NFSD warning?

Dominick Grift domg472 at gmail.com
Thu Aug 26 10:43:36 UTC 2010 

On 08/26/2010 12:37 PM, Arthur Dent wrote:
> On Thu, 2010-08-26 at 11:58 +0200, Dominick Grift wrote:
>> On 08/26/2010 11:48 AM, Arthur Dent wrote:
>>> Hello all,
>>>
>>> Working with Dominick to solve my clamd denial problem has caused me to
>>> use ausearch more often than I normally would.
>>>
>>> This has revealed a large and constant amount of these messages:
>>
>> Do semodule -B to hide any denials that are should not be displayed
>> (they are hidden on purpose)
> 
> Actually Dominick, this *is* with semodule -B

only the "{ 0x400000 }"'s are with semodule -B i believe. The other AVC
denials are so called dontaudited (hidden by default)

> ----
> time->Thu Aug 26 11:25:11 2010
> type=AVC msg=audit(1282818311.906:55953): avc:  denied  { 0x400000 } for
> pid=1219 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 11:25:10 2010
> type=AVC msg=audit(1282818310.564:55924): avc:  denied  { 0x400000 } for
> pid=1219 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> ----
> time->Thu Aug 26 11:25:51 2010
> type=AVC msg=audit(1282818351.672:55954): avc:  denied  { 0x400000 } for
> pid=1219 comm="nfsd" name="" dev=sda11 ino=28365
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
> 
> Just a small sample. There are hundreds more. But if you say they are
> harmless then I guess I will just leave them alone...
> 

In my previous reply i enclosed an URL to a related bug report. This
bugzilla report includes a method to hide the symptoms of this bug.

Basically it adds a dontaudit rule:
dontaudit kernel_t unlabeled_t:file *;

If that does not work for you then you can just ignore the denials for
now, and add a "me to" reply to the bugzilla report that i enclosed in
my previous reply

> Thanks
> 
> Mark
> 
> 
> 
> 
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100826/4b72ae80/attachment.bin

More information about the selinux mailing list