[squid-users] Squid selinux audit review needed.

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Mon, 10 Mar 2014 15:34:34 +0200

Since I am not selinux expret but I am looking at couple issues I am not
sure what the issue is.
I have a glusterfs squid machine as a client and then I restarted the
squid instance.
All of a sudden I got a "Permission Denied(13)" in the logs.
I took an audit.log output for the time of server restarting.
Please take a look on it.
it maybe related to fusefs?

##START
tail /var/log/audit/audit.log -f
type=AVC msg=audit(1394456998.422:4293): avc: denied { search } for
pid=17578 comm="squid" name="/" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394456998.422:4293): arch=c000003e syscall=59
success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8
a3=376e018240 items=0 ppid=17577 pid=17578 auid=0 uid=23 gid=23 euid=0
suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394456998.470:4294): avc: denied { getattr } for
pid=17583 comm="squid" path="/mnt/gluster" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394456998.470:4294): arch=c000003e syscall=4
success=no exit=-13 a0=254d830 a1=7fff24caccf0 a2=7fff24caccf0 a3=0
items=0 ppid=17577 pid=17583 auid=0 uid=23 gid=23 euid=23 suid=0
fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394456998.509:4295): avc: denied { search } for
pid=17582 comm="squid" name="/" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394456998.509:4295): arch=c000003e syscall=2
success=no exit=-13 a0=1bc4d30 a1=2 a2=1a4 a3=1 items=0 ppid=17577
pid=17582 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23
fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid"
subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394456998.591:4296): avc: denied { create } for
pid=17579 comm="squid" name="coordinator.ipc"
scontext=unconfined_u:system_r:squid_t:s0
tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1394456998.591:4296): arch=c000003e syscall=49
success=no exit=-13 a0=a a1=254f9ac a2=20 a3=98 items=0 ppid=17577
pid=17579 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23
fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid"
subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394456998.611:4297): avc: denied { search } for
pid=17580 comm="squid" name="/" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394456998.611:4297): arch=c000003e syscall=2
success=no exit=-13 a0=1375d30 a1=2 a2=1a4 a3=1 items=0 ppid=17577
pid=17580 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23
fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid"
subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394456998.625:4298): avc: denied { create } for
pid=17582 comm="squid" name="kid-2.ipc"
scontext=unconfined_u:system_r:squid_t:s0
tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1394456998.625:4298): arch=c000003e syscall=49
success=no exit=-13 a0=a a1=1ff4f0c a2=1a a3=98 items=0 ppid=17577
pid=17582 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23
fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid"
subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394456998.675:4299): avc: denied { create } for
pid=17580 comm="squid" name="kid-3.ipc"
scontext=unconfined_u:system_r:squid_t:s0
tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1394456998.675:4299): arch=c000003e syscall=49
success=no exit=-13 a0=a a1=17a5f0c a2=1a a3=98 items=0 ppid=17577
pid=17580 auid=0 uid=23 gid=23 euid=23 suid=0 fsuid=23 egid=23 sgid=23
fsgid=23 ses=388 tty=(none) comm="squid" exe="/usr/sbin/squid"
subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394457000.930:4300): avc: denied { search } for
pid=17589 comm="squid" name="/" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394457000.930:4300): arch=c000003e syscall=59
success=no exit=-13 a0=7ffffc192040 a1=7ffffc18ffa0 a2=7ffffc1923a8
a3=376e018240 items=0 ppid=17515 pid=17589 auid=0 uid=23 gid=23 euid=0
suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394457001.475:4301): avc: denied { search } for
pid=17590 comm="squid" name="/" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394457001.475:4301): arch=c000003e syscall=59
success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8
a3=376e018240 items=0 ppid=17577 pid=17590 auid=0 uid=23 gid=23 euid=0
suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394457001.601:4302): avc: denied { getattr } for
pid=17591 comm="squid" path="/mnt/gluster" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394457001.601:4302): arch=c000003e syscall=4
success=no exit=-13 a0=2604830 a1=7fff2803ffd0 a2=7fff2803ffd0 a3=0
items=0 ppid=17577 pid=17591 auid=0 uid=23 gid=23 euid=23 suid=0
fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=USER_ACCT msg=audit(1394457001.778:4303): pid=17593 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting
acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron
res=success'
type=CRED_ACQ msg=audit(1394457001.778:4304): pid=17593 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred
acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron
res=success'
type=LOGIN msg=audit(1394457001.791:4305): login pid=17593 uid=0 old
auid=4294967295 new auid=0 old ses=4294967295 new ses=634
type=USER_START msg=audit(1394457001.794:4306): pid=17593 uid=0 auid=0
ses=634 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=?
addr=? terminal=cron res=success'
type=CRED_DISP msg=audit(1394457001.874:4307): pid=17593 uid=0 auid=0
ses=634 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=?
terminal=cron res=success'
type=USER_END msg=audit(1394457001.874:4308): pid=17593 uid=0 auid=0
ses=634 subj=system_u:system_r:crond_t:s0-s0:c0.c1023
msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=?
addr=? terminal=cron res=success'
type=AVC msg=audit(1394457004.605:4309): avc: denied { search } for
pid=17596 comm="squid" name="/" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394457004.605:4309): arch=c000003e syscall=59
success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8
a3=376e018240 items=0 ppid=17577 pid=17596 auid=0 uid=23 gid=23 euid=0
suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394457004.642:4310): avc: denied { getattr } for
pid=17597 comm="squid" path="/mnt/gluster" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394457004.642:4310): arch=c000003e syscall=4
success=no exit=-13 a0=26db830 a1=7fffe7c992e0 a2=7fffe7c992e0 a3=0
items=0 ppid=17577 pid=17597 auid=0 uid=23 gid=23 euid=23 suid=0
fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394457007.646:4311): avc: denied { search } for
pid=17599 comm="squid" name="/" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394457007.646:4311): arch=c000003e syscall=59
success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8
a3=376e018240 items=0 ppid=17577 pid=17599 auid=0 uid=23 gid=23 euid=0
suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394457007.678:4312): avc: denied { getattr } for
pid=17600 comm="squid" path="/mnt/gluster" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394457007.678:4312): arch=c000003e syscall=4
success=no exit=-13 a0=23af830 a1=7fff5a8c0670 a2=7fff5a8c0670 a3=0
items=0 ppid=17577 pid=17600 auid=0 uid=23 gid=23 euid=23 suid=0
fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394457010.680:4313): avc: denied { search } for
pid=17602 comm="squid" name="/" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394457010.680:4313): arch=c000003e syscall=59
success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8
a3=376e018240 items=0 ppid=17577 pid=17602 auid=0 uid=23 gid=23 euid=0
suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394457010.714:4314): avc: denied { getattr } for
pid=17603 comm="squid" path="/mnt/gluster" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394457010.714:4314): arch=c000003e syscall=4
success=no exit=-13 a0=2065830 a1=7fffaef4cf80 a2=7fffaef4cf80 a3=0
items=0 ppid=17577 pid=17603 auid=0 uid=23 gid=23 euid=23 suid=0
fsuid=23 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=AVC msg=audit(1394457013.717:4315): avc: denied { search } for
pid=17606 comm="squid" name="/" dev="fuse" ino=1
scontext=unconfined_u:system_r:squid_t:s0
tcontext=system_u:object_r:fusefs_t:s0 tclass=dir
type=SYSCALL msg=audit(1394457013.717:4315): arch=c000003e syscall=59
success=no exit=-13 a0=7fffeb15b980 a1=7fffeb1598e0 a2=7fffeb15bce8
a3=376e018240 items=0 ppid=17577 pid=17606 auid=0 uid=23 gid=23 euid=0
suid=0 fsuid=0 egid=23 sgid=23 fsgid=23 ses=388 tty=(none) comm="squid"
exe="/usr/sbin/squid" subj=unconfined_u:system_r:squid_t:s0 key=(null)
type=CRYPTO_SESSION msg=audit(1394457058.505:4316): pid=11244 uid=0
auid=0 ses=388 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
msg='op=start direction=from-client cipher=aes256-ctr ksize=256
spid=11244 suid=0 rport=52477 laddr=192.168.10.111 lport=22
exe="/usr/sbin/sshd" hostname=? addr=192.168.10.125 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1394457058.506:4317): pid=11244 uid=0
auid=0 ses=388 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
msg='op=start direction=from-server cipher=aes256-ctr ksize=256
spid=11244 suid=0 rport=52477 laddr=192.168.10.111 lport=22
exe="/usr/sbin/sshd" hostname=? addr=192.168.10.125 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1394457058.684:4318): pid=11244 uid=0
auid=0 ses=388 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
msg='op=destroy kind=session fp=? direction=from-client spid=11244
suid=0 rport=52477 laddr=192.168.10.111 lport=22 exe="/usr/sbin/sshd"
hostname=? addr=192.168.10.125 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1394457058.836:4319): pid=11244 uid=0
auid=0 ses=388 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023
msg='op=destroy kind=session fp=? direction=from-server spid=11244
suid=0 rport=52477 laddr=192.168.10.111 lport=22 exe="/usr/sbin/sshd"
hostname=? addr=192.168.10.125 terminal=? res=success'
##END

Eliezer
Received on Mon Mar 10 2014 - 13:34:45 MDT

This archive was generated by hypermail 2.2.0 : Mon Mar 10 2014 - 12:00:05 MDT