API tools faq
paste
jimklimov

selinux jenkins git-clone

jimklimov
Feb 23rd, 2021 (edited)
69
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.70 KB | None | 0 0
raw download clone embed print report
  1. type=MAC_STATUS msg=audit(1614095202.745:160297): enforcing=0 old_enforcing=1 auid=1000 ses=4541 enabled=1 old-enabled=1 lsm=selinux res=1AUID="noroot"
  2.  
  3. type=SYSCALL msg=audit(1614095202.745:160297): arch=c000003e syscall=1 success=yes exit=1 a0=3 a1=7ffcb6722030 a2=1 a3=0 items=0 ppid=1683513 pid=1684685 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=4541 comm="setenforce" exe="/usr/sbin/setenforce" subj=staff_u:sysadm_r:sysadm_t:s0 key=(null)ARCH=x86_64 SYSCALL=write AUID="noroot" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
  4.  
  5. type=PROCTITLE msg=audit(1614095202.745:160297): proctitle=736574656E666F726365005065726D697373697665
  6.  
  7. type=USER_AVC msg=audit(1614095202.746:160298): pid=948 uid=81 auid=4294967295 ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received setenforce notice (enforcing=0) exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'UID="dbus" AUID="unset" SAUID="dbus"
  8.  
  9.  
  10. type=AVC msg=audit(1614095220.793:160299): avc: denied { execute } for pid=1684832 comm="ssh" name="jenkins-gitclient-pass6350001274969144117.sh" dev="dm-0" ino=151053346 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
  11.  
  12. type=AVC msg=audit(1614095220.793:160299): avc: denied { execute_no_trans } for pid=1684832 comm="ssh" path="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip@tmp/jenkins-gitclient-pass6350001274969144117.sh" dev="dm-0" ino=151053346 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
  13.  
  14. type=SYSCALL msg=audit(1614095220.793:160299): arch=c000003e syscall=59 success=yes exit=0 a0=558c7fb6ecfc a1=7fff974c75b0 a2=558c7fb6e4e0 a3=1 items=2 ppid=1684831 pid=1684832 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4389 comm="jenkins-gitclie" exe="/usr/bin/bash" subj=user_u:user_r:ssh_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="jenkins-worker" UID="jenkins-worker" GID="jenkins-worker" EUID="jenkins-worker" SUID="jenkins-worker" FSUID="jenkins-worker" EGID="jenkins-worker" SGID="jenkins-worker" FSGID="jenkins-worker"
  15.  
  16. type=EXECVE msg=audit(1614095220.793:160299): argc=3 a0="/bin/sh" a1="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip@tmp/jenkins-gitclient-pass6350001274969144117.sh" a2=456E746572207061737370687261736520666F72206B657920272F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F77697040746D702F6A656E6B696E732D676974636C69656E742D7373683235343932303433383033393531363537273A20
  17.  
  18. type=CWD msg=audit(1614095220.793:160299): cwd="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip"
  19.  
  20. type=PATH msg=audit(1614095220.793:160299): item=0 name="/bin/sh" inode=16806667 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
  21.  
  22. type=PATH msg=audit(1614095220.793:160299): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=25376420 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
  23.  
  24. type=PROCTITLE msg=audit(1614095220.793:160299): proctitle=2F62696E2F7368002F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F77697040746D702F6A656E6B696E732D676974636C69656E742D70617373363335303030313237343936393134343131372E736800456E7465722070617373706872
  25.  
  26.  
  27.  
  28.  
  29. type=AVC msg=audit(1614095279.498:160300): avc: denied { execute } for pid=1685156 comm="ssh" name="jenkins-gitclient-pass6601276497802672944.sh" dev="dm-0" ino=18909970 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
  30.  
  31. type=AVC msg=audit(1614095279.498:160300): avc: denied { execute_no_trans } for pid=1685156 comm="ssh" path="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip/Projects/server@tmp/jenkins-gitclient-pass6601276497802672944.sh" dev="dm-0" ino=18909970 scontext=user_u:user_r:ssh_t:s0 tcontext=user_u:object_r:user_home_t:s0 tclass=file permissive=1
  32.  
  33. type=SYSCALL msg=audit(1614095279.498:160300): arch=c000003e syscall=59 success=yes exit=0 a0=56138e486d1c a1=7ffe8f4731e0 a2=56138e4864f0 a3=1 items=2 ppid=1685155 pid=1685156 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=(none) ses=4389 comm="jenkins-gitclie" exe="/usr/bin/bash" subj=user_u:user_r:ssh_t:s0 key=(null)ARCH=x86_64 SYSCALL=execve AUID="jenkins-worker" UID="jenkins-worker" GID="jenkins-worker" EUID="jenkins-worker" SUID="jenkins-worker" FSUID="jenkins-worker" EGID="jenkins-worker" SGID="jenkins-worker" FSGID="jenkins-worker"
  34.  
  35. type=EXECVE msg=audit(1614095279.498:160300): argc=3 a0="/bin/sh" a1="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip/Projects/server@tmp/jenkins-gitclient-pass6601276497802672944.sh" a2=456E746572207061737370687261736520666F72206B657920272F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F7769702F50726F6A656374732F70726F7679732F73657276657240746D702F6A656E6B696E732D676974636C6965273A20
  36.  
  37. type=CWD msg=audit(1614095279.498:160300): cwd="/home/jenkins-worker/jenkins/workspace/dbpatch-create_wip/Projects/server"
  38.  
  39. type=PATH msg=audit(1614095279.498:160300): item=0 name="/bin/sh" inode=16806667 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:shell_exec_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
  40. type=PATH msg=audit(1614095279.498:160300): item=1 name="/lib64/ld-linux-x86-64.so.2" inode=25376420 dev=fd:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0OUID="root" OGID="root"
  41.  
  42. type=PROCTITLE msg=audit(1614095279.498:160300): proctitle=2F62696E2F7368002F686F6D652F6A656E6B696E732D776F726B65722F6A656E6B696E732F776F726B73706163652F646270617463682D6372656174655F7769702F50726F6A656374732F70726F7679732F73657276657240746D702F6A656E6B696E732D676974636C69656E742D7061737336363031323736343937383032
  43.  
  44. type=SERVICE_START msg=audit(1614095345.981:160301): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
  45.  
  46. type=SERVICE_STOP msg=audit(1614095345.981:160302): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=dnf-makecache comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
  47.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!