrans(sshd_t)" >> newsshd.te
> > echo "')" >> newsshd.te
> >
> > make -f /usr/share/selinux/devel/Makefile newsshd.pp
> > sudo semodule -i newsshd.pp
> >
> > > allow sshd_t var_run_t:file getattr;
> >
> > This one is a bit more complicated because i dont know for sure what create=
> > d it (in what context runs sshdfilter?)
> > >=20

The two policy modules above try to fix the avc denials above. if you do not have mysshdfilter.pp installed then there is no need to install it now. But we do need to find a solution for the remaining avc denial that either of the two enclosed policy modules above do not fix.

>
> I also ment to ask if all three policy; mysshdfilter.pp, newiptables.pp,
> and newsshd.pp; changes are needed?
>
> <trimmed audit log entries>
>
> > >=20
> > > > >=3D20
> > > > >=3D20
> > > > > Moray.
> > > > > "To err is human. To purr, feline"
> > > > >=3D20
> > > > >=3D20
> > > > > --
> > > > > fedora-selinux-list mailing list
> > > > > fedora-selinux-list@...
> > > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > >=20
> > > > --uAKRQypu60I7Lcqm
> > > > Content-Type: application/pgp-signature
> > > > Content-Disposition: inline
> > > >=20
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.4.10 (GNU/Linux)
> > > >=20
> > > > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > > > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > > > =3DtNuu
> > > > -----END PGP SIGNATURE-----
> > > >=20
> > > > --uAKRQypu60I7Lcqm--
> > > >=20
> > > >=20
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D
> > > > Content-Type: text/plain; charset=3D"us-ascii"
> > > > MIME-Version: 1.0
> > > > Content-Transfer-Encoding: 7bit
> > > > Content-Disposition: inline
> > > >=20
> > > > --
> > > > fedora-selinux-list mailing list
> > > > fedora-selinux-list@...
> > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D--
> > > >=20
> > >=20
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@...
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> > --AhhlLboLdkugWU4S
> > Content-Type: application/pgp-signature
> > Content-Disposition: inline
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> >
> > iEYEARECAAYFAksmrEAACgkQMlxVo39jgT/UPwCfexQ3gHxMcD3IFrFCeLSmqrQK
> > 1wQAn1TK0UM7xl0MqMFwQbeBb6qr+cst
> > =b5GU
> > -----END PGP SIGNATURE-----
> >
> > --AhhlLboLdkugWU4S--
> >
> >
> > --===============1862406356==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@...
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > --===============1862406356==--
> >
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

attachment0 (205 bytes) Download Attachment

Re: Fedora 12 and unconfined_u sshdfilter

2009-12-15T00:52:28Z

On Mon, Dec 14, 2009 at 04:50:15PM -0800, David Highley wrote:

> "David Highley wrote:"
> >
> > "Dominick Grift wrote:"
> > >
> > >
> > > --===============1862406356==
> > > Content-Type: multipart/signed; micalg=pgp-sha1;
> > > protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S"
> > > Content-Disposition: inline
> > >
> > >
> > > --AhhlLboLdkugWU4S
> > > Content-Type: text/plain; charset=us-ascii
> > > Content-Disposition: inline
> > > Content-Transfer-Encoding: quoted-printable
> > >
> > > On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> > > > "Dominick Grift wrote:"
> > > > >=20
> > > > >=20
> > > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D
> > > > > Content-Type: multipart/signed; micalg=3Dpgp-sha1;
> > > > > protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm"
> > > > > Content-Disposition: inline
> > > > >=20
> > > > >=20
> > > > > --uAKRQypu60I7Lcqm
> > > > > Content-Type: text/plain; charset=3Dutf-8
> > > > > Content-Disposition: inline
> > > > > Content-Transfer-Encoding: quoted-printable
> > > > >=20
> > > > > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > > > > James Carter wrote:
> > > > > > >Dan's example used Refpolicy interfaces. Interfaces are very useful=
> > > and
> > > > > > >provide a better layer of abstraction, but they are just m4 macros,
> > > > > > >which have always been used in SELinux policy.
> > > > > > >
> > > > > > >Interfaces should be used as much as possible, but it is not true th=
> > > at
> > > > > > >you can't mix the old and new ways.
> > > > > >=3D20
> > > > > > Mixing the plain rules and the m4 macros didn't work when I tried it =
> > > - bu=3D
> > > > > t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=
> > > policy tut=3D
> > > > > orial anywhere?
> > > > >=20
> > > > > I spend a little time today writing about the policy structure in Fedor=
> > > a. M=3D
> > > > > aybe it can help you or others:
> > > > >=20
> > > > > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=
> > > Fedo=3D
> > > > > ra_12.pdf
> > > >=20
> > > >=20
> > > > Still have not mastered this one yet. Here is the policy file created by
> > > > grep of /var/log/audit/audit.log file piped to audit2allow:
> > > >=20
> > > > module mysshdfilter 1.0;
> > > >=20
> > > > require {
> > > > type var_run_t;
> > > > type iptables_exec_t;
> > > > type bin_t;
> > > > type sshd_t;
> > > > type iptables_t;
> > > > class lnk_file read;
> > > > class file { read getattr open execute execute_no_trans };
> > > > class fifo_file { read write ioctl getattr };
> > > > }
> > > >=20
> > > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=
> > > =3D=3D=3D=3D=3D=3D=3D
> > > > allow iptables_t bin_t:lnk_file read;
> > > > allow iptables_t self:fifo_file { read write ioctl getattr };
> > >
> > > echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
> > > echo "optional_policy(\`" >> newiptables.te
> > > echo "gen_require(\'" >> newiptables.te
> > > echo "type iptables_t;" >> newiptables.te
> > > echo "')" >> newiptables.te
> > > echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te
> > > echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te
> > > echo "')" >> newiptables.te
> > >
> > > make -f /usr/share/selinux/devel/Makefile newiptables.pp
>
> Running the make for the above file ended up in an infinit loop
> outputing:
> myiptables.te:2: Warning: deprecated use of module name () as first
> parameter of optional_policy() block.

Theres a syntax error or two:

> > > echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
echo "policy_module(newiptables, 1.0.0)" > newiptables.te

> > > echo "gen_require(\'" >> newiptables.te
echo "gen_require(\`" >> newiptables.te

>
> > > sudo semodule -i newiptables.pp
> > >
> > > >=20
> > > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=
> > > =3D=3D=3D=3D=3D=3D
> > > > allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
> > >
> > > echo "policy_module(newsshd, 1.0.0)" > newsshd.te
> > > echo "optional_policy(\`" >> newsshd.te
> > > echo "gen_require(\`" >> newsshd.te
> > > echo "type sshd_t;" >> newsshd.te
> > > echo "')" >> newsshd.te
> > > echo "iptables_domtrans(sshd_t)" >> newsshd.te
> > > echo "')" >> newsshd.te
> > >
> > > make -f /usr/share/selinux/devel/Makefile newsshd.pp
> > > sudo semodule -i newsshd.pp
> > >
> > > > allow sshd_t var_run_t:file getattr;
> > >
> > > This one is a bit more complicated because i dont know for sure what create=
> > > d it (in what context runs sshdfilter?)
> > > >=20
> >
> > I also ment to ask if all three policy; mysshdfilter.pp, newiptables.pp,
> > and newsshd.pp; changes are needed?
> >
> > <trimmed audit log entries>
> >
> > > >=20
> > > > > >=3D20
> > > > > >=3D20
> > > > > > Moray.
> > > > > > "To err is human. To purr, feline"
> > > > > >=3D20
> > > > > >=3D20
> > > > > > --
> > > > > > fedora-selinux-list mailing list
> > > > > > fedora-selinux-list@...
> > > > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > > >=20
> > > > > --uAKRQypu60I7Lcqm
> > > > > Content-Type: application/pgp-signature
> > > > > Content-Disposition: inline
> > > > >=20
> > > > > -----BEGIN PGP SIGNATURE-----
> > > > > Version: GnuPG v1.4.10 (GNU/Linux)
> > > > >=20
> > > > > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > > > > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > > > > =3DtNuu
> > > > > -----END PGP SIGNATURE-----
> > > > >=20
> > > > > --uAKRQypu60I7Lcqm--
> > > > >=20
> > > > >=20
> > > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D
> > > > > Content-Type: text/plain; charset=3D"us-ascii"
> > > > > MIME-Version: 1.0
> > > > > Content-Transfer-Encoding: 7bit
> > > > > Content-Disposition: inline
> > > > >=20
> > > > > --
> > > > > fedora-selinux-list mailing list
> > > > > fedora-selinux-list@...
> > > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D--
> > > > >=20
> > > >=20
> > > > --
> > > > fedora-selinux-list mailing list
> > > > fedora-selinux-list@...
> > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >
> > > --AhhlLboLdkugWU4S
> > > Content-Type: application/pgp-signature
> > > Content-Disposition: inline
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.10 (GNU/Linux)
> > >
> > > iEYEARECAAYFAksmrEAACgkQMlxVo39jgT/UPwCfexQ3gHxMcD3IFrFCeLSmqrQK
> > > 1wQAn1TK0UM7xl0MqMFwQbeBb6qr+cst
> > > =b5GU
> > > -----END PGP SIGNATURE-----
> > >
> > > --AhhlLboLdkugWU4S--
> > >
> > >
> > > --===============1862406356==
> > > Content-Type: text/plain; charset="us-ascii"
> > > MIME-Version: 1.0
> > > Content-Transfer-Encoding: 7bit
> > > Content-Disposition: inline
> > >
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@...
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > --===============1862406356==--
> > >
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@...
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

attachment0 (205 bytes) Download Attachment

Re: Fedora 12 and unconfined_u sshdfilter

2009-12-14T16:50:15Z

"David Highley wrote:"

>
> "Dominick Grift wrote:"
> >
> >
> > --===============1862406356==
> > Content-Type: multipart/signed; micalg=pgp-sha1;
> > protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S"
> > Content-Disposition: inline
> >
> >
> > --AhhlLboLdkugWU4S
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> > > "Dominick Grift wrote:"
> > > >=20
> > > >=20
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D
> > > > Content-Type: multipart/signed; micalg=3Dpgp-sha1;
> > > > protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm"
> > > > Content-Disposition: inline
> > > >=20
> > > >=20
> > > > --uAKRQypu60I7Lcqm
> > > > Content-Type: text/plain; charset=3Dutf-8
> > > > Content-Disposition: inline
> > > > Content-Transfer-Encoding: quoted-printable
> > > >=20
> > > > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > > > James Carter wrote:
> > > > > >Dan's example used Refpolicy interfaces. Interfaces are very useful=
> > and
> > > > > >provide a better layer of abstraction, but they are just m4 macros,
> > > > > >which have always been used in SELinux policy.
> > > > > >
> > > > > >Interfaces should be used as much as possible, but it is not true th=
> > at
> > > > > >you can't mix the old and new ways.
> > > > >=3D20
> > > > > Mixing the plain rules and the m4 macros didn't work when I tried it =
> > - bu=3D
> > > > t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=
> > policy tut=3D
> > > > orial anywhere?
> > > >=20
> > > > I spend a little time today writing about the policy structure in Fedor=
> > a. M=3D
> > > > aybe it can help you or others:
> > > >=20
> > > > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=
> > Fedo=3D
> > > > ra_12.pdf
> > >=20
> > >=20
> > > Still have not mastered this one yet. Here is the policy file created by
> > > grep of /var/log/audit/audit.log file piped to audit2allow:
> > >=20
> > > module mysshdfilter 1.0;
> > >=20
> > > require {
> > > type var_run_t;
> > > type iptables_exec_t;
> > > type bin_t;
> > > type sshd_t;
> > > type iptables_t;
> > > class lnk_file read;
> > > class file { read getattr open execute execute_no_trans };
> > > class fifo_file { read write ioctl getattr };
> > > }
> > >=20
> > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=
> > =3D=3D=3D=3D=3D=3D=3D
> > > allow iptables_t bin_t:lnk_file read;
> > > allow iptables_t self:fifo_file { read write ioctl getattr };
> >
> > echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
> > echo "optional_policy(\`" >> newiptables.te
> > echo "gen_require(\'" >> newiptables.te
> > echo "type iptables_t;" >> newiptables.te
> > echo "')" >> newiptables.te
> > echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te
> > echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te
> > echo "')" >> newiptables.te
> >
> > make -f /usr/share/selinux/devel/Makefile newiptables.pp

Running the make for the above file ended up in an infinit loop
outputing:
myiptables.te:2: Warning: deprecated use of module name () as first
parameter of optional_policy() block.

> > sudo semodule -i newiptables.pp
> >
> > >=20
> > > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=
> > =3D=3D=3D=3D=3D=3D
> > > allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
> >
> > echo "policy_module(newsshd, 1.0.0)" > newsshd.te
> > echo "optional_policy(\`" >> newsshd.te
> > echo "gen_require(\`" >> newsshd.te
> > echo "type sshd_t;" >> newsshd.te
> > echo "')" >> newsshd.te
> > echo "iptables_domtrans(sshd_t)" >> newsshd.te
> > echo "')" >> newsshd.te
> >
> > make -f /usr/share/selinux/devel/Makefile newsshd.pp
> > sudo semodule -i newsshd.pp
> >
> > > allow sshd_t var_run_t:file getattr;
> >
> > This one is a bit more complicated because i dont know for sure what create=
> > d it (in what context runs sshdfilter?)
> > >=20
>
> I also ment to ask if all three policy; mysshdfilter.pp, newiptables.pp,
> and newsshd.pp; changes are needed?
>
> <trimmed audit log entries>
>
> > >=20
> > > > >=3D20
> > > > >=3D20
> > > > > Moray.
> > > > > "To err is human. To purr, feline"
> > > > >=3D20
> > > > >=3D20
> > > > > --
> > > > > fedora-selinux-list mailing list
> > > > > fedora-selinux-list@...
> > > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > >=20
> > > > --uAKRQypu60I7Lcqm
> > > > Content-Type: application/pgp-signature
> > > > Content-Disposition: inline
> > > >=20
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v1.4.10 (GNU/Linux)
> > > >=20
> > > > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > > > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > > > =3DtNuu
> > > > -----END PGP SIGNATURE-----
> > > >=20
> > > > --uAKRQypu60I7Lcqm--
> > > >=20
> > > >=20
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D
> > > > Content-Type: text/plain; charset=3D"us-ascii"
> > > > MIME-Version: 1.0
> > > > Content-Transfer-Encoding: 7bit
> > > > Content-Disposition: inline
> > > >=20
> > > > --
> > > > fedora-selinux-list mailing list
> > > > fedora-selinux-list@...
> > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D--
> > > >=20
> > >=20
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@...
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> > --AhhlLboLdkugWU4S
> > Content-Type: application/pgp-signature
> > Content-Disposition: inline
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> >
> > iEYEARECAAYFAksmrEAACgkQMlxVo39jgT/UPwCfexQ3gHxMcD3IFrFCeLSmqrQK
> > 1wQAn1TK0UM7xl0MqMFwQbeBb6qr+cst
> > =b5GU
> > -----END PGP SIGNATURE-----
> >
> > --AhhlLboLdkugWU4S--
> >
> >
> > --===============1862406356==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@...
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > --===============1862406356==--
> >
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Fedora 12 and unconfined_u sshdfilter

2009-12-14T16:21:41Z

"Dominick Grift wrote:"

>
>
> --===============1862406356==
> Content-Type: multipart/signed; micalg=pgp-sha1;
> protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S"
> Content-Disposition: inline
>
>
> --AhhlLboLdkugWU4S
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> > "Dominick Grift wrote:"
> > >=20
> > >=20
> > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D
> > > Content-Type: multipart/signed; micalg=3Dpgp-sha1;
> > > protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm"
> > > Content-Disposition: inline
> > >=20
> > >=20
> > > --uAKRQypu60I7Lcqm
> > > Content-Type: text/plain; charset=3Dutf-8
> > > Content-Disposition: inline
> > > Content-Transfer-Encoding: quoted-printable
> > >=20
> > > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > > James Carter wrote:
> > > > >Dan's example used Refpolicy interfaces. Interfaces are very useful=
> and
> > > > >provide a better layer of abstraction, but they are just m4 macros,
> > > > >which have always been used in SELinux policy.
> > > > >
> > > > >Interfaces should be used as much as possible, but it is not true th=
> at
> > > > >you can't mix the old and new ways.
> > > >=3D20
> > > > Mixing the plain rules and the m4 macros didn't work when I tried it =
> - bu=3D
> > > t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=
> policy tut=3D
> > > orial anywhere?
> > >=20
> > > I spend a little time today writing about the policy structure in Fedor=
> a. M=3D
> > > aybe it can help you or others:
> > >=20
> > > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=
> Fedo=3D
> > > ra_12.pdf
> >=20
> >=20
> > Still have not mastered this one yet. Here is the policy file created by
> > grep of /var/log/audit/audit.log file piped to audit2allow:
> >=20
> > module mysshdfilter 1.0;
> >=20
> > require {
> > type var_run_t;
> > type iptables_exec_t;
> > type bin_t;
> > type sshd_t;
> > type iptables_t;
> > class lnk_file read;
> > class file { read getattr open execute execute_no_trans };
> > class fifo_file { read write ioctl getattr };
> > }
> >=20
> > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D
> > allow iptables_t bin_t:lnk_file read;
> > allow iptables_t self:fifo_file { read write ioctl getattr };
>
> echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
> echo "optional_policy(\`" >> newiptables.te
> echo "gen_require(\'" >> newiptables.te
> echo "type iptables_t;" >> newiptables.te
> echo "')" >> newiptables.te
> echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te
> echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te
> echo "')" >> newiptables.te
>
> make -f /usr/share/selinux/devel/Makefile newiptables.pp
> sudo semodule -i newiptables.pp
>
> >=20
> > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D
> > allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
>
> echo "policy_module(newsshd, 1.0.0)" > newsshd.te
> echo "optional_policy(\`" >> newsshd.te
> echo "gen_require(\`" >> newsshd.te
> echo "type sshd_t;" >> newsshd.te
> echo "')" >> newsshd.te
> echo "iptables_domtrans(sshd_t)" >> newsshd.te
> echo "')" >> newsshd.te
>
> make -f /usr/share/selinux/devel/Makefile newsshd.pp
> sudo semodule -i newsshd.pp
>
> > allow sshd_t var_run_t:file getattr;
>
> This one is a bit more complicated because i dont know for sure what create=
> d it (in what context runs sshdfilter?)
> >=20

I also ment to ask if all three policy; mysshdfilter.pp, newiptables.pp,
and newsshd.pp; changes are needed?

<trimmed audit log entries>

> >=20
> > > >=3D20
> > > >=3D20
> > > > Moray.
> > > > "To err is human. To purr, feline"
> > > >=3D20
> > > >=3D20
> > > > --
> > > > fedora-selinux-list mailing list
> > > > fedora-selinux-list@...
> > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >=20
> > > --uAKRQypu60I7Lcqm
> > > Content-Type: application/pgp-signature
> > > Content-Disposition: inline
> > >=20
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.10 (GNU/Linux)
> > >=20
> > > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > > =3DtNuu
> > > -----END PGP SIGNATURE-----
> > >=20
> > > --uAKRQypu60I7Lcqm--
> > >=20
> > >=20
> > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D
> > > Content-Type: text/plain; charset=3D"us-ascii"
> > > MIME-Version: 1.0
> > > Content-Transfer-Encoding: 7bit
> > > Content-Disposition: inline
> > >=20
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@...
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D--
> > >=20
> >=20
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@...
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> --AhhlLboLdkugWU4S
> Content-Type: application/pgp-signature
> Content-Disposition: inline
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAksmrEAACgkQMlxVo39jgT/UPwCfexQ3gHxMcD3IFrFCeLSmqrQK
> 1wQAn1TK0UM7xl0MqMFwQbeBb6qr+cst
> =b5GU
> -----END PGP SIGNATURE-----
>
> --AhhlLboLdkugWU4S--
>
>
> --===============1862406356==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> --===============1862406356==--
>

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Fedora 12 and unconfined_u sshdfilter

2009-12-14T16:08:56Z

"Dominick Grift wrote:"

>
>
> --===============1736741946==
> Content-Type: multipart/signed; micalg=pgp-sha1;
> protocol="application/pgp-signature"; boundary="2B/JsCI69OhZNC5r"
> Content-Disposition: inline
>
>
> --2B/JsCI69OhZNC5r
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:
> > "Dominick Grift wrote:"
> > >=20
> > >=20
> > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D
> > > Content-Type: multipart/signed; micalg=3Dpgp-sha1;
> > > protocol=3D"application/pgp-signature"; boundary=3D"uAKRQypu60I7Lcqm"
> > > Content-Disposition: inline
> > >=20
> > >=20
> > > --uAKRQypu60I7Lcqm
> > > Content-Type: text/plain; charset=3Dutf-8
> > > Content-Disposition: inline
> > > Content-Transfer-Encoding: quoted-printable
> > >=20
> > > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > > James Carter wrote:
> > > > >Dan's example used Refpolicy interfaces. Interfaces are very useful=
> and
> > > > >provide a better layer of abstraction, but they are just m4 macros,
> > > > >which have always been used in SELinux policy.
> > > > >
> > > > >Interfaces should be used as much as possible, but it is not true th=
> at
> > > > >you can't mix the old and new ways.
> > > >=3D20
> > > > Mixing the plain rules and the m4 macros didn't work when I tried it =
> - bu=3D
> > > t perhaps I just wasn=3DE2=3D80=3D99t writing it right. Is there a Ref=
> policy tut=3D
> > > orial anywhere?
> > >=20
> > > I spend a little time today writing about the policy structure in Fedor=
> a. M=3D
> > > aybe it can help you or others:
> > >=20
> > > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_=
> Fedo=3D
> > > ra_12.pdf
> >=20
> >=20
> > Still have not mastered this one yet. Here is the policy file created by
> > grep of /var/log/audit/audit.log file piped to audit2allow:
> >=20
> > module mysshdfilter 1.0;
> >=20
> > require {
> > type var_run_t;
> > type iptables_exec_t;
> > type bin_t;
> > type sshd_t;
> > type iptables_t;
> > class lnk_file read;
> > class file { read getattr open execute execute_no_trans };
> > class fifo_file { read write ioctl getattr };
> > }
> >=20
> > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D iptables_t =3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D
> > allow iptables_t bin_t:lnk_file read;
> > allow iptables_t self:fifo_file { read write ioctl getattr };
> >=20
> > #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sshd_t =3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D
> > allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
>
>
> > allow sshd_t var_run_t:file getattr;
>
> Actually i think sshdfilter init script may have created it? Does it even h=
> ave an init script?

Sorry, I think I confused the issue a little. I dumped in all the audit
log entries related to the sshd filter wrapper script starting with no
policy changes. I thought it might help to find the right policy
changes.

The wrapper filter script does not have its own init script, we modify
the sshd init script to invoke the wrapper script instead of sshd. This
is some what bad in that package maintainers assume they can freely over
write the init scripts and not break a site.

>
> >=20
> >=20
> > The audit log entries are:
> > type=3DAVC msg=3Daudit(1259642932.902:7): avc: denied { execute } for =
> pid=3D1411 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D117=
> 98 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u:o=
> bject_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259642932.902:7): arch=3Dc000003e syscall=3D5=
> 9 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1562e28 a2=3D7fff837b3df0 =
> a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D1411 auid=3D4294967295 uid=3D=
> 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no=
> ne) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsyste=
> m_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259644707.700:73): avc: denied { execute } for =
> pid=3D1948 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11=
> 798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u:=
> object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259644707.700:73): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D15694c8 a2=3D7fff837b3df0=
> a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D1948 auid=3D4294967295 uid=
> =3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D=
> (none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsy=
> stem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259650605.247:84): avc: denied { execute } for =
> pid=3D2248 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11=
> 798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u:=
> object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259650605.247:84): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1567828 a2=3D7fff837b3df0=
> a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D2248 auid=3D4294967295 uid=
> =3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D=
> (none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsy=
> stem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259661894.420:113): avc: denied { execute } for=
> pid=3D2815 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1=
> 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u=
> :object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259661894.420:113): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1566e28 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D2815 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259667665.966:123): avc: denied { execute } for=
> pid=3D3724 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1=
> 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u=
> :object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259667665.966:123): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D15699d8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D3724 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259671660.048:131): avc: denied { execute } for=
> pid=3D3920 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1=
> 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u=
> :object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259671660.048:131): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1565778 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D3920 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259673411.553:758): avc: denied { execute } for=
> pid=3D4558 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D1=
> 1798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_u=
> :object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259673411.553:758): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1569af8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D4558 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259679153.568:1267): avc: denied { execute } fo=
> r pid=3D5170 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259679153.568:1267): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1566a68 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D5170 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259682588.736:1315): avc: denied { execute } fo=
> r pid=3D5540 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259682588.736:1315): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1565778 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D5540 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259684861.197:1344): avc: denied { execute } fo=
> r pid=3D5745 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259684861.197:1344): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a478 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D5745 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259690558.951:1388): avc: denied { execute } fo=
> r pid=3D6161 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259690558.951:1388): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D15667a8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D6161 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259702647.573:1433): avc: denied { execute } fo=
> r pid=3D6829 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259702647.573:1433): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156b4d8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D6829 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259708100.231:1441): avc: denied { execute } fo=
> r pid=3D7085 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259708100.231:1441): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a0b8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D7085 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259708922.953:1450): avc: denied { execute } fo=
> r pid=3D7153 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259708922.953:1450): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a6a8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D7153 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259713257.803:1545): avc: denied { execute } fo=
> r pid=3D7492 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259713257.803:1545): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a4a8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D7492 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259721513.893:1732): avc: denied { execute } fo=
> r pid=3D8097 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259721513.893:1732): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a5d8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D8097 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259730724.196:1790): avc: denied { execute } fo=
> r pid=3D8689 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259730724.196:1790): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1569718 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D8689 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259730728.123:1793): avc: denied { execute } fo=
> r pid=3D8699 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259730728.123:1793): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D1566778 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D8699 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259747840.157:1835): avc: denied { execute } fo=
> r pid=3D9575 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D=
> 11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsystem_=
> u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259747840.157:1835): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156ba78 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D9575 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259760819.408:1863): avc: denied { execute } fo=
> r pid=3D10840 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsyst=
> em_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259760819.408:1863): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff837b36b8 a1=3D156a4a8 a2=3D7fff837b3=
> df0 a3=3D7fff837b3500 items=3D0 ppid=3D1402 pid=3D10840 auid=3D4294967295 u=
> id=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259762576.442:1887): avc: denied { execute } fo=
> r pid=3D11067 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259762576.442:1887): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd4d5a8 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D11067 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259767362.673:1896): avc: denied { execute } fo=
> r pid=3D11318 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259767362.673:1896): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd54088 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D11318 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259773905.214:1967): avc: denied { execute } fo=
> r pid=3D11922 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259773905.214:1967): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd54868 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D11922 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259780362.196:1977): avc: denied { execute } fo=
> r pid=3D12215 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259780362.196:1977): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd50af8 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12215 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259780393.314:1979): avc: denied { execute } fo=
> r pid=3D12219 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259780393.314:1979): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd50af8 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12219 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259785085.323:2012): avc: denied { execute } fo=
> r pid=3D12568 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259785085.323:2012): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd521b8 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12568 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259786872.756:2015): avc: denied { execute } fo=
> r pid=3D12645 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259786872.756:2015): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd53568 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D12645 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259795695.936:2052): avc: denied { execute } fo=
> r pid=3D13127 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259795695.936:2052): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffb91649e8 a1=3Dd52e38 a2=3D7fffb91651=
> 20 a3=3D7fffb9164830 items=3D0 ppid=3D11058 pid=3D13127 auid=3D1000 uid=3D0=
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(non=
> e) ses=3D47 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802506.518:3031): avc: denied { getattr } fo=
> r pid=3D11058 comm=3D"sshdfilter" path=3D"/var/run/sshdfilter.pid.SSHD" de=
> v=3Ddm-0 ino=3D12538 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023=
> tcontext=3Dsystem_u:object_r:var_run_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259802506.518:3031): arch=3Dc000003e syscall=
> =3D6 success=3Dno exit=3D-13 a0=3Dd4a128 a1=3Da0d0a0 a2=3Da0d0a0 a3=3D7fffb=
> 9164bb0 items=3D0 ppid=3D1 pid=3D11058 auid=3D1000 uid=3D0 gid=3D0 euid=3D0=
> suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D47 comm=
> =3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:sshd_t:s=
> 0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.332:7): avc: denied { ioctl } for pi=
> d=3D1435 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D11021=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.332:7): arch=3Dc000003e syscall=3D1=
> 6 success=3Dyes exit=3D128 a0=3D3 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 items=
> =3D0 ppid=3D1431 pid=3D1435 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=
> =3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 co=
> mm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t=
> :s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.340:8): avc: denied { ioctl } for pi=
> d=3D1435 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D11021=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.340:8): arch=3Dc000003e syscall=3D1=
> 6 success=3Dyes exit=3D128 a0=3D4 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 items=
> =3D0 ppid=3D1431 pid=3D1435 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=
> =3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 co=
> mm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t=
> :s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.342:9): avc: denied { ioctl } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11031]" dev=3Dpipefs ino=3D11031=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DAVC msg=3Daudit(1259802888.343:10): avc: denied { read } for pi=
> d=3D1435 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D11021=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.343:10): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D3 a1=3Deb06e8 a2=3D1000 a3=3D0 items=3D0 pp=
> id=3D1431 pid=3D1435 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs=
> uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=
> =3D(null)
> > type=3DSYSCALL msg=3Daudit(1259802888.342:9): arch=3Dc000003e syscall=3D1=
> 6 success=3Dyes exit=3D128 a0=3D5 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 items=
> =3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=
> =3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 co=
> mm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t=
> :s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.347:11): avc: denied { ioctl } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11031]" dev=3Dpipefs ino=3D1103=
> 1 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.347:11): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D6 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.350:12): avc: denied { read } for pi=
> d=3D1439 comm=3D"sshdfilter" path=3D"pipe:[11031]" dev=3Dpipefs ino=3D11031=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.350:12): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D5 a1=3Deb0f18 a2=3D1000 a3=3D0 items=3D0 pp=
> id=3D1438 pid=3D1439 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs=
> uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=
> =3D(null)
> > type=3DAVC msg=3Daudit(1259802888.360:13): avc: denied { read } for pi=
> d=3D1440 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D=
> system_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_t:s0 tclas=
> s=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259802888.360:13): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fd1ef909e0f a1=3D7fffa884e9b0 a2=3D7fffa88=
> 511c0 a3=3D7fffa88507d0 items=3D0 ppid=3D1438 pid=3D1440 auid=3D4294967295 =
> uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.364:14): avc: denied { write } for p=
> id=3D1440 comm=3D"sshdfilter" path=3D"pipe:[11043]" dev=3Dpipefs ino=3D1104=
> 3 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.364:14): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3Da a1=3D7fffa8850a0c a2=3D4 a3=3D7fffa885079=
> 0 items=3D0 ppid=3D1438 pid=3D1440 auid=3D4294967295 uid=3D0 gid=3D0 euid=
> =3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294=
> 967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:i=
> ptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.367:15): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11043]" dev=3Dpipefs ino=3D11043=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.367:15): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D9 a1=3D7fffa8850ccc a2=3D4 a3=3Db73830 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.367:16): avc: denied { ioctl } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11042]" dev=3Dpipefs ino=3D1104=
> 2 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.367:16): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7fffa8850a20 a3=3D60 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.367:17): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11042]" dev=3Dpipefs ino=3D11042=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.367:17): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3Deb1168 a2=3D1000 a3=3D0 items=3D0 pp=
> id=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs=
> uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=
> =3D(null)
> > type=3DAVC msg=3Daudit(1259802888.375:18): avc: denied { read } for pi=
> d=3D1441 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D=
> system_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_t:s0 tclas=
> s=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259802888.375:18): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fd1ef909e0f a1=3D7fffa884e9b0 a2=3D7fffa88=
> 511c0 a3=3D7fffa88507d0 items=3D0 ppid=3D1438 pid=3D1441 auid=3D4294967295 =
> uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.375:19): avc: denied { write } for p=
> id=3D1441 comm=3D"sshdfilter" path=3D"pipe:[11045]" dev=3Dpipefs ino=3D1104=
> 5 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.375:19): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3Da a1=3D7fffa8850a0c a2=3D4 a3=3D8 items=3D0=
> ppid=3D1438 pid=3D1441 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0=
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=
> =3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s=
> 0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.378:20): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11045]" dev=3Dpipefs ino=3D11045=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.378:20): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D9 a1=3D7fffa8850ccc a2=3D4 a3=3D7fd1ef2e39d=
> 0 items=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=
> =3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294=
> 967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:i=
> ptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.378:21): avc: denied { ioctl } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11044]" dev=3Dpipefs ino=3D1104=
> 4 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.378:21): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7fffa8850a20 a3=3D60 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.378:22): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11044]" dev=3Dpipefs ino=3D11044=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.378:22): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3Deb2878 a2=3D1000 a3=3D0 items=3D0 pp=
> id=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs=
> uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=
> =3D(null)
> > type=3DAVC msg=3Daudit(1259802888.379:23): avc: denied { ioctl } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D1104=
> 6 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.379:23): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.379:24): avc: denied { ioctl } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D1104=
> 6 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.379:24): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D8 a1=3D5401 a2=3D7fffa8850c80 a3=3D60 item=
> s=3D0 ppid=3D1435 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.384:25): avc: denied { ioctl } for p=
> id=3D1442 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D1104=
> 6 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.384:25): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D4 a1=3D5401 a2=3D7fffa8850ba0 a3=3D60 item=
> s=3D0 ppid=3D1438 pid=3D1442 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 c=
> omm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_=
> t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802888.384:26): avc: denied { getattr } for =
> pid=3D1442 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D11=
> 046 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r=
> :iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802888.384:26): arch=3Dc000003e syscall=3D=
> 5 success=3Dyes exit=3D128 a0=3D4 a1=3Db730a0 a2=3Db730a0 a3=3D0 items=3D0 =
> ppid=3D1438 pid=3D1442 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D=
> "sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 k=
> ey=3D(null)
> > type=3DAVC msg=3Daudit(1259802889.381:27): avc: denied { read } for pi=
> d=3D1494 comm=3D"sshdfilter" name=3D"iptables" dev=3Ddm-0 ino=3D11793 scont=
> ext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_t:s0=
> tclass=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259802889.381:27): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fffa8850a88 a1=3Deb31c8 a2=3D7fffa88511c0 =
> a3=3D7fffa88508d0 items=3D0 ppid=3D1438 pid=3D1494 auid=3D4294967295 uid=3D=
> 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no=
> ne) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsyste=
> m_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802889.382:28): avc: denied { write } for p=
> id=3D1494 comm=3D"sshdfilter" path=3D"pipe:[11397]" dev=3Dpipefs ino=3D1139=
> 7 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802889.382:28): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3D9 a1=3D7fffa8850b0c a2=3D4 a3=3D8 items=3D0=
> ppid=3D1438 pid=3D1494 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0=
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=
> =3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s=
> 0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259802889.385:29): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11397]" dev=3Dpipefs ino=3D11397=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802889.385:29): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D8 a1=3D7fffa8850f18 a2=3D4 a3=3D8 items=3D0=
> ppid=3D1 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fs=
> uid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=
> =3D(null)
> > type=3DAVC msg=3Daudit(1259802889.388:30): avc: denied { write } for p=
> id=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11021]" dev=3Dpipefs ino=3D1102=
> 1 scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:i=
> ptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802889.388:30): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3D4 a1=3Deb3248 a2=3D9 a3=3D0 items=3D0 ppid=
> =3D1 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"sshd=
> filter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259802889.390:31): avc: denied { read } for pi=
> d=3D1438 comm=3D"sshdfilter" path=3D"pipe:[11046]" dev=3Dpipefs ino=3D11046=
> scontext=3Dsystem_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:system_r:ip=
> tables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259802889.390:31): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3Deb3568 a2=3D400 a3=3Db73010 items=3D=
> 0 ppid=3D1 pid=3D1438 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 f=
> suid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D4294967295 comm=3D"=
> sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:iptables_t:s0 ke=
> y=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.790:43): avc: denied { ioctl } for p=
> id=3D2329 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D2449=
> 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.790:43): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D4294967424 a0=3D3 a1=3D5401 a2=3D7ffffc393e40 a3=3D=
> 60 items=3D0 ppid=3D2323 pid=3D2329 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su=
> id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3Dpts0 ses=3D1 comm=3D"ssh=
> dfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 k=
> ey=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.795:44): avc: denied { ioctl } for p=
> id=3D2329 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D2449=
> 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.795:44): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D4294967424 a0=3D4 a1=3D5401 a2=3D7ffffc393e40 a3=3D=
> 60 items=3D0 ppid=3D2323 pid=3D2329 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su=
> id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3Dpts0 ses=3D1 comm=3D"ssh=
> dfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 k=
> ey=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.798:45): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24509]" dev=3Dpipefs ino=3D2450=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DAVC msg=3Daudit(1259803042.801:46): avc: denied { read } for pi=
> d=3D2329 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D24498=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.801:46): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D3 a1=3D104fb28 a2=3D1000 a3=3D0 items=3D0 p=
> pid=3D2323 pid=3D2329 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3Dpts0 ses=3D1 comm=3D"sshdfilter" exe=
> =3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DSYSCALL msg=3Daudit(1259803042.798:45): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D4294967424 a0=3D5 a1=3D5401 a2=3D7ffffc393e40 a3=3D=
> 60 items=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su=
> id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0=
> key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.804:47): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24509]" dev=3Dpipefs ino=3D2450=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.804:47): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D4294967424 a0=3D6 a1=3D5401 a2=3D7ffffc393e40 a3=3D=
> 60 items=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 su=
> id=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"s=
> shdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0=
> key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.806:48): avc: denied { read } for pi=
> d=3D2333 comm=3D"sshdfilter" path=3D"pipe:[24509]" dev=3Dpipefs ino=3D24509=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DAVC msg=3Daudit(1259803042.812:49): avc: denied { read } for pi=
> d=3D2334 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D=
> unconfined_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_t:s0 t=
> class=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259803042.806:48): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D4294967424 a0=3D5 a1=3D1050268 a2=3D1000 a3=3D0 item=
> s=3D0 ppid=3D2332 pid=3D2333 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.816:50): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24516]" dev=3Dpipefs ino=3D24516=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.812:49): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fceba680e0f a1=3D7ffffc391b70 a2=3D7ffffc3=
> 94380 a3=3D7ffffc393990 items=3D0 ppid=3D2332 pid=3D2334 auid=3D1000 uid=3D=
> 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no=
> ne) ses=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.816:51): avc: denied { write } for p=
> id=3D2334 comm=3D"sshdfilter" path=3D"pipe:[24516]" dev=3Dpipefs ino=3D2451=
> 6 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.816:51): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3Da a1=3D7ffffc393bcc a2=3D4 a3=3D7ffffc39395=
> 0 items=3D0 ppid=3D2332 pid=3D2334 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"ss=
> hdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 =
> key=3D(null)
> > type=3DSYSCALL msg=3Daudit(1259803042.816:50): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D9 a1=3D7ffffc393e8c a2=3D4 a3=3Dd13830 item=
> s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.818:52): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24515]" dev=3Dpipefs ino=3D2451=
> 5 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.818:52): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7ffffc393be0 a3=3D60 item=
> s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.818:53): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24515]" dev=3Dpipefs ino=3D24515=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.818:53): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3D10504b8 a2=3D1000 a3=3D0 items=3D0 p=
> pid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e=
> xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.823:54): avc: denied { read } for pi=
> d=3D2335 comm=3D"sshdfilter" name=3D"sh" dev=3Ddm-0 ino=3D10258 scontext=3D=
> unconfined_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_t:s0 t=
> class=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259803042.823:54): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fceba680e0f a1=3D7ffffc391b70 a2=3D7ffffc3=
> 94380 a3=3D7ffffc393990 items=3D0 ppid=3D2332 pid=3D2335 auid=3D1000 uid=3D=
> 0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(no=
> ne) ses=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:s=
> ystem_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.823:55): avc: denied { write } for p=
> id=3D2335 comm=3D"sshdfilter" path=3D"pipe:[24518]" dev=3Dpipefs ino=3D2451=
> 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.823:55): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3Da a1=3D7ffffc393bcc a2=3D4 a3=3D8 items=3D0=
> ppid=3D2332 pid=3D2335 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e=
> xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.828:56): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24518]" dev=3Dpipefs ino=3D24518=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.828:56): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D9 a1=3D7ffffc393e8c a2=3D4 a3=3D7fceba05a9d=
> 0 items=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 sui=
> d=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"ss=
> hdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 =
> key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.828:57): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24517]" dev=3Dpipefs ino=3D2451=
> 7 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.828:57): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7ffffc393be0 a3=3D60 item=
> s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.828:58): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24517]" dev=3Dpipefs ino=3D24517=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.828:58): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3D1051cc8 a2=3D1000 a3=3D0 items=3D0 p=
> pid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e=
> xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803042.833:59): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D2451=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.833:59): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D7 a1=3D5401 a2=3D7ffffc393e40 a3=3D60 item=
> s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.833:60): avc: denied { ioctl } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D2451=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.833:60): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D8 a1=3D5401 a2=3D7ffffc393e40 a3=3D60 item=
> s=3D0 ppid=3D2329 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.834:61): avc: denied { ioctl } for p=
> id=3D2336 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D2451=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.834:61): arch=3Dc000003e syscall=3D=
> 16 success=3Dyes exit=3D128 a0=3D4 a1=3D5401 a2=3D7ffffc393d60 a3=3D60 item=
> s=3D0 ppid=3D2332 pid=3D2336 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 =
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilt=
> er" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D=
> (null)
> > type=3DAVC msg=3Daudit(1259803042.836:62): avc: denied { getattr } for =
> pid=3D2336 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D24=
> 519 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:=
> system_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803042.836:62): arch=3Dc000003e syscall=3D=
> 5 success=3Dyes exit=3D128 a0=3D4 a1=3Dd130a0 a2=3Dd130a0 a3=3D0 items=3D0 =
> ppid=3D2332 pid=3D2336 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e=
> xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803043.839:63): avc: denied { read } for pi=
> d=3D2338 comm=3D"sshdfilter" name=3D"iptables" dev=3Ddm-0 ino=3D11793 scont=
> ext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dsystem_u:object_r:bin_=
> t:s0 tclass=3Dlnk_file
> > type=3DSYSCALL msg=3Daudit(1259803043.839:63): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7ffffc393c48 a1=3D1052638 a2=3D7ffffc394380=
> a3=3D7ffffc393a90 items=3D0 ppid=3D2332 pid=3D2338 auid=3D1000 uid=3D0 gid=
> =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s=
> es=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system=
> _r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803043.840:64): avc: denied { write } for p=
> id=3D2338 comm=3D"sshdfilter" path=3D"pipe:[24549]" dev=3Dpipefs ino=3D2454=
> 9 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803043.840:64): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3D9 a1=3D7ffffc393ccc a2=3D4 a3=3D8 items=3D0=
> ppid=3D2332 pid=3D2338 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=
> =3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" e=
> xe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803043.844:65): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24549]" dev=3Dpipefs ino=3D24549=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803043.844:65): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D8 a1=3D7ffffc3940d8 a2=3D4 a3=3D8 items=3D0=
> ppid=3D1 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D=
> 0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" exe=
> =3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803043.845:66): avc: denied { write } for p=
> id=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24498]" dev=3Dpipefs ino=3D2449=
> 8 scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sy=
> stem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803043.845:66): arch=3Dc000003e syscall=3D=
> 1 success=3Dyes exit=3D128 a0=3D4 a1=3D10526b8 a2=3D9 a3=3D0 items=3D0 ppid=
> =3D1 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egi=
> d=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" exe=3D"/u=
> sr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(null)
> > type=3DAVC msg=3Daudit(1259803043.849:67): avc: denied { read } for pi=
> d=3D2332 comm=3D"sshdfilter" path=3D"pipe:[24519]" dev=3Dpipefs ino=3D24519=
> scontext=3Dunconfined_u:system_r:iptables_t:s0 tcontext=3Dunconfined_u:sys=
> tem_r:iptables_t:s0 tclass=3Dfifo_file
> > type=3DSYSCALL msg=3Daudit(1259803043.849:67): arch=3Dc000003e syscall=3D=
> 0 success=3Dyes exit=3D128 a0=3D7 a1=3D10529d8 a2=3D400 a3=3Dd13010 items=
> =3D0 ppid=3D1 pid=3D2332 auid=3D1000 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsui=
> d=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D1 comm=3D"sshdfilter" =
> exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system_r:iptables_t:s0 key=3D(nul=
> l)
> > type=3DAVC msg=3Daudit(1259803128.077:69): avc: denied { execute } for =
> pid=3D2422 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11=
> 798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsyste=
> m_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259803128.077:69): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fff14469168 a1=3D1c20208 a2=3D7fff144698a0=
> a3=3D7fff14468fb0 items=3D0 ppid=3D2413 pid=3D2422 auid=3D1000 uid=3D0 gid=
> =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s=
> es=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system=
> _r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259806154.170:82): avc: denied { execute } for =
> pid=3D2653 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=3D11=
> 798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsyste=
> m_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259806154.170:82): arch=3Dc000003e syscall=3D=
> 59 success=3Dno exit=3D-13 a0=3D7fff14469168 a1=3D1c267e8 a2=3D7fff144698a0=
> a3=3D7fff14468fb0 items=3D0 ppid=3D2413 pid=3D2653 auid=3D1000 uid=3D0 gid=
> =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s=
> es=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system=
> _r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259812687.066:113): avc: denied { read open } f=
> or pid=3D3074 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259812687.066:113): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff14469168 a1=3D1c26a88 a2=3D7fff14469=
> 8a0 a3=3D7fff14468fb0 items=3D0 ppid=3D2413 pid=3D3074 auid=3D1000 uid=3D0 =
> gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none=
> ) ses=3D1 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:sys=
> tem_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259816690.197:196): avc: denied { read open } f=
> or pid=3D3631 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259816690.197:196): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D24095a8 a2=3D7fff15c5a=
> fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D3631 auid=3D0 uid=3D0 gid=
> =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s=
> es=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system=
> _r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259819529.773:214): avc: denied { read open } f=
> or pid=3D3827 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259819529.773:214): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D2410198 a2=3D7fff15c5a=
> fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D3827 auid=3D0 uid=3D0 gid=
> =3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) s=
> es=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:system=
> _r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259899887.509:471): avc: denied { read open } f=
> or pid=3D11794 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259899887.509:471): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D2410198 a2=3D7fff15c5a=
> fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D11794 auid=3D0 uid=3D0 gi=
> d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) =
> ses=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syste=
> m_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259899890.409:475): avc: denied { read open } f=
> or pid=3D11799 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259899890.409:475): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff15c5a888 a1=3D2410548 a2=3D7fff15c5a=
> fc0 a3=3D7fff15c5a6d0 items=3D0 ppid=3D3622 pid=3D11799 auid=3D0 uid=3D0 gi=
> d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) =
> ses=3D9 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syste=
> m_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1259899950.600:483): avc: denied { read open } f=
> or pid=3D11860 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1259899950.600:483): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff9722f198 a1=3Df6e208 a2=3D7fff9722f8=
> d0 a3=3D7fff9722efe0 items=3D0 ppid=3D11851 pid=3D11860 auid=3D0 uid=3D0 gi=
> d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) =
> ses=3D44 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syst=
> em_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1260146847.427:1066): avc: denied { read open } =
> for pid=3D28420 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1260146847.427:1066): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff9722f198 a1=3Df71c88 a2=3D7fff9722f8=
> d0 a3=3D7fff9722efe0 items=3D0 ppid=3D11851 pid=3D28420 auid=3D0 uid=3D0 gi=
> d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) =
> ses=3D44 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syst=
> em_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1260146850.722:1070): avc: denied { read open } =
> for pid=3D28428 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 ino=
> =3D11798 scontext=3Dunconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3D=
> system_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1260146850.722:1070): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff9722f198 a1=3Df72a28 a2=3D7fff9722f8=
> d0 a3=3D7fff9722efe0 items=3D0 ppid=3D11851 pid=3D28428 auid=3D0 uid=3D0 gi=
> d=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) =
> ses=3D44 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dunconfined_u:syst=
> em_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1260500225.789:25455): avc: denied { read open }=
> for pid=3D21350 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 in=
> o=3D11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsys=
> tem_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1260500225.789:25455): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff032b96b8 a1=3Dbdbd18 a2=3D7fff032b9d=
> f0 a3=3D7fff032b9500 items=3D0 ppid=3D1441 pid=3D21350 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1260500228.740:25459): avc: denied { read open }=
> for pid=3D21355 comm=3D"sshdfilter" name=3D"iptables-multi" dev=3Ddm-0 in=
> o=3D11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=3Dsys=
> tem_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1260500228.740:25459): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fff032b96b8 a1=3Dbddc38 a2=3D7fff032b9d=
> f0 a3=3D7fff032b9500 items=3D0 ppid=3D1441 pid=3D21355 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1260500358.675:25470): avc: denied { getattr } f=
> or pid=3D1441 comm=3D"sshdfilter" path=3D"/var/run/sshdfilter.pid.SSHD" de=
> v=3Ddm-0 ino=3D10948 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 tco=
> ntext=3Dsystem_u:object_r:var_run_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1260500358.675:25470): arch=3Dc000003e syscall=
> =3D6 success=3Dno exit=3D-13 a0=3Dbd5dd8 a1=3D8980a0 a2=3D8980a0 a3=3D7fff0=
> 32b9880 items=3D0 ppid=3D1 pid=3D1441 auid=3D4294967295 uid=3D0 gid=3D0 eui=
> d=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=3D(none) ses=3D429=
> 4967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=3Dsystem_u:system_r:=
> sshd_t:s0-s0:c0.c1023 key=3D(null)
> > type=3DAVC msg=3Daudit(1260809448.592:28614): avc: denied { execute_no_=
> trans } for pid=3D23422 comm=3D"sshdfilter" path=3D"/sbin/iptables-multi" =
> dev=3Ddm-0 ino=3D11798 scontext=3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 t=
> context=3Dsystem_u:object_r:iptables_exec_t:s0 tclass=3Dfile
> > type=3DSYSCALL msg=3Daudit(1260809448.592:28614): arch=3Dc000003e syscall=
> =3D59 success=3Dno exit=3D-13 a0=3D7fffc0880288 a1=3De0c508 a2=3D7fffc08809=
> c0 a3=3D7fffc08800d0 items=3D0 ppid=3D1432 pid=3D23422 auid=3D4294967295 ui=
> d=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 tty=
> =3D(none) ses=3D4294967295 comm=3D"sshdfilter" exe=3D"/usr/bin/perl" subj=
> =3Dsystem_u:system_r:sshd_t:s0-s0:c0.c1023 key=3D(null)
> >=20
> > > >=3D20
> > > >=3D20
> > > > Moray.
> > > > "To err is human. To purr, feline"
> > > >=3D20
> > > >=3D20
> > > > --
> > > > fedora-selinux-list mailing list
> > > > fedora-selinux-list@...
> > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >=20
> > > --uAKRQypu60I7Lcqm
> > > Content-Type: application/pgp-signature
> > > Content-Disposition: inline
> > >=20
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.10 (GNU/Linux)
> > >=20
> > > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > > =3DtNuu
> > > -----END PGP SIGNATURE-----
> > >=20
> > > --uAKRQypu60I7Lcqm--
> > >=20
> > >=20
> > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D
> > > Content-Type: text/plain; charset=3D"us-ascii"
> > > MIME-Version: 1.0
> > > Content-Transfer-Encoding: 7bit
> > > Content-Disposition: inline
> > >=20
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@...
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > --=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D0725889959=3D=3D--
> > >=20
> >=20
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@...
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> --2B/JsCI69OhZNC5r
> Content-Type: application/pgp-signature
> Content-Disposition: inline
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAksmr6kACgkQMlxVo39jgT9jLQCghHyybd+FAVhKuaco96Y0PkNV
> VlcAnjcN8KmKKFlL5jFAWI5/US7VJmoB
> =HL4+
> -----END PGP SIGNATURE-----
>
> --2B/JsCI69OhZNC5r--
>
>
> --===============1736741946==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> --===============1736741946==--
>

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

RE: how to restrict a SOCK_RAW by interface

2009-12-14T14:56:27Z

RE: how to restrict a SOCK_RAW by interface

Hello,

Thanks for the hint, However it does not solve my problem I still can read from eth0.

I did have to add allow rules for netif_t:netif but my policy still does not allow iface_test_t.

James

-----Original Message-----
From: Stephen Smalley [sds@...]
Sent: Mon 12/14/2009 1:49 PM
To: Cernak, James E (IS)
Cc: fedora-selinux-list@...
Subject: Re: how to restrict a SOCK_RAW by interface

On Mon, 2009-12-14 at 13:29 -0600, Cernak, James E (IS) wrote:
> Hello,
>
> I am trying to restrict an application to using only some interfaces
> on the system. I have defined a new type and assigned the interface on
> my RHEL5.4-x64 system to the new type with semanage. The system
> indicates that the interface is now configured.
>      # semanage interface -l
>      SELinux Interface              Context
>
>      eth1                           system_u:object_r:iface_test_t:s0
> This does restrict applications like tcpdump or wireshark from listing
> the interface that was configured.
>      # tcpdump -D
>      1.peth0
>      2.virbr0
>      3.vif0.0
>      4.eth0
>      5.xenbr0
>      6.eth2
>      7.eth3
>      8.any (Pseudo-device that captures on all interfaces)
>      9.lo
>
> My problem comes that my application can still open eth1 and read and
> write packets to this interface.
> The application is opening a socket as SOCK_RAW then binding with a
> struct sockaddr_LL that has the ssll_ifindex field configured with the
> index of ETH1.
> How do I write a selinux policy to restrict this application from
> using some interfaces.
>

In RHEL5 (Linux 2.6.18), you might need to enable compat_net (echo 1
> /selinux/compat_net or boot with selinux_compat_net=1 on the kernel
command line).

--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Fedora 12 and unconfined_u sshdfilter

2009-12-14T13:35:39Z

On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:

> "Dominick Grift wrote:"
> >
> >
> > --===============0725889959==
> > Content-Type: multipart/signed; micalg=pgp-sha1;
> > protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm"
> > Content-Disposition: inline
> >
> >
> > --uAKRQypu60I7Lcqm
> > Content-Type: text/plain; charset=utf-8
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > > James Carter wrote:
> > > >Dan's example used Refpolicy interfaces. Interfaces are very useful and
> > > >provide a better layer of abstraction, but they are just m4 macros,
> > > >which have always been used in SELinux policy.
> > > >
> > > >Interfaces should be used as much as possible, but it is not true that
> > > >you can't mix the old and new ways.
> > >=20
> > > Mixing the plain rules and the m4 macros didn't work when I tried it - bu=
> > t perhaps I just wasn=E2=80=99t writing it right. Is there a Refpolicy tut=
> > orial anywhere?
> >
> > I spend a little time today writing about the policy structure in Fedora. M=
> > aybe it can help you or others:
> >
> > http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_Fedo=
> > ra_12.pdf
>
>
> Still have not mastered this one yet. Here is the policy file created by
> grep of /var/log/audit/audit.log file piped to audit2allow:
>
> module mysshdfilter 1.0;
>
> require {
> type var_run_t;
> type iptables_exec_t;
> type bin_t;
> type sshd_t;
> type iptables_t;
> class lnk_file read;
> class file { read getattr open execute execute_no_trans };
> class fifo_file { read write ioctl getattr };
> }
>
> #============= iptables_t ==============
> allow iptables_t bin_t:lnk_file read;
> allow iptables_t self:fifo_file { read write ioctl getattr };
>
> #============= sshd_t ==============
> allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };

> allow sshd_t var_run_t:file getattr;

Actually i think sshdfilter init script may have created it? Does it even have an init script?

>
>
> The audit log entries are:
> type=AVC msg=audit(1259642932.902:7): avc: denied { execute } for pid=1411 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259642932.902:7): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1562e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259644707.700:73): avc: denied { execute } for pid=1948 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259644707.700:73): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15694c8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1948 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259650605.247:84): avc: denied { execute } for pid=2248 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259650605.247:84): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1567828 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2248 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259661894.420:113): avc: denied { execute } for pid=2815 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259661894.420:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259667665.966:123): avc: denied { execute } for pid=3724 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259667665.966:123): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15699d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259671660.048:131): avc: denied { execute } for pid=3920 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259671660.048:131): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3920 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259673411.553:758): avc: denied { execute } for pid=4558 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259673411.553:758): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569af8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=4558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259679153.568:1267): avc: denied { execute } for pid=5170 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259679153.568:1267): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566a68 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5170 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259682588.736:1315): avc: denied { execute } for pid=5540 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259682588.736:1315): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5540 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259684861.197:1344): avc: denied { execute } for pid=5745 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259684861.197:1344): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a478 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259690558.951:1388): avc: denied { execute } for pid=6161 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259690558.951:1388): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15667a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259702647.573:1433): avc: denied { execute } for pid=6829 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259702647.573:1433): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156b4d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6829 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259708100.231:1441): avc: denied { execute } for pid=7085 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259708100.231:1441): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a0b8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7085 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259708922.953:1450): avc: denied { execute } for pid=7153 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259708922.953:1450): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a6a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7153 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259713257.803:1545): avc: denied { execute } for pid=7492 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259713257.803:1545): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259721513.893:1732): avc: denied { execute } for pid=8097 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259721513.893:1732): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a5d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259730724.196:1790): avc: denied { execute } for pid=8689 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259730724.196:1790): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569718 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259730728.123:1793): avc: denied { execute } for pid=8699 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259730728.123:1793): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259747840.157:1835): avc: denied { execute } for pid=9575 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259747840.157:1835): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156ba78 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=9575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259760819.408:1863): avc: denied { execute } for pid=10840 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259760819.408:1863): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=10840 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259762576.442:1887): avc: denied { execute } for pid=11067 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259762576.442:1887): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d4d5a8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11067 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259767362.673:1896): avc: denied { execute } for pid=11318 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259767362.673:1896): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54088 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11318 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259773905.214:1967): avc: denied { execute } for pid=11922 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259773905.214:1967): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54868 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11922 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259780362.196:1977): avc: denied { execute } for pid=12215 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259780362.196:1977): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12215 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259780393.314:1979): avc: denied { execute } for pid=12219 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259780393.314:1979): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12219 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259785085.323:2012): avc: denied { execute } for pid=12568 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259785085.323:2012): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d521b8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12568 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259786872.756:2015): avc: denied { execute } for pid=12645 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259786872.756:2015): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d53568 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12645 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259795695.936:2052): avc: denied { execute } for pid=13127 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259795695.936:2052): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d52e38 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=13127 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259802506.518:3031): avc: denied { getattr } for pid=11058 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=12538 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
> type=SYSCALL msg=audit(1259802506.518:3031): arch=c000003e syscall=6 success=no exit=-13 a0=d4a128 a1=a0d0a0 a2=a0d0a0 a3=7fffb9164bb0 items=0 ppid=1 pid=11058 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259802888.332:7): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.332:7): arch=c000003e syscall=16 success=yes exit=128 a0=3 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.340:8): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.340:8): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.342:9): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259802888.343:10): avc: denied { read } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.343:10): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=eb06e8 a2=1000 a3=0 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259802888.342:9): arch=c000003e syscall=16 success=yes exit=128 a0=5 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.347:11): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.347:11): arch=c000003e syscall=16 success=yes exit=128 a0=6 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.350:12): avc: denied { read } for pid=1439 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.350:12): arch=c000003e syscall=0 success=yes exit=128 a0=5 a1=eb0f18 a2=1000 a3=0 items=0 ppid=1438 pid=1439 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.360:13): avc: denied { read } for pid=1440 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802888.360:13): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.364:14): avc: denied { write } for pid=1440 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.364:14): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=7fffa8850790 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:15): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:15): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=b73830 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:16): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:16): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.367:17): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.367:17): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb1168 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.375:18): avc: denied { read } for pid=1441 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802888.375:18): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.375:19): avc: denied { write } for pid=1441 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.375:19): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=8 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:20): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:20): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=7fd1ef2e39d0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:21): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:21): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.378:22): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.378:22): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb2878 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.379:23): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.379:23): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.379:24): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.379:24): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.384:25): avc: denied { ioctl } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.384:25): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850ba0 a3=60 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802888.384:26): avc: denied { getattr } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802888.384:26): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=b730a0 a2=b730a0 a3=0 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.381:27): avc: denied { read } for pid=1494 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259802889.381:27): arch=c000003e syscall=59 success=no exit=-13 a0=7fffa8850a88 a1=eb31c8 a2=7fffa88511c0 a3=7fffa88508d0 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.382:28): avc: denied { write } for pid=1494 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.382:28): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7fffa8850b0c a2=4 a3=8 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.385:29): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.385:29): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7fffa8850f18 a2=4 a3=8 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.388:30): avc: denied { write } for pid=1438 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.388:30): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=eb3248 a2=9 a3=0 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259802889.390:31): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259802889.390:31): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb3568 a2=400 a3=b73010 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.790:43): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.790:43): arch=c000003e syscall=16 success=yes exit=4294967424 a0=3 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.795:44): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.795:44): arch=c000003e syscall=16 success=yes exit=4294967424 a0=4 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.798:45): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259803042.801:46): avc: denied { read } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.801:46): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=104fb28 a2=1000 a3=0 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259803042.798:45): arch=c000003e syscall=16 success=yes exit=4294967424 a0=5 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.804:47): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.804:47): arch=c000003e syscall=16 success=yes exit=4294967424 a0=6 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.806:48): avc: denied { read } for pid=2333 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=AVC msg=audit(1259803042.812:49): avc: denied { read } for pid=2334 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803042.806:48): arch=c000003e syscall=0 success=yes exit=4294967424 a0=5 a1=1050268 a2=1000 a3=0 items=0 ppid=2332 pid=2333 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.816:50): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.812:49): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.816:51): avc: denied { write } for pid=2334 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.816:51): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=7ffffc393950 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=SYSCALL msg=audit(1259803042.816:50): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=d13830 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.818:52): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.818:52): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.818:53): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.818:53): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10504b8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.823:54): avc: denied { read } for pid=2335 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803042.823:54): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.823:55): avc: denied { write } for pid=2335 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.823:55): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=8 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:56): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:56): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=7fceba05a9d0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:57): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:57): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.828:58): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.828:58): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=1051cc8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.833:59): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.833:59): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.833:60): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.833:60): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.834:61): avc: denied { ioctl } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.834:61): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7ffffc393d60 a3=60 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803042.836:62): avc: denied { getattr } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803042.836:62): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=d130a0 a2=d130a0 a3=0 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.839:63): avc: denied { read } for pid=2338 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> type=SYSCALL msg=audit(1259803043.839:63): arch=c000003e syscall=59 success=no exit=-13 a0=7ffffc393c48 a1=1052638 a2=7ffffc394380 a3=7ffffc393a90 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.840:64): avc: denied { write } for pid=2338 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.840:64): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7ffffc393ccc a2=4 a3=8 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.844:65): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.844:65): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7ffffc3940d8 a2=4 a3=8 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.845:66): avc: denied { write } for pid=2332 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.845:66): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=10526b8 a2=9 a3=0 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803043.849:67): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
> type=SYSCALL msg=audit(1259803043.849:67): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10529d8 a2=400 a3=d13010 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
> type=AVC msg=audit(1259803128.077:69): avc: denied { execute } for pid=2422 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259803128.077:69): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c20208 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2422 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259806154.170:82): avc: denied { execute } for pid=2653 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259806154.170:82): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c267e8 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2653 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259812687.066:113): avc: denied { read open } for pid=3074 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259812687.066:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c26a88 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=3074 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259816690.197:196): avc: denied { read open } for pid=3631 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259816690.197:196): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=24095a8 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3631 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259819529.773:214): avc: denied { read open } for pid=3827 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259819529.773:214): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3827 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899887.509:471): avc: denied { read open } for pid=11794 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899887.509:471): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11794 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899890.409:475): avc: denied { read open } for pid=11799 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899890.409:475): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410548 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11799 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1259899950.600:483): avc: denied { read open } for pid=11860 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1259899950.600:483): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f6e208 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=11860 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260146847.427:1066): avc: denied { read open } for pid=28420 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260146847.427:1066): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f71c88 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28420 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260146850.722:1070): avc: denied { read open } for pid=28428 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260146850.722:1070): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f72a28 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28428 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500225.789:25455): avc: denied { read open } for pid=21350 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500225.789:25455): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bdbd18 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500228.740:25459): avc: denied { read open } for pid=21355 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500228.740:25459): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bddc38 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260500358.675:25470): avc: denied { getattr } for pid=1441 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=10948 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
> type=SYSCALL msg=audit(1260500358.675:25470): arch=c000003e syscall=6 success=no exit=-13 a0=bd5dd8 a1=8980a0 a2=8980a0 a3=7fff032b9880 items=0 ppid=1 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1260809448.592:28614): avc: denied { execute_no_trans } for pid=23422 comm="sshdfilter" path="/sbin/iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
> type=SYSCALL msg=audit(1260809448.592:28614): arch=c000003e syscall=59 success=no exit=-13 a0=7fffc0880288 a1=e0c508 a2=7fffc08809c0 a3=7fffc08800d0 items=0 ppid=1432 pid=23422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
>
> > >=20
> > >=20
> > > Moray.
> > > "To err is human. To purr, feline"
> > >=20
> > >=20
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@...
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> > --uAKRQypu60I7Lcqm
> > Content-Type: application/pgp-signature
> > Content-Disposition: inline
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.10 (GNU/Linux)
> >
> > iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> > TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> > =tNuu
> > -----END PGP SIGNATURE-----
> >
> > --uAKRQypu60I7Lcqm--
> >
> >
> > --===============0725889959==
> > Content-Type: text/plain; charset="us-ascii"
> > MIME-Version: 1.0
> > Content-Transfer-Encoding: 7bit
> > Content-Disposition: inline
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@...
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > --===============0725889959==--
> >
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

attachment0 (205 bytes) Download Attachment

Re: Fedora 12 and unconfined_u sshdfilter

2009-12-14T13:21:06Z

On Mon, Dec 14, 2009 at 10:25:08AM -0800, David Highley wrote:

echo "policy_module(newiptables, 1.0.0)" > newuiptables.te
echo "optional_policy(\`" >> newiptables.te
echo "gen_require(\'" >> newiptables.te
echo "type iptables_t;" >> newiptables.te
echo "')" >> newiptables.te
echo "corecmd_read_bin_symlinks(iptables_t)" >> newiptables.te
echo "allow iptables_t self:fifo_file rw_fifo_file_perms;" >> newiptables.te
echo "')" >> newiptables.te

make -f /usr/share/selinux/devel/Makefile newiptables.pp
sudo semodule -i newiptables.pp

>
> #============= sshd_t ==============
> allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };

echo "policy_module(newsshd, 1.0.0)" > newsshd.te
echo "optional_policy(\`" >> newsshd.te
echo "gen_require(\`" >> newsshd.te
echo "type sshd_t;" >> newsshd.te
echo "')" >> newsshd.te
echo "iptables_domtrans(sshd_t)" >> newsshd.te
echo "')" >> newsshd.te

make -f /usr/share/selinux/devel/Makefile newsshd.pp
sudo semodule -i newsshd.pp

> allow sshd_t var_run_t:file getattr;

This one is a bit more complicated because i dont know for sure what created it (in what context runs sshdfilter?)

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

attachment0 (205 bytes) Download Attachment

Re: The SELinux Documentation Project

2009-12-14T12:09:42Z

On Mon, Dec 14, 2009 at 12:32:01PM -0600, Serge E. Hallyn wrote:

> Quoting Dominick Grift (domg472@...):
> > On Mon, Dec 14, 2009 at 11:49:15AM -0600, Serge E. Hallyn wrote:
> > > Quoting Joshua Brindle (method@...):
> > > > Dominick Grift wrote:
> > > > >On 11/27/2009 09:31 PM, Joshua Brindle wrote:
> > > > >>Joshua Brindle wrote:
> > > > >>>As we discussed at Linux Plumbers Conference during the 'Making SELinux
> > > > >>>Easier to Use" talk we have some document deficiencies in the SELinux
> > > > >>>project.
> > > > >>>
> > > > >><snip>
> > > > >>
> > > > >>We have gotten some good contributions to the documentation project over
> > > > >>the last couple months but there is always more to do. I've updated the
> > > > >>Documentation TODO at:
> > > > >>
> > > > >><http://selinuxproject.org/page/Documentation_TODO>
> > > > >>
> > > > >>with some docs we'd like written and some guidance on what the format
> > > > >>should be. Use cases would be particularly appreciated.
> > > > >>
> > > > >>If you haven't gone to the documentation wiki lately take a look at
> > > > >>
> > > > >><http://selinuxproject.org/page/Main_Page>
> > > > >>
> > > > >>and see what's been added.
> > > > >>
> > > > >>Thanks for the help of the contributors and hopefully this effort will
> > > > >>go a long way toward gaining users and keeping SELinux enabled.
> > > > >>
> > > > >>--
> > > > >>fedora-selinux-list mailing list
> > > > >>fedora-selinux-list@...
> > > > >>https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > > >
> > > > >Attached is a concept i wrote today about Locking down webapps with CGI.
> > > > >This was a topic in the todo list.
> > > > >
> > > > >Would be nice if someone could proof-read this and when
> > > > >modified/accepted publish it.
> > > >
> > > > It's a wiki :) Just put it up there and others can make
> > >
> > > How are we to create an account to edit a page? The 'Log in/Create
> > > Account' page doesn't seem to let me create an account?
> > >
> > > I'd like to add the recipe
> > >
> > > useradd xa
> > > semanage user -a -R user_r xa
> > > semanage login -a -s xa xa
> >
> > You would probably also need:
> >
> > cd /etc/selinux/targeted/contexts/users; cp user_u xa;
> >
> > To make that work.
>
> Hmm - I didn't think in f10 or f11 I needed to, but good to
> know, thanks!
>
> > Easier would probably be: useradd -Z user_u xa
>
> Excellent, didn't know about it and I like it :)
>
> > or
> >
> > useradd xa
> > semanage login -m -s user_u -r s0-s0 xa
>
> I don't have a fedora system handy at the moment - is the help
> documentation in semanage now context-sensitive (so
> 'semanage login help' and 'semanage user help' give different,
> briefer, more meaningful help)?

less meaningful i would say:

[root@localhost etc]# semanage login help
/usr/sbin/semanage: Invalid command: semanage login help

[root@localhost etc]# semanage user help
/usr/sbin/semanage: Invalid command: semanage user help

>
> > You should send an e-mail to james morris. He maintains the site and will add a login if you ask him.
> >
> > >
> > > to lock user xa into its own selinux context to the recipes page.
> > > If someone else is willing to post it, all the better.
> > >
> > > > modifications. There are actually a couple people who are decent at
> > > > copy editing that have done some work on the wiki so if we get
> > > > technical content up there they can do what they do to clean it up.
> > >
> > > thanks,
> > > -serge
>
> thanks,
> -serge

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

attachment0 (205 bytes) Download Attachment

Re: how to restrict a SOCK_RAW by interface

2009-12-14T11:49:52Z

On Mon, 2009-12-14 at 13:29 -0600, Cernak, James E (IS) wrote:

> Hello,
>
> I am trying to restrict an application to using only some interfaces
> on the system. I have defined a new type and assigned the interface on
> my RHEL5.4-x64 system to the new type with semanage. The system
> indicates that the interface is now configured.
> # semanage interface -l
> SELinux Interface Context
>
> eth1 system_u:object_r:iface_test_t:s0
> This does restrict applications like tcpdump or wireshark from listing
> the interface that was configured.
> # tcpdump -D
> 1.peth0
> 2.virbr0
> 3.vif0.0
> 4.eth0
> 5.xenbr0
> 6.eth2
> 7.eth3
> 8.any (Pseudo-device that captures on all interfaces)
> 9.lo
>
> My problem comes that my application can still open eth1 and read and
> write packets to this interface.
> The application is opening a socket as SOCK_RAW then binding with a
> struct sockaddr_LL that has the ssll_ifindex field configured with the
> index of ETH1.
> How do I write a selinux policy to restrict this application from
> using some interfaces.
>

In RHEL5 (Linux 2.6.18), you might need to enable compat_net (echo 1
> /selinux/compat_net or boot with selinux_compat_net=1 on the kernel
command line).

--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

how to restrict a SOCK_RAW by interface

2009-12-14T11:29:38Z

how to restrict a SOCK_RAW by interface

Hello,

I am trying to restrict an application to using only some interfaces on the system. I have defined a new type and assigned the interface on my RHEL5.4-x64 system to the new type with semanage. The system indicates that the interface is now configured.
     # semanage interface -l
     SELinux Interface              Context

     eth1                           system_u:object_r:iface_test_t:s0
This does restrict applications like tcpdump or wireshark from listing the interface that was configured.
     # tcpdump -D
     1.peth0
     2.virbr0
     3.vif0.0
     4.eth0
     5.xenbr0
     6.eth2
     7.eth3
     8.any (Pseudo-device that captures on all interfaces)
     9.lo

My problem comes that my application can still open eth1 and read and write packets to this interface.
The application is opening a socket as SOCK_RAW then binding with a struct sockaddr_LL that has the ssll_ifindex field configured with the index of ETH1.
How do I write a selinux policy to restrict this application from using some interfaces.

Thanks
James Cernak
<James.Cernak`at`ngc.com>

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: The SELinux Documentation Project

2009-12-14T10:32:01Z

Quoting Dominick Grift (domg472@...):

> On Mon, Dec 14, 2009 at 11:49:15AM -0600, Serge E. Hallyn wrote:
> > Quoting Joshua Brindle (method@...):
> > > Dominick Grift wrote:
> > > >On 11/27/2009 09:31 PM, Joshua Brindle wrote:
> > > >>Joshua Brindle wrote:
> > > >>>As we discussed at Linux Plumbers Conference during the 'Making SELinux
> > > >>>Easier to Use" talk we have some document deficiencies in the SELinux
> > > >>>project.
> > > >>>
> > > >><snip>
> > > >>
> > > >>We have gotten some good contributions to the documentation project over
> > > >>the last couple months but there is always more to do. I've updated the
> > > >>Documentation TODO at:
> > > >>
> > > >><http://selinuxproject.org/page/Documentation_TODO>
> > > >>
> > > >>with some docs we'd like written and some guidance on what the format
> > > >>should be. Use cases would be particularly appreciated.
> > > >>
> > > >>If you haven't gone to the documentation wiki lately take a look at
> > > >>
> > > >><http://selinuxproject.org/page/Main_Page>
> > > >>
> > > >>and see what's been added.
> > > >>
> > > >>Thanks for the help of the contributors and hopefully this effort will
> > > >>go a long way toward gaining users and keeping SELinux enabled.
> > > >>
> > > >>--
> > > >>fedora-selinux-list mailing list
> > > >>fedora-selinux-list@...
> > > >>https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > >
> > > >Attached is a concept i wrote today about Locking down webapps with CGI.
> > > >This was a topic in the todo list.
> > > >
> > > >Would be nice if someone could proof-read this and when
> > > >modified/accepted publish it.
> > >
> > > It's a wiki :) Just put it up there and others can make
> >
> > How are we to create an account to edit a page? The 'Log in/Create
> > Account' page doesn't seem to let me create an account?
> >
> > I'd like to add the recipe
> >
> > useradd xa
> > semanage user -a -R user_r xa
> > semanage login -a -s xa xa
>
> You would probably also need:
>
> cd /etc/selinux/targeted/contexts/users; cp user_u xa;
>
> To make that work.

Hmm - I didn't think in f10 or f11 I needed to, but good to
know, thanks!

> Easier would probably be: useradd -Z user_u xa

Excellent, didn't know about it and I like it :)

> or
>
> useradd xa
> semanage login -m -s user_u -r s0-s0 xa

I don't have a fedora system handy at the moment - is the help
documentation in semanage now context-sensitive (so
'semanage login help' and 'semanage user help' give different,
briefer, more meaningful help)?

> You should send an e-mail to james morris. He maintains the site and will add a login if you ask him.
>
> >
> > to lock user xa into its own selinux context to the recipes page.
> > If someone else is willing to post it, all the better.
> >
> > > modifications. There are actually a couple people who are decent at
> > > copy editing that have done some work on the wiki so if we get
> > > technical content up there they can do what they do to clean it up.
> >
> > thanks,
> > -serge

thanks,
-serge

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Fedora 12 and unconfined_u sshdfilter

2009-12-14T10:25:08Z

"Dominick Grift wrote:"

>
>
> --===============0725889959==
> Content-Type: multipart/signed; micalg=pgp-sha1;
> protocol="application/pgp-signature"; boundary="uAKRQypu60I7Lcqm"
> Content-Disposition: inline
>
>
> --uAKRQypu60I7Lcqm
> Content-Type: text/plain; charset=utf-8
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Mon, Dec 07, 2009 at 12:01:09PM +0000, Moray Henderson (ICT) wrote:
> > James Carter wrote:
> > >Dan's example used Refpolicy interfaces. Interfaces are very useful and
> > >provide a better layer of abstraction, but they are just m4 macros,
> > >which have always been used in SELinux policy.
> > >
> > >Interfaces should be used as much as possible, but it is not true that
> > >you can't mix the old and new ways.
> >=20
> > Mixing the plain rules and the m4 macros didn't work when I tried it - bu=
> t perhaps I just wasn=E2=80=99t writing it right. Is there a Refpolicy tut=
> orial anywhere?
>
> I spend a little time today writing about the policy structure in Fedora. M=
> aybe it can help you or others:
>
> http://82.197.205.60/~dgrift/stuff/Managing_a_SELinux_environment_with_Fedo=
> ra_12.pdf

Still have not mastered this one yet. Here is the policy file created by
grep of /var/log/audit/audit.log file piped to audit2allow:

module mysshdfilter 1.0;

require {
type var_run_t;
type iptables_exec_t;
type bin_t;
type sshd_t;
type iptables_t;
class lnk_file read;
class file { read getattr open execute execute_no_trans };
class fifo_file { read write ioctl getattr };
}

#============= iptables_t ==============
allow iptables_t bin_t:lnk_file read;
allow iptables_t self:fifo_file { read write ioctl getattr };

#============= sshd_t ==============
allow sshd_t iptables_exec_t:file { read execute open execute_no_trans };
allow sshd_t var_run_t:file getattr;

The audit log entries are:
type=AVC msg=audit(1259642932.902:7): avc: denied { execute } for pid=1411 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259642932.902:7): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1562e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259644707.700:73): avc: denied { execute } for pid=1948 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259644707.700:73): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15694c8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=1948 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259650605.247:84): avc: denied { execute } for pid=2248 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259650605.247:84): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1567828 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2248 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259661894.420:113): avc: denied { execute } for pid=2815 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259661894.420:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566e28 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=2815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259667665.966:123): avc: denied { execute } for pid=3724 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259667665.966:123): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15699d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259671660.048:131): avc: denied { execute } for pid=3920 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259671660.048:131): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=3920 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259673411.553:758): avc: denied { execute } for pid=4558 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259673411.553:758): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569af8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=4558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259679153.568:1267): avc: denied { execute } for pid=5170 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259679153.568:1267): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566a68 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5170 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259682588.736:1315): avc: denied { execute } for pid=5540 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259682588.736:1315): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1565778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5540 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259684861.197:1344): avc: denied { execute } for pid=5745 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259684861.197:1344): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a478 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=5745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259690558.951:1388): avc: denied { execute } for pid=6161 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259690558.951:1388): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=15667a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259702647.573:1433): avc: denied { execute } for pid=6829 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259702647.573:1433): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156b4d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=6829 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259708100.231:1441): avc: denied { execute } for pid=7085 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259708100.231:1441): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a0b8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7085 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259708922.953:1450): avc: denied { execute } for pid=7153 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259708922.953:1450): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a6a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7153 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259713257.803:1545): avc: denied { execute } for pid=7492 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259713257.803:1545): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=7492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259721513.893:1732): avc: denied { execute } for pid=8097 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259721513.893:1732): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a5d8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259730724.196:1790): avc: denied { execute } for pid=8689 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259730724.196:1790): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1569718 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259730728.123:1793): avc: denied { execute } for pid=8699 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259730728.123:1793): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=1566778 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=8699 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259747840.157:1835): avc: denied { execute } for pid=9575 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259747840.157:1835): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156ba78 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=9575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259760819.408:1863): avc: denied { execute } for pid=10840 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259760819.408:1863): arch=c000003e syscall=59 success=no exit=-13 a0=7fff837b36b8 a1=156a4a8 a2=7fff837b3df0 a3=7fff837b3500 items=0 ppid=1402 pid=10840 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259762576.442:1887): avc: denied { execute } for pid=11067 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259762576.442:1887): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d4d5a8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11067 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259767362.673:1896): avc: denied { execute } for pid=11318 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259767362.673:1896): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54088 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11318 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259773905.214:1967): avc: denied { execute } for pid=11922 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259773905.214:1967): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d54868 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=11922 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259780362.196:1977): avc: denied { execute } for pid=12215 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259780362.196:1977): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12215 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259780393.314:1979): avc: denied { execute } for pid=12219 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259780393.314:1979): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d50af8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12219 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259785085.323:2012): avc: denied { execute } for pid=12568 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259785085.323:2012): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d521b8 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12568 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259786872.756:2015): avc: denied { execute } for pid=12645 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259786872.756:2015): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d53568 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=12645 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259795695.936:2052): avc: denied { execute } for pid=13127 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259795695.936:2052): arch=c000003e syscall=59 success=no exit=-13 a0=7fffb91649e8 a1=d52e38 a2=7fffb9165120 a3=7fffb9164830 items=0 ppid=11058 pid=13127 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259802506.518:3031): avc: denied { getattr } for pid=11058 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=12538 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1259802506.518:3031): arch=c000003e syscall=6 success=no exit=-13 a0=d4a128 a1=a0d0a0 a2=a0d0a0 a3=7fffb9164bb0 items=0 ppid=1 pid=11058 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=47 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259802888.332:7): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.332:7): arch=c000003e syscall=16 success=yes exit=128 a0=3 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.340:8): avc: denied { ioctl } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.340:8): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.342:9): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=AVC msg=audit(1259802888.343:10): avc: denied { read } for pid=1435 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.343:10): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=eb06e8 a2=1000 a3=0 items=0 ppid=1431 pid=1435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=SYSCALL msg=audit(1259802888.342:9): arch=c000003e syscall=16 success=yes exit=128 a0=5 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.347:11): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.347:11): arch=c000003e syscall=16 success=yes exit=128 a0=6 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.350:12): avc: denied { read } for pid=1439 comm="sshdfilter" path="pipe:[11031]" dev=pipefs ino=11031 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.350:12): arch=c000003e syscall=0 success=yes exit=128 a0=5 a1=eb0f18 a2=1000 a3=0 items=0 ppid=1438 pid=1439 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.360:13): avc: denied { read } for pid=1440 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259802888.360:13): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.364:14): avc: denied { write } for pid=1440 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.364:14): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=7fffa8850790 items=0 ppid=1438 pid=1440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.367:15): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11043]" dev=pipefs ino=11043 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.367:15): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=b73830 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.367:16): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.367:16): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.367:17): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11042]" dev=pipefs ino=11042 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.367:17): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb1168 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.375:18): avc: denied { read } for pid=1441 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259802888.375:18): arch=c000003e syscall=59 success=no exit=-13 a0=7fd1ef909e0f a1=7fffa884e9b0 a2=7fffa88511c0 a3=7fffa88507d0 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.375:19): avc: denied { write } for pid=1441 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.375:19): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7fffa8850a0c a2=4 a3=8 items=0 ppid=1438 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.378:20): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11045]" dev=pipefs ino=11045 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.378:20): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7fffa8850ccc a2=4 a3=7fd1ef2e39d0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.378:21): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.378:21): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850a20 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.378:22): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11044]" dev=pipefs ino=11044 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.378:22): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb2878 a2=1000 a3=0 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.379:23): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.379:23): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.379:24): avc: denied { ioctl } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.379:24): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7fffa8850c80 a3=60 items=0 ppid=1435 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.384:25): avc: denied { ioctl } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.384:25): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7fffa8850ba0 a3=60 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802888.384:26): avc: denied { getattr } for pid=1442 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802888.384:26): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=b730a0 a2=b730a0 a3=0 items=0 ppid=1438 pid=1442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802889.381:27): avc: denied { read } for pid=1494 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259802889.381:27): arch=c000003e syscall=59 success=no exit=-13 a0=7fffa8850a88 a1=eb31c8 a2=7fffa88511c0 a3=7fffa88508d0 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802889.382:28): avc: denied { write } for pid=1494 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802889.382:28): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7fffa8850b0c a2=4 a3=8 items=0 ppid=1438 pid=1494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802889.385:29): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11397]" dev=pipefs ino=11397 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802889.385:29): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7fffa8850f18 a2=4 a3=8 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802889.388:30): avc: denied { write } for pid=1438 comm="sshdfilter" path="pipe:[11021]" dev=pipefs ino=11021 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802889.388:30): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=eb3248 a2=9 a3=0 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259802889.390:31): avc: denied { read } for pid=1438 comm="sshdfilter" path="pipe:[11046]" dev=pipefs ino=11046 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259802889.390:31): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=eb3568 a2=400 a3=b73010 items=0 ppid=1 pid=1438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.790:43): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.790:43): arch=c000003e syscall=16 success=yes exit=4294967424 a0=3 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.795:44): avc: denied { ioctl } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.795:44): arch=c000003e syscall=16 success=yes exit=4294967424 a0=4 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.798:45): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=AVC msg=audit(1259803042.801:46): avc: denied { read } for pid=2329 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.801:46): arch=c000003e syscall=0 success=yes exit=128 a0=3 a1=104fb28 a2=1000 a3=0 items=0 ppid=2323 pid=2329 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=SYSCALL msg=audit(1259803042.798:45): arch=c000003e syscall=16 success=yes exit=4294967424 a0=5 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.804:47): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.804:47): arch=c000003e syscall=16 success=yes exit=4294967424 a0=6 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.806:48): avc: denied { read } for pid=2333 comm="sshdfilter" path="pipe:[24509]" dev=pipefs ino=24509 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=AVC msg=audit(1259803042.812:49): avc: denied { read } for pid=2334 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259803042.806:48): arch=c000003e syscall=0 success=yes exit=4294967424 a0=5 a1=1050268 a2=1000 a3=0 items=0 ppid=2332 pid=2333 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.816:50): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.812:49): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.816:51): avc: denied { write } for pid=2334 comm="sshdfilter" path="pipe:[24516]" dev=pipefs ino=24516 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.816:51): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=7ffffc393950 items=0 ppid=2332 pid=2334 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=SYSCALL msg=audit(1259803042.816:50): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=d13830 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.818:52): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.818:52): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.818:53): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24515]" dev=pipefs ino=24515 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.818:53): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10504b8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.823:54): avc: denied { read } for pid=2335 comm="sshdfilter" name="sh" dev=dm-0 ino=10258 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259803042.823:54): arch=c000003e syscall=59 success=no exit=-13 a0=7fceba680e0f a1=7ffffc391b70 a2=7ffffc394380 a3=7ffffc393990 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.823:55): avc: denied { write } for pid=2335 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.823:55): arch=c000003e syscall=1 success=yes exit=128 a0=a a1=7ffffc393bcc a2=4 a3=8 items=0 ppid=2332 pid=2335 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.828:56): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24518]" dev=pipefs ino=24518 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.828:56): arch=c000003e syscall=0 success=yes exit=128 a0=9 a1=7ffffc393e8c a2=4 a3=7fceba05a9d0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.828:57): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.828:57): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393be0 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.828:58): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24517]" dev=pipefs ino=24517 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.828:58): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=1051cc8 a2=1000 a3=0 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.833:59): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.833:59): arch=c000003e syscall=16 success=yes exit=128 a0=7 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.833:60): avc: denied { ioctl } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.833:60): arch=c000003e syscall=16 success=yes exit=128 a0=8 a1=5401 a2=7ffffc393e40 a3=60 items=0 ppid=2329 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.834:61): avc: denied { ioctl } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.834:61): arch=c000003e syscall=16 success=yes exit=128 a0=4 a1=5401 a2=7ffffc393d60 a3=60 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803042.836:62): avc: denied { getattr } for pid=2336 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803042.836:62): arch=c000003e syscall=5 success=yes exit=128 a0=4 a1=d130a0 a2=d130a0 a3=0 items=0 ppid=2332 pid=2336 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803043.839:63): avc: denied { read } for pid=2338 comm="sshdfilter" name="iptables" dev=dm-0 ino=11793 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
type=SYSCALL msg=audit(1259803043.839:63): arch=c000003e syscall=59 success=no exit=-13 a0=7ffffc393c48 a1=1052638 a2=7ffffc394380 a3=7ffffc393a90 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803043.840:64): avc: denied { write } for pid=2338 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803043.840:64): arch=c000003e syscall=1 success=yes exit=128 a0=9 a1=7ffffc393ccc a2=4 a3=8 items=0 ppid=2332 pid=2338 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803043.844:65): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24549]" dev=pipefs ino=24549 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803043.844:65): arch=c000003e syscall=0 success=yes exit=128 a0=8 a1=7ffffc3940d8 a2=4 a3=8 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803043.845:66): avc: denied { write } for pid=2332 comm="sshdfilter" path="pipe:[24498]" dev=pipefs ino=24498 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803043.845:66): arch=c000003e syscall=1 success=yes exit=128 a0=4 a1=10526b8 a2=9 a3=0 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803043.849:67): avc: denied { read } for pid=2332 comm="sshdfilter" path="pipe:[24519]" dev=pipefs ino=24519 scontext=unconfined_u:system_r:iptables_t:s0 tcontext=unconfined_u:system_r:iptables_t:s0 tclass=fifo_file
type=SYSCALL msg=audit(1259803043.849:67): arch=c000003e syscall=0 success=yes exit=128 a0=7 a1=10529d8 a2=400 a3=d13010 items=0 ppid=1 pid=2332 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:iptables_t:s0 key=(null)
type=AVC msg=audit(1259803128.077:69): avc: denied { execute } for pid=2422 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259803128.077:69): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c20208 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2422 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259806154.170:82): avc: denied { execute } for pid=2653 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259806154.170:82): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c267e8 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=2653 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259812687.066:113): avc: denied { read open } for pid=3074 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259812687.066:113): arch=c000003e syscall=59 success=no exit=-13 a0=7fff14469168 a1=1c26a88 a2=7fff144698a0 a3=7fff14468fb0 items=0 ppid=2413 pid=3074 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259816690.197:196): avc: denied { read open } for pid=3631 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259816690.197:196): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=24095a8 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3631 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259819529.773:214): avc: denied { read open } for pid=3827 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259819529.773:214): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=3827 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259899887.509:471): avc: denied { read open } for pid=11794 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259899887.509:471): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410198 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11794 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259899890.409:475): avc: denied { read open } for pid=11799 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259899890.409:475): arch=c000003e syscall=59 success=no exit=-13 a0=7fff15c5a888 a1=2410548 a2=7fff15c5afc0 a3=7fff15c5a6d0 items=0 ppid=3622 pid=11799 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=9 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1259899950.600:483): avc: denied { read open } for pid=11860 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1259899950.600:483): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f6e208 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=11860 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260146847.427:1066): avc: denied { read open } for pid=28420 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1260146847.427:1066): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f71c88 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28420 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260146850.722:1070): avc: denied { read open } for pid=28428 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1260146850.722:1070): arch=c000003e syscall=59 success=no exit=-13 a0=7fff9722f198 a1=f72a28 a2=7fff9722f8d0 a3=7fff9722efe0 items=0 ppid=11851 pid=28428 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=44 comm="sshdfilter" exe="/usr/bin/perl" subj=unconfined_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260500225.789:25455): avc: denied { read open } for pid=21350 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1260500225.789:25455): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bdbd18 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260500228.740:25459): avc: denied { read open } for pid=21355 comm="sshdfilter" name="iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1260500228.740:25459): arch=c000003e syscall=59 success=no exit=-13 a0=7fff032b96b8 a1=bddc38 a2=7fff032b9df0 a3=7fff032b9500 items=0 ppid=1441 pid=21355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260500358.675:25470): avc: denied { getattr } for pid=1441 comm="sshdfilter" path="/var/run/sshdfilter.pid.SSHD" dev=dm-0 ino=10948 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=SYSCALL msg=audit(1260500358.675:25470): arch=c000003e syscall=6 success=no exit=-13 a0=bd5dd8 a1=8980a0 a2=8980a0 a3=7fff032b9880 items=0 ppid=1 pid=1441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1260809448.592:28614): avc: denied { execute_no_trans } for pid=23422 comm="sshdfilter" path="/sbin/iptables-multi" dev=dm-0 ino=11798 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:iptables_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1260809448.592:28614): arch=c000003e syscall=59 success=no exit=-13 a0=7fffc0880288 a1=e0c508 a2=7fffc08809c0 a3=7fffc08800d0 items=0 ppid=1432 pid=23422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sshdfilter" exe="/usr/bin/perl" subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)

> >=20
> >=20
> > Moray.
> > "To err is human. To purr, feline"
> >=20
> >=20
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@...
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
> --uAKRQypu60I7Lcqm
> Content-Type: application/pgp-signature
> Content-Disposition: inline
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAksdZWwACgkQMlxVo39jgT/olgCgwo9wvxeAyJG/gm4dEYHBIpGf
> TNEAn2bFoQZeg8+gaYPIDuB0wxuu6N8F
> =tNuu
> -----END PGP SIGNATURE-----
>
> --uAKRQypu60I7Lcqm--
>
>
> --===============0725889959==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> --===============0725889959==--
>

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: The SELinux Documentation Project

2009-12-14T10:12:08Z

On Mon, Dec 14, 2009 at 11:49:15AM -0600, Serge E. Hallyn wrote:

> Quoting Joshua Brindle (method@...):
> > Dominick Grift wrote:
> > >On 11/27/2009 09:31 PM, Joshua Brindle wrote:
> > >>Joshua Brindle wrote:
> > >>>As we discussed at Linux Plumbers Conference during the 'Making SELinux
> > >>>Easier to Use" talk we have some document deficiencies in the SELinux
> > >>>project.
> > >>>
> > >><snip>
> > >>
> > >>We have gotten some good contributions to the documentation project over
> > >>the last couple months but there is always more to do. I've updated the
> > >>Documentation TODO at:
> > >>
> > >><http://selinuxproject.org/page/Documentation_TODO>
> > >>
> > >>with some docs we'd like written and some guidance on what the format
> > >>should be. Use cases would be particularly appreciated.
> > >>
> > >>If you haven't gone to the documentation wiki lately take a look at
> > >>
> > >><http://selinuxproject.org/page/Main_Page>
> > >>
> > >>and see what's been added.
> > >>
> > >>Thanks for the help of the contributors and hopefully this effort will
> > >>go a long way toward gaining users and keeping SELinux enabled.
> > >>
> > >>--
> > >>fedora-selinux-list mailing list
> > >>fedora-selinux-list@...
> > >>https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >
> > >Attached is a concept i wrote today about Locking down webapps with CGI.
> > >This was a topic in the todo list.
> > >
> > >Would be nice if someone could proof-read this and when
> > >modified/accepted publish it.
> >
> > It's a wiki :) Just put it up there and others can make
>
> How are we to create an account to edit a page? The 'Log in/Create
> Account' page doesn't seem to let me create an account?
>
> I'd like to add the recipe
>
> useradd xa
> semanage user -a -R user_r xa
> semanage login -a -s xa xa

You would probably also need:

cd /etc/selinux/targeted/contexts/users; cp user_u xa;

To make that work.

Easier would probably be: useradd -Z user_u xa

or

useradd xa
semanage login -m -s user_u -r s0-s0 xa

You should send an e-mail to james morris. He maintains the site and will add a login if you ask him.

>
> to lock user xa into its own selinux context to the recipes page.
> If someone else is willing to post it, all the better.
>
> > modifications. There are actually a couple people who are decent at
> > copy editing that have done some work on the wiki so if we get
> > technical content up there they can do what they do to clean it up.
>
> thanks,
> -serge

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

attachment0 (205 bytes) Download Attachment

Re: The SELinux Documentation Project

2009-12-14T09:49:15Z

Quoting Joshua Brindle (method@...):

> Dominick Grift wrote:
> >On 11/27/2009 09:31 PM, Joshua Brindle wrote:
> >>Joshua Brindle wrote:
> >>>As we discussed at Linux Plumbers Conference during the 'Making SELinux
> >>>Easier to Use" talk we have some document deficiencies in the SELinux
> >>>project.
> >>>
> >><snip>
> >>
> >>We have gotten some good contributions to the documentation project over
> >>the last couple months but there is always more to do. I've updated the
> >>Documentation TODO at:
> >>
> >><http://selinuxproject.org/page/Documentation_TODO>
> >>
> >>with some docs we'd like written and some guidance on what the format
> >>should be. Use cases would be particularly appreciated.
> >>
> >>If you haven't gone to the documentation wiki lately take a look at
> >>
> >><http://selinuxproject.org/page/Main_Page>
> >>
> >>and see what's been added.
> >>
> >>Thanks for the help of the contributors and hopefully this effort will
> >>go a long way toward gaining users and keeping SELinux enabled.
> >>
> >>--
> >>fedora-selinux-list mailing list
> >>fedora-selinux-list@...
> >>https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> >Attached is a concept i wrote today about Locking down webapps with CGI.
> >This was a topic in the todo list.
> >
> >Would be nice if someone could proof-read this and when
> >modified/accepted publish it.
>
> It's a wiki :) Just put it up there and others can make

How are we to create an account to edit a page? The 'Log in/Create
Account' page doesn't seem to let me create an account?

I'd like to add the recipe

useradd xa
semanage user -a -R user_r xa
semanage login -a -s xa xa

to lock user xa into its own selinux context to the recipes page.
If someone else is willing to post it, all the better.

> modifications. There are actually a couple people who are decent at
> copy editing that have done some work on the wiki so if we get
> technical content up there they can do what they do to clean it up.

thanks,
-serge

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: ecryptfs selinux labeling on Fedora 12

2009-12-14T07:05:27Z

On Mon, 2009-12-14 at 11:11 +0100, Roberto Sassu wrote:

> Hi all
>
> i'm using Fedora12 and i have configured an ecryptfs filesystem.
> I see that the default behaviour for this filesystem is to use an unique mount-
> wide context (ecryptfs_t) to label each file.
> There's a way to override this behaviour (for example by inserting a mount
> parameter), in order to use the extended attributes on the lower filesystem or
> patching the distributed selinux policy is the only option possible?
>
> Thanks in advance for replies.

You'd have to modify, rebuild, and replace the base policy module to
specify fs_use_xattr for ecryptfs rather than genfscon. There was an
attempt to automate probing for xattr support and use it if present, but
it ran into problems, see:
http://marc.info/?t=121379726100001&r=1&w=2

--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

ecryptfs selinux labeling on Fedora 12

2009-12-14T02:11:04Z

Hi all

i'm using Fedora12 and i have configured an ecryptfs filesystem.
I see that the default behaviour for this filesystem is to use an unique mount-
wide context (ecryptfs_t) to label each file.
There's a way to override this behaviour (for example by inserting a mount
parameter), in order to use the extended attributes on the lower filesystem or
patching the distributed selinux policy is the only option possible?

Thanks in advance for replies.

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

smime.p7s (2K) Download Attachment

Re: Logrotate frustration

2009-12-14T02:01:07Z

On Mon, 2009-12-07 at 22:30 +0000, Arthur Dent wrote:

> On Mon, 2009-12-07 at 16:24 -0500, Daniel J Walsh wrote:
> > On 12/06/2009 04:38 AM, Arthur Dent wrote:
> > > Hello all,
> > >
> > > Its seems that almost every week logrotate is throwing up a new AVC. I
> > > have an almost vanilla F11 install with most packages installed via yum
> > > and yet I keep getting these. Each time I audit2allow and build a new
> > > policy. My "mylogr.te" is now at version 7. Am I missing a bool or is
> > > there something else I'm lacking?
> > >
> > > Here is the latest version of my policy:
> > >
> > >
> > > ===============8<==================================================
> > >
> > > module mylogr 11.1.7;
> > >
> > > require {
> > > type mail_spool_t;
> > > type logrotate_t;
> > > type fail2ban_var_run_t;
> > > type initrc_t;
> > > type squid_log_t;
> > > class dir {read open write remove_name};
> > > class file { getattr read write open};
> > > class file setattr;
> > > class sock_file write;
> > > class unix_stream_socket connectto;
> > > class lnk_file rename;
> > > }
> > >
> > > #============= logrotate_t ==============
> > > allow logrotate_t mail_spool_t:file { getattr read write open };
> > > allow logrotate_t mail_spool_t:dir { read open write remove_name};
> > > allow logrotate_t mail_spool_t:file setattr;
> > > allow logrotate_t fail2ban_var_run_t:sock_file write;
> > > allow logrotate_t initrc_t:unix_stream_socket connectto;
> > > allow logrotate_t squid_log_t:lnk_file rename;
> > >
> > > ===============8<==================================================
> > >
> > >
> > > This was today's AVC that necessitated the inclusion of the squid stuff:
> > >
> > > ===============8<==================================================
> > > Raw Audit Messages :
> > >
> > > node=mydomain.org.uk type=AVC msg=audit(1260069452.494:45041): avc: denied { rename } for pid=12302 comm="logrotate" name="squidGuard.log" dev=sda5 ino=387195 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:squid_log_t:s0 tclass=lnk_file
> > > node=mydomain.org.uk type=SYSCALL msg=audit(1260069452.494:45041): arch=40000003 syscall=38 success=no exit=-13 a0=890b130 a1=8908760 a2=890b060 a3=0 items=0 ppid=12300 pid=12302 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2275 comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)
> > > ===============8<==================================================
> > >
> > >
> > >
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@...
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > I can allow logrotate to manage log lnk_files, and allow it to write to the fail2ban socket.
> >
> > Are you using a custom logrotate to rotate mail_spool?
> >
> > Why is
>
> I think that my problem with mailspool/logrotate is that it relates to
> my mail backup system in which procmail places a copy of every mail (in
> mbox format) onto a separate partition on the same machine. This seemed
> to cause labelling problems and we went round the houses on this issue a
> while back ("Partitions Mounted by fstab" 5 March 2008 -
> https://www.redhat.com/archives/fedora-selinux-list/2008-March/msg00030.html)
>
> Thanks for your help - much appreciated...
>
> Mark

OK - Following another arm of this thread I have (last week) done a
complete relabel and removed my existing fail2ban and logrotate local
policies.

As a result of yesterday's weekly log rotate squid threw up another
couple of AVCs related to log_lnk (see below).

I have created another local policy but, do I understand you correctly
Daniel that you may include log_lnk in a future targeted policy?

Here is my new logrotate policy:

===============8<==================================================

module mylogr 11.2.2;

require {
type mail_spool_t;
type logrotate_t;
type squid_log_t;
class file getattr;
class lnk_file { rename unlink };
}

#============= logrotate_t ==============
allow logrotate_t mail_spool_t:file getattr;
allow logrotate_t squid_log_t:lnk_file { rename unlink };

===============8<==================================================

Is this OK?

Thanks for any help or suggestions...

Mark

p.s.

Logrotate AVCs

Raw Audit Messages :

node=troodos.org.uk type=AVC msg=audit(1260331775.761:1220): avc: denied { getattr } for pid=31349 comm="logrotate" path="/mnt/backup/mail/rawmail" dev=sda9 ino=2490369 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:mail_spool_t:s0 tclass=file
node=troodos.org.uk type=SYSCALL msg=audit(1260331775.761:1220): arch=40000003 syscall=196 success=yes exit=0 a0=9e59668 a1=bfd3e864 a2=bf5ff4 a3=1 items=0 ppid=31347 pid=31349 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=257 comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)

Raw Audit Messages :

node=troodos.org.uk type=AVC msg=audit(1260675470.813:43484): avc: denied { rename } for pid=11490 comm="logrotate" name="squidGuard.log" dev=sda5 ino=387195 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:squid_log_t:s0 tclass=lnk_file
node=troodos.org.uk type=SYSCALL msg=audit(1260675470.813:43484): arch=40000003 syscall=38 success=yes exit=0 a0=8295138 a1=8298f98 a2=8295068 a3=0 items=0 ppid=11488 pid=11490 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1554 comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)

Raw Audit Messages :

node=troodos.org.uk type=AVC msg=audit(1260675471.68:43485): avc: denied { unlink } for pid=11490 comm="logrotate" name="squidGuard.log.1" dev=sda5 ino=387195 scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:object_r:squid_log_t:s0 tclass=lnk_file
node=troodos.org.uk type=SYSCALL msg=audit(1260675471.68:43485): arch=40000003 syscall=10 success=yes exit=0 a0=8298f98 a1=bfbeffa8 a2=8298f98 a3=bfbeff70 items=0 ppid=11488 pid=11490 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1554 comm="logrotate" exe="/usr/sbin/logrotate" subj=system_u:system_r:logrotate_t:s0-s0:c0.c1023 key=(null)

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

signature.asc (204 bytes) Download Attachment

Re: sebools are getting reset on reboot

2009-12-10T22:13:51Z

On Thu, Dec 10, 2009 at 19:22:59 -0800,
David Highley <dhighley@...> wrote:
> Is this a bug? The two sebools, httpd_unified and
> httpd_can_network_connect, are getting changed on policy updates and or
> reboots.

Are you using the -P option when using the setsebool command? If you are
using setsebool without it, then it is expected to reset on the next reboot.

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

sebools are getting reset on reboot

2009-12-10T19:22:59Z

Is this a bug? The two sebools, httpd_unified and
httpd_can_network_connect, are getting changed on policy updates and or
reboots.

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Targeted Daemons/Apps- Fedora 12

2009-12-10T15:26:02Z

Thank you Daniel. That's right on.

All the best,
Jorge

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Selinux & Fail2Ban

2009-12-09T13:41:55Z

On 12/09/2009 02:37 PM, Göran Uddeborg wrote:

> Arthur Dent:
>> How can I explain this to the f2b developers so that it can be fixed?
>
> For your information: I filed a bug about it a little more than a year
> ago:
> http://sourceforge.net/tracker/?func=detail&atid=689044&aid=2086568&group_id=121032
>
> There hasn't been any action as far as I can tell. But maybe you'll
> have more luck if you do a new try now.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>

Fail2ban developers are well aware of this, they have been dealing with leaks for a while

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Selinux & Fail2Ban

2009-12-09T11:37:07Z

Arthur Dent:
> How can I explain this to the f2b developers so that it can be fixed?

For your information: I filed a bug about it a little more than a year
ago:
http://sourceforge.net/tracker/?func=detail&atid=689044&aid=2086568&group_id=121032

There hasn't been any action as far as I can tell. But maybe you'll
have more luck if you do a new try now.

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Targeted Daemons/Apps- Fedora 12

2009-12-09T10:34:14Z

On 12/09/2009 07:06 AM, Jorge Fábregas wrote:

> Thanks Dominick for the nice explanation. Ok, now I understand it's not as
> straightforward as I thought.
>
> I originally asked because I remember when RHEL4 and RHEL5 came out, among the
> new features list, was this list of the "targeted daemons". Now...as I'm
> considering SELinux for personal/desktop use. (in Fedora) I was wondering
> which typical apps (of the base install) were protected (like Thunderbird,
> Firefox, etc...).
>
> Again, thanks for pointing me to the right direction.
>
> All the best,
> Jorge
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>

You can see all the types associate with processes by executing

seinfo -adomain -x | wc -l
506

Permissive domains
# seinfo --permissive| wc -l
32

Unconfined domains

# seinfo -aunconfined_domain_type -x | wc -l
51

Unconfined domains with unconfined pp file disabled
#semodule -d unconfined
# seinfo -aunconfined_domain_type -x | wc -l
16

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Targeted Daemons/Apps- Fedora 12

2009-12-09T04:06:15Z

Thanks Dominick for the nice explanation. Ok, now I understand it's not as
straightforward as I thought.

I originally asked because I remember when RHEL4 and RHEL5 came out, among the
new features list, was this list of the "targeted daemons". Now...as I'm
considering SELinux for personal/desktop use. (in Fedora) I was wondering
which typical apps (of the base install) were protected (like Thunderbird,
Firefox, etc...).

Again, thanks for pointing me to the right direction.

All the best,
Jorge

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Selinux & Fail2Ban

2009-12-08T13:52:44Z

On Tue, 2009-12-08 at 21:37 +0000, Arthur Dent wrote:

> On Tue, 2009-12-08 at 22:24 +0100, Dominick Grift wrote:
>
> >
> > Your myfail2ban.te file should look like this:
> >
> > policy_module(myfail2ban, 11.2.1)
> > optional_policy(`
> > gen_require(`
> > attribute domain;
> > type fail2ban_t;
> > ')
> > dontaudit domain fail2ban_t:unix_stream_socket { read write };
> > ')
>
> That did it - Thanks!
>
> > A leaked file descriptor is a programming error it is where the programmer forgot to close a file descriptor (bug in fail2ban)
>
> How can I explain this to the f2b developers so that it can be fixed?
>

So I have copied a small section from Dan Walsh's blog. Its a bit more
than forgetting to close a file descriptor. The problem is that by
default on exec the child process will inherit all file descriptors from
the parent except ones that are closed before exec or marked close on
exec with the fcntl listed below.

One of the interesting things about SELinux is its use to
discover bugs in other code. When I first started working with
SELinux a few years ago, we started discovering a whole bunch of
domains wanting to read and write system_u:object_r:initctl_t
file. This is the context of the /dev/initctl device. After
investigating for a while we found out something in the boot
process was leaking an open file descriptor to /dev/initctl.
This open file descriptor would allow a compromised application
to change the run level of the system. Of course all of these
AVC messages were being reported as bugs in SELinux, but really
they were a serious bug in the boot process. Investigating this
problem further I found that the default behavior of all file
descriptors is to have them inherited over the fork/exec. You
have to execute fcntl(fd, F_SETFD, FD_CLOEXEC); on all file
descriptors that you do not want to be leaked. Needless to say,
lots of programmers forget this and leaked file descriptors are
quite common.

Dan Walsh

> Thanks - yet again!
>
> Mark
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Re: Selinux & Fail2Ban

2009-12-08T13:37:59Z

On Tue, 2009-12-08 at 22:24 +0100, Dominick Grift wrote:

>
> Your myfail2ban.te file should look like this:
>
> policy_module(myfail2ban, 11.2.1)
> optional_policy(`
> gen_require(`
> attribute domain;
> type fail2ban_t;
> ')
> dontaudit domain fail2ban_t:unix_stream_socket { read write };
> ')

That did it - Thanks!

> A leaked file descriptor is a programming error it is where the programmer forgot to close a file descriptor (bug in fail2ban)

How can I explain this to the f2b developers so that it can be fixed?

Thanks - yet again!

Mark

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

signature.asc (204 bytes) Download Attachment

Re: Selinux & Fail2Ban

2009-12-08T13:24:39Z

On Tue, Dec 08, 2009 at 09:15:48PM +0000, Arthur Dent wrote:

> On Tue, 2009-12-08 at 21:57 +0100, Dominick Grift wrote:
>
> > > So what do you think?
> > >
> > > Am I on the right track?
> >
> > Yes "allow system_mail_t fail2ban_t:unix_stream_socket { read write };", signals a leaked file descriptor on fail2ban. This issue is known. You can ignore those avc denials and/or silence them:
>
> What exactly *is* a "leaked file descriptor"?
>
>
> > echo "policy_module(myfail2ban, 1.0.0)" > myfail2ban.te;
> > echo "optional_policy(\`" >> myfail2ban.te;
> > echo "gen_require(\`" >> myfail2ban.te;
> > echo "attribute domain;" >> myfail2ban.te;
> > echo "type fail2ban_t;" >> myfail2ban.te;
> > echo "\')" >> myfail2ban.te;
> > echo "dontaudit domain fail2ban_t:unix_stream_socket { read write };" >> myfail2ban.te;
> > echo "\')" >> myfail2ban.te;
>
> OK - Thanks for this. It's not the way I'm used to generating local
> policies and I think there may be an error? Once all the lines are
> echo'd into myfail2ban.te this is what I get:
> # cat myfail2ban.te
>
> policy_module(myfail2ban, 11.2.1)
> optional_policy(`
> gen_require(`
> attribute domain;
> type fail2ban_t;
> \')
> dontaudit domain fail2ban_t:unix_stream_socket { read write };
> \')

Your myfail2ban.te file should look like this:

policy_module(myfail2ban, 11.2.1)
optional_policy(`
gen_require(`
attribute domain;
type fail2ban_t;
')
dontaudit domain fail2ban_t:unix_stream_socket { read write };
')

A leaked file descriptor is a programming error it is where the programmer forgot to close a file descriptor (bug in fail2ban)

>
> Which won't compile:
> > make -f /usr/share/selinux/devel/Makefile myfail2ban.pp
> > sudo semodule -i myfail2ban.pp
> Gives:
>
> # make -f /usr/share/selinux/devel/Makefile myfail2ban.pp
> Compiling targeted myfail2ban module
> /usr/bin/checkmodule: loading policy configuration from
> tmp/myfail2ban.tmp
> myfail2ban.te":2:WARNING 'unrecognized character' at token '\' on line
> 3204:
> \
> #line 2
> myfail2ban.te":2:WARNING 'unrecognized character' at token '\' on line
> 3214:
> \
> #line 2
> myfail2ban.te":2:WARNING 'unrecognized character' at token '\' on line
> 3204:
> \
> #line 2
> myfail2ban.te":2:WARNING 'unrecognized character' at token '\' on line
> 3214:
> \
> #line 2
> /usr/bin/checkmodule: policy configuration loaded
> /usr/bin/checkmodule: writing binary representation (version 10) to
> tmp/myfail2ban.mod
> Creating targeted myfail2ban.pp policy package
> rm tmp/myfail2ban.mod.fc tmp/myfail2ban.mod
>
>
> I'm not exactly sure what you had in mind otherwise I would edit it to
> work...
>
>
> But thanks again. I do appreciate your help!
>
> Mark
>

> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

attachment0 (205 bytes) Download Attachment

Re: Selinux & Fail2Ban

2009-12-08T13:15:48Z

On Tue, 2009-12-08 at 21:57 +0100, Dominick Grift wrote:

> > So what do you think?
> >
> > Am I on the right track?
>
> Yes "allow system_mail_t fail2ban_t:unix_stream_socket { read write };", signals a leaked file descriptor on fail2ban. This issue is known. You can ignore those avc denials and/or silence them:

What exactly *is* a "leaked file descriptor"?

> echo "policy_module(myfail2ban, 1.0.0)" > myfail2ban.te;
> echo "optional_policy(\`" >> myfail2ban.te;
> echo "gen_require(\`" >> myfail2ban.te;
> echo "attribute domain;" >> myfail2ban.te;
> echo "type fail2ban_t;" >> myfail2ban.te;
> echo "\')" >> myfail2ban.te;
> echo "dontaudit domain fail2ban_t:unix_stream_socket { read write };" >> myfail2ban.te;
> echo "\')" >> myfail2ban.te;

OK - Thanks for this. It's not the way I'm used to generating local
policies and I think there may be an error? Once all the lines are
echo'd into myfail2ban.te this is what I get:
# cat myfail2ban.te

policy_module(myfail2ban, 11.2.1)
optional_policy(`
gen_require(`
attribute domain;
type fail2ban_t;
\')
dontaudit domain fail2ban_t:unix_stream_socket { read write };
\')

Which won't compile:
> make -f /usr/share/selinux/devel/Makefile myfail2ban.pp
> sudo semodule -i myfail2ban.pp
Gives:

# make -f /usr/share/selinux/devel/Makefile myfail2ban.pp
Compiling targeted myfail2ban module
/usr/bin/checkmodule: loading policy configuration from
tmp/myfail2ban.tmp
myfail2ban.te":2:WARNING 'unrecognized character' at token '\' on line
3204:
\
#line 2
myfail2ban.te":2:WARNING 'unrecognized character' at token '\' on line
3214:
\
#line 2
myfail2ban.te":2:WARNING 'unrecognized character' at token '\' on line
3204:
\
#line 2
myfail2ban.te":2:WARNING 'unrecognized character' at token '\' on line
3214:
\
#line 2
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 10) to
tmp/myfail2ban.mod
Creating targeted myfail2ban.pp policy package
rm tmp/myfail2ban.mod.fc tmp/myfail2ban.mod

I'm not exactly sure what you had in mind otherwise I would edit it to
work...

But thanks again. I do appreciate your help!

Mark

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

signature.asc (204 bytes) Download Attachment

Re: Selinux & Fail2Ban

2009-12-08T12:57:29Z

On Tue, Dec 08, 2009 at 08:43:32PM +0000, Arthur Dent wrote:

> On Mon, 2009-12-07 at 23:51 +0100, Dominick Grift wrote:
>
> > > > > > > > > [Snip]
>
> > > > >
> > > > > # matchpathcon /usr/bin/fail2ban-server
> > > > > /usr/bin/fail2ban-server system_u:object_r:fail2ban_exec_t:s0
> > > > >
> > > > > Is that what you would expect to see?
> > > >
> > > > yes, now the question is, is the path labeled the way it should be:
> > > >
> > > > ls -alZ /usr/bin/fail2ban-server
> > >
> > > # ls -alZ /usr/bin/fail2ban-server
> > > -rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /usr/bin/fail2ban-server
> > >
> > > Hmmmm...
> > >
> > > # restorecon -v /usr/bin/fail2ban-server
> > > restorecon reset /usr/bin/fail2ban-server context unconfined_u:object_r:bin_t:s0->system_u:object_r:fail2ban_exec_t:s0
> > >
> > > # ls -alZ /usr/bin/fail2ban-server
> > > -rwxr-xr-x. root root system_u:object_r:fail2ban_exec_t:s0 /usr/bin/fail2ban-server
> > >
> > > Ahhh...
> > >
> > > Is that more like it?
> >
> > Yes that should get you atleast a little closer. I am wondering what else may be mislabeled on your system.
> >
> > maybe a relabel/fixfiles restore is in order...
>
> Yes. Good advice.
>
> As it happens there was a new selinux policy available today (using yum
> update):
> # rpm -q selinux-policy selinux-policy-targeted
> selinux-policy-3.6.12-91.fc11.noarch
> selinux-policy-targeted-3.6.12-91.fc11.noarch
>
>
> I removed two of my local policies (log rotation and fail2ban) and put
> selinux into permissive mode.
>
> Having updated I did a "touch /.autorelabel; reboot"
>
> Following your 7 point plan I believe I am now at stage 6?
> {
> 1) I believe there is a type created for the process? (fail2ban_exec)
> 2) I believe there is a type for the executable file (fail2ban_exec)
> 3) declare the two types init_daemon_domain(). (Not sure about this)
> 4) The executable file is labelled with the type fail2ban_exec
> 5) I have started the service (in permissive mode).
> }
>
> I got 5 AVCs. 2 on startup and 3 when fail2ban actually hit on a rule.
> (Copies of the AVCs below)
>
> So - point 6: Using audit2allow I get this:
>
> =================8<============================================
>
> module myfail2ban 11.2.1;
>
> require {
> type iptables_t;
> type system_mail_t;
> type fail2ban_t;
> class unix_stream_socket { read write };
> }
>
> #============= iptables_t ==============
> allow iptables_t fail2ban_t:unix_stream_socket { read write };
>
> #============= system_mail_t ==============
> allow system_mail_t fail2ban_t:unix_stream_socket { read write };
>
> =================8<============================================
>
> So what do you think?
>
> Am I on the right track?

Yes "allow system_mail_t fail2ban_t:unix_stream_socket { read write };", signals a leaked file descriptor on fail2ban. This issue is known. You can ignore those avc denials and/or silence them:

echo "policy_module(myfail2ban, 1.0.0)" > myfail2ban.te;
echo "optional_policy(\`" >> myfail2ban.te;
echo "gen_require(\`" >> myfail2ban.te;
echo "attribute domain;" >> myfail2ban.te;
echo "type fail2ban_t;" >> myfail2ban.te;
echo "\')" >> myfail2ban.te;
echo "dontaudit domain fail2ban_t:unix_stream_socket { read write };" >> myfail2ban.te;
echo "\')" >> myfail2ban.te;

make -f /usr/share/selinux/devel/Makefile myfail2ban.pp
sudo semodule -i myfail2ban.pp

>
> Thanks again for all your help.
>
> Mark
>
>
> AVCs (I think a couple may be duplicates - I'm running in permissive
> mode):
>
> Raw Audit Messages :
>
> node=troodos.org.uk type=AVC msg=audit(1260298720.4:21): avc: denied { read write } for pid=1907 comm="iptables" path="socket:[16217]" dev=sockfs ino=16217 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket
> node=troodos.org.uk type=SYSCALL msg=audit(1260298720.4:21): arch=40000003 syscall=11 success=yes exit=0 a0=8a1a250 a1=8a1a460 a2=8a19738 a3=8a1a460 items=0 ppid=1906 pid=1907 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables" subj=system_u:system_r:iptables_t:s0 key=(null)
>
> Raw Audit Messages :
>
> node=troodos.org.uk type=AVC msg=audit(1260298720.169:22): avc: denied { read write } for pid=1921 comm="sendmail" path="socket:[16217]" dev=sockfs ino=16217 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket
> node=troodos.org.uk type=SYSCALL msg=audit(1260298720.169:22): arch=40000003 syscall=11 success=yes exit=0 a0=85867d0 a1=8587798 a2=8587670 a3=8587798 items=0 ppid=1919 pid=1921 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:system_mail_t:s0 key=(null)
>
> Raw Audit Messages :
>
> node=troodos.org.uk type=AVC msg=audit(1260301404.622:121): avc: denied { read write } for pid=2799 comm="iptables" path="socket:[16217]" dev=sockfs ino=16217 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket
> node=troodos.org.uk type=SYSCALL msg=audit(1260301404.622:121): arch=40000003 syscall=11 success=yes exit=0 a0=88b13e0 a1=88b1618 a2=88b06f8 a3=88b1618 items=0 ppid=2798 pid=2799 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables" subj=system_u:system_r:iptables_t:s0 key=(null)
>
> Raw Audit Messages :
>
> node=troodos.org.uk type=AVC msg=audit(1260301405.169:122): avc: denied { read write } for pid=2804 comm="iptables" path="socket:[16217]" dev=sockfs ino=16217 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket
> node=troodos.org.uk type=SYSCALL msg=audit(1260301405.169:122): arch=40000003 syscall=11 success=yes exit=0 a0=96e3418 a1=96e3718 a2=96e2700 a3=96e3718 items=0 ppid=1901 pid=2804 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables" subj=system_u:system_r:iptables_t:s0 key=(null)
>
> Raw Audit Messages :
>
> node=troodos.org.uk type=AVC msg=audit(1260301405.212:123): avc: denied { read write } for pid=2811 comm="sendmail" path="socket:[16217]" dev=sockfs ino=16217 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket
> node=troodos.org.uk type=SYSCALL msg=audit(1260301405.212:123): arch=40000003 syscall=11 success=yes exit=0 a0=a119518 a1=a119a48 a2=a119750 a3=a119a48 items=0 ppid=2807 pid=2811 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:system_mail_t:s0 key=(null)
>
>

attachment0 (205 bytes) Download Attachment

Re: Selinux & Fail2Ban

2009-12-08T12:43:32Z

On Mon, 2009-12-07 at 23:51 +0100, Dominick Grift wrote:

> > > > > > > > [Snip]

> > > >
> > > > # matchpathcon /usr/bin/fail2ban-server
> > > > /usr/bin/fail2ban-server system_u:object_r:fail2ban_exec_t:s0
> > > >
> > > > Is that what you would expect to see?
> > >
> > > yes, now the question is, is the path labeled the way it should be:
> > >
> > > ls -alZ /usr/bin/fail2ban-server
> >
> > # ls -alZ /usr/bin/fail2ban-server
> > -rwxr-xr-x. root root unconfined_u:object_r:bin_t:s0 /usr/bin/fail2ban-server
> >
> > Hmmmm...
> >
> > # restorecon -v /usr/bin/fail2ban-server
> > restorecon reset /usr/bin/fail2ban-server context unconfined_u:object_r:bin_t:s0->system_u:object_r:fail2ban_exec_t:s0
> >
> > # ls -alZ /usr/bin/fail2ban-server
> > -rwxr-xr-x. root root system_u:object_r:fail2ban_exec_t:s0 /usr/bin/fail2ban-server
> >
> > Ahhh...
> >
> > Is that more like it?
>
> Yes that should get you atleast a little closer. I am wondering what else may be mislabeled on your system.
>
> maybe a relabel/fixfiles restore is in order...

Yes. Good advice.

As it happens there was a new selinux policy available today (using yum
update):
# rpm -q selinux-policy selinux-policy-targeted
selinux-policy-3.6.12-91.fc11.noarch
selinux-policy-targeted-3.6.12-91.fc11.noarch

I removed two of my local policies (log rotation and fail2ban) and put
selinux into permissive mode.

Having updated I did a "touch /.autorelabel; reboot"

Following your 7 point plan I believe I am now at stage 6?
{
1) I believe there is a type created for the process? (fail2ban_exec)
2) I believe there is a type for the executable file (fail2ban_exec)
3) declare the two types init_daemon_domain(). (Not sure about this)
4) The executable file is labelled with the type fail2ban_exec
5) I have started the service (in permissive mode).
}

I got 5 AVCs. 2 on startup and 3 when fail2ban actually hit on a rule.
(Copies of the AVCs below)

So - point 6: Using audit2allow I get this:

=================8<============================================

module myfail2ban 11.2.1;

require {
type iptables_t;
type system_mail_t;
type fail2ban_t;
class unix_stream_socket { read write };
}

#============= iptables_t ==============
allow iptables_t fail2ban_t:unix_stream_socket { read write };

#============= system_mail_t ==============
allow system_mail_t fail2ban_t:unix_stream_socket { read write };

=================8<============================================

So what do you think?

Am I on the right track?

Thanks again for all your help.

Mark

AVCs (I think a couple may be duplicates - I'm running in permissive
mode):

Raw Audit Messages :

node=troodos.org.uk type=AVC msg=audit(1260298720.4:21): avc: denied { read write } for pid=1907 comm="iptables" path="socket:[16217]" dev=sockfs ino=16217 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket
node=troodos.org.uk type=SYSCALL msg=audit(1260298720.4:21): arch=40000003 syscall=11 success=yes exit=0 a0=8a1a250 a1=8a1a460 a2=8a19738 a3=8a1a460 items=0 ppid=1906 pid=1907 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables" subj=system_u:system_r:iptables_t:s0 key=(null)

Raw Audit Messages :

node=troodos.org.uk type=AVC msg=audit(1260298720.169:22): avc: denied { read write } for pid=1921 comm="sendmail" path="socket:[16217]" dev=sockfs ino=16217 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket
node=troodos.org.uk type=SYSCALL msg=audit(1260298720.169:22): arch=40000003 syscall=11 success=yes exit=0 a0=85867d0 a1=8587798 a2=8587670 a3=8587798 items=0 ppid=1919 pid=1921 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:system_mail_t:s0 key=(null)

Raw Audit Messages :

node=troodos.org.uk type=AVC msg=audit(1260301404.622:121): avc: denied { read write } for pid=2799 comm="iptables" path="socket:[16217]" dev=sockfs ino=16217 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket
node=troodos.org.uk type=SYSCALL msg=audit(1260301404.622:121): arch=40000003 syscall=11 success=yes exit=0 a0=88b13e0 a1=88b1618 a2=88b06f8 a3=88b1618 items=0 ppid=2798 pid=2799 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables" subj=system_u:system_r:iptables_t:s0 key=(null)

Raw Audit Messages :

node=troodos.org.uk type=AVC msg=audit(1260301405.169:122): avc: denied { read write } for pid=2804 comm="iptables" path="socket:[16217]" dev=sockfs ino=16217 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket
node=troodos.org.uk type=SYSCALL msg=audit(1260301405.169:122): arch=40000003 syscall=11 success=yes exit=0 a0=96e3418 a1=96e3718 a2=96e2700 a3=96e3718 items=0 ppid=1901 pid=2804 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/sbin/iptables" subj=system_u:system_r:iptables_t:s0 key=(null)

Raw Audit Messages :

node=troodos.org.uk type=AVC msg=audit(1260301405.212:123): avc: denied { read write } for pid=2811 comm="sendmail" path="socket:[16217]" dev=sockfs ino=16217 scontext=system_u:system_r:system_mail_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=unix_stream_socket
node=troodos.org.uk type=SYSCALL msg=audit(1260301405.212:123): arch=40000003 syscall=11 success=yes exit=0 a0=a119518 a1=a119a48 a2=a119750 a3=a119a48 items=0 ppid=2807 pid=2811 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=51 sgid=51 fsgid=51 tty=(none) ses=4294967295 comm="sendmail" exe="/usr/sbin/sendmail.sendmail" subj=system_u:system_r:system_mail_t:s0 key=(null)

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

signature.asc (204 bytes) Download Attachment

Re: Combining modules?

2009-12-08T10:57:10Z

On Tue, Dec 08, 2009 at 10:41:51AM -0800, John Oliver wrote:
> I don't know if there's a better way to do this, but I'm trying to get
> nagios working with selinux (CentOS 5.4 Final) I try to run it, get an
> error, create a policy module, install it, and return to step one. It's
> getting pretty ridiculous:

Yes common issue with developing policy. What developers usually do it develop policy in permissive mode or in fedora11 and up using permissive domains. These methods allow you to accumulate all or atleast most avc denials in one runs. This is because permissive mode/domains allow the access but log "would be denials". So the process usually works but youll still get to see what SELinux would have denied.

But apart from that. You can also develop policy in enforcing mode. Although since selinux actually denies every permission the process cannot proceed. So youll write a rule, reload modified policy, appends the next rule, reload and so forth an so forth.

An easier way to do that is to just modify your source policy (the .te, .if and .fc files), rebuild the binary policy and install it again. That will overwrite the installed policy.

echo "policy_module(example, 1.0.0)" > example.te;
make -f /usr/share/selinux/devel/Makefile example.pp
sudo semodule -i example.pp
( .. later you figure out more policy is required .. )
( .. appending some stuff to existing source policy example.te file .. )
echo "type example_t;" >> example.te;
echo "type example_exec_t;" >> example.te;
echo "init_daemon_domain(example_t, example_exec_t)" >> example.te;
( .. building a binary module again this time from modified source policy example.te file .. )
make -f /usr/share/selinux/devel/Makefile example.pp
( .. installing modified example.pp binary module *again*, whichif policy version is the same, overwrites the existing installed example.pp)

That way you will end up with a single module with all your mods for a particular domain.

>
> [joliver@mda-services4 ~]$ sudo /usr/sbin/semodule -l | grep nagios
> nagios 1.1.0
> nagios10 1.0
> nagios2 1.0
> nagios3 1.0
> nagios4 1.0
> nagios5 1.0
> nagios6 1.0
> nagios7 1.0
> nagios8 1.0
> nagios9 1.0
>
> When I finally discover all of the problems... is there a way to dump
> all of those modules into one? Both for my sanity, and so that I can
> maybe submit that module to CentOS so the next poor SOB who tries to do
> this doesn't have to reinvent the wheel?
>
> Or is there another, better, way to find all of the various rules that
> are needed in one fell swoop?
>
> --
> ***********************************************************************
> * John Oliver http://www.john-oliver.net/ *
> * *
> ***********************************************************************
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@...
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

attachment0 (205 bytes) Download Attachment

Re: Combining modules?

2009-12-08T10:46:10Z

On 12/08/2009 01:41 PM, John Oliver wrote:

> I don't know if there's a better way to do this, but I'm trying to get
> nagios working with selinux (CentOS 5.4 Final) I try to run it, get an
> error, create a policy module, install it, and return to step one. It's
> getting pretty ridiculous:
>
> [joliver@mda-services4 ~]$ sudo /usr/sbin/semodule -l | grep nagios
> nagios 1.1.0
> nagios10 1.0
> nagios2 1.0
> nagios3 1.0
> nagios4 1.0
> nagios5 1.0
> nagios6 1.0
> nagios7 1.0
> nagios8 1.0
> nagios9 1.0
>
> When I finally discover all of the problems... is there a way to dump
> all of those modules into one? Both for my sanity, and so that I can
> maybe submit that module to CentOS so the next poor SOB who tries to do
> this doesn't have to reinvent the wheel?
>
> Or is there another, better, way to find all of the various rules that
> are needed in one fell swoop?
>

Instead of making a new file, you can just edit the old files, bump the
version, and instead of semodule -i, use semodule -u (update).

--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

smime.p7s (3K) Download Attachment