[CentOS] SELinux is preventing /usr/bin/chcon "mac_admin" access

Tue Dec 20 14:44:32 UTC 2011
James B. Byrne <byrnejb at harte-lyne.ca>

CentOS-6.1 KVM guest on CentOS-6.1 host.

I am seeing this SEAlert in the /var/log/audit/audit.log
file a new guest immediately after startup. Can someone
tell me what it means and what I should do about it?  A
Google search reveals a number of Fedora issues with
similar errors dating back a few years; most of which seem
to have something to do with package ownership.

This guest starts without activating any Ethernet i/f if
that has any bearing on the matter.

# sealert -a /var/log/audit/audit.log | more
found 1 alerts in /var/log/audit/audit.log
--------------------------------------------------------


Summary:

SELinux is preventing /usr/bin/chcon "mac_admin" access .

Detailed Description:

SELinux denied access requested by chcon. It is not
expected that this access is required by chcon and this
access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this
access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385)
Please file a bug report.

Additional Information:

Source Context                system_u:system_r:initrc_t:s0
Target Context                system_u:system_r:initrc_t:s0
Target Objects                None [ capability2 ]
Source                        chcon
Source Path                   /usr/bin/chcon
Port                          <Unknown>
Host                          <Unknown>
Source RPM Packages           coreutils-8.4-13.el6
Target RPM Packages
Policy RPM                   
selinux-policy-3.7.19-93.el6_1.7
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                    
pas-redmine.hamilton.harte-lyne.ca
Platform                      Linux
pas-redmine.hamilton.harte-lyne.ca
                              2.6.32-131.21.1.el6.x86_64
#1 SMP Tue Nov 22
                              19:48:09 GMT 2011 x86_64 x86_64
Alert Count                   1
First Seen                    Tue Dec 20 09:16:12 2011
Last Seen                     Tue Dec 20 09:16:12 2011
Local ID                     
6a24c9e4-3fb9-4524-ae04-a0cf0b31cce4
Line Numbers                  10, 11

Raw Audit Messages

type=AVC msg=audit(1324390572.917:12): avc:  denied  {
mac_admin } for  pid=1443 comm="chcon" capability=33
scontext=system_u:system_r:initrc_t:s0 tcontext=sys
tem_u:system_r:initrc_t:s0 tclass=capability2

type=SYSCALL msg=audit(1324390572.917:12): arch=c000003e
syscall=188 success=no exit=-22 a0=d281c0 a1=7f02f81e8259
a2=d29580 a3=20 items=0 ppid=1442 pid=1443 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="chcon"
exe="/usr/bin/chcon" subj=system_u:system_r:initrc_t:s0
key=(null)

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3