On Mon, 24 Oct 2005, Daniel J Walsh wrote:
Tom Diehl wrote:
> Hi all,
>
> Since upgrading to EL4-U2 I am getting the following avc messages in my logs:
>
> Oct 23 14:46:21 pocono dbus: Can't send to audit system: USER_AVC pid=3064
uid=81 loginuid=-1 message=avc: denied { send_msg } for
scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus
>
> Can someone tell me how to go about fixing this, short of turning off selinux?
>
> (pocono pts13) # rpm -qa | grep selinux
> libselinux-1.19.1-7
> libselinux-1.19.1-7
> selinux-policy-targeted-1.17.30-2.110
> libselinux-devel-1.19.1-7
> (pocono pts13) # rpm -qa dbus
> dbus-0.22-12.EL.5
> (pocono pts13) # uname -r
> 2.6.9-22.ELsmp
> (pocono pts13) #
>
> I get hundreds of these a day. I have tried relabeling but no change.
>
> The system arch is x86_64
>
Could you try
Yep
I did the following:
(pocono pts18) # rpm -Fvh selinux-policy-targeted-1.17.30-2.117.noarch.rpm
Preparing... ########################################### [100%]
1:selinux-policy-targeted########################################### [100%]
(pocono pts18) #
And I got the following in the logs:
Oct 24 10:59:21 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81
loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t
tcontext=user_u:system_r:initrc_t tclass=dbus
Oct 24 10:59:31 pocono last message repeated 2 times
Oct 24 10:59:35 pocono kernel: security: 3 users, 4 roles, 354 types, 25 bools
Oct 24 10:59:35 pocono kernel: security: 55 classes, 21778 rules
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81
loginuid=-1 message=avc: received policyload notice (seqno=1)
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81
loginuid=-1 message=avc: 4 AV entries and 4/512 buckets used, longest chain length 1
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=4252 uid=508
loginuid=-1 message=avc: received policyload notice (seqno=1)
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=4252 uid=508
loginuid=-1 message=avc: 1 AV entries and 1/512 buckets used, longest chain length 1
So far no more avc messages. They were showing up every 5-15 seconds
before. It has been approx 5 minutes with no avc messages.
Is there anything else I should be looking at?
Is there a bug for this?
Thank You for the help.
Regards,
Tom Diehl tdiehl(a)rogueind.com Spamtrap address mtd123(a)rogueind.com