udev want to unlink/read/create '/dev/.udev.tdb/block@hda@hda1', etc
by Tom London
Running strict/enforcing, latest Rawhide.
latest udev seems to want to unlink, create, read a horde
of device files on boot up, all uncer /dev/.udev.tdb/
This produces a horde of error messages on boot console
and many avcs. I attach a few here.
This started on Friday's installs, I believe. I noticed
a bugzilla for udev describing a problem caused
by /dev/.udev.tdb becoming a directory.
Is a labeling/policy change also needed?
tom
Dec 18 10:48:06 fedora kernel: audit(1103366847.891:0): avc: denied
{ unlink } for pid=435 exe=/bin/rm name=block@ram3 dev=tmpfs ino=906
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t
tclass=file
Dec 18 10:48:06 fedora kernel: audit(1103366847.891:0): avc: denied
{ unlink } for pid=435 exe=/bin/rm name=block@ram2 dev=tmpfs ino=904
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t
tclass=file
Dec 18 10:48:06 fedora kernel: audit(1103366847.891:0): avc: denied
{ unlink } for pid=435 exe=/bin/rm name=block@ram15 dev=tmpfs ino=902
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t
tclass=file
Dec 18 10:48:06 fedora kernel: audit(1103366847.891:0): avc: denied
{ unlink } for pid=435 exe=/bin/rm name=block@ram14 dev=tmpfs ino=900
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t
tclass=file
Dec 18 10:48:13 fedora kernel: audit(1103366861.018:0): avc: denied
{ read } for pid=1064 exe=/sbin/udev name=class@tty@tty56 dev=tmpfs
ino=710 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:device_t tclass=file
Dec 18 10:48:13 fedora kernel: audit(1103366861.019:0): avc: denied
{ read } for pid=1064 exe=/sbin/udev name=class@tty@tty55 dev=tmpfs
ino=707 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:device_t tclass=file
Dec 18 10:48:13 fedora kernel: audit(1103366861.019:0): avc: denied
{ read } for pid=1064 exe=/sbin/udev name=class@tty@tty54 dev=tmpfs
ino=704 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:device_t tclass=file
Dec 18 10:48:13 fedora kernel: audit(1103366861.019:0): avc: denied
{ read } for pid=1064 exe=/sbin/udev name=class@tty@tty53 dev=tmpfs
ino=701 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:device_t tclass=file
Dec 18 10:48:13 fedora kernel: audit(1103366861.194:0): avc: denied
{ create } for pid=1069 exe=/sbin/udev name=class@sound@controlC0
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:sound_device_t tclass=file
Dec 18 10:48:13 fedora kernel: audit(1103366861.482:0): avc: denied
{ create } for pid=1064 exe=/sbin/udev name=block@fd0
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t
tclass=file
Dec 18 10:48:13 fedora kernel: audit(1103366861.584:0): avc: denied
{ create } for pid=1070 exe=/sbin/udev name=class@sound@timer
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:sound_device_t tclass=file
Dec 18 10:48:13 fedora kernel: audit(1103366861.827:0): avc: denied
{ create } for pid=1071 exe=/sbin/udev name=class@sound@pcmC0D1c
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:sound_device_t tclass=file
Dec 18 10:48:13 fedora kernel: audit(1103366861.967:0): avc: denied
{ create } for pid=1072 exe=/sbin/udev name=class@sound@adsp
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:sound_device_t tclass=file
--
Tom London
19 years, 4 months
RE: FC 3, permissive, strict: Error! Unable to set executable context.
by Browder, Tom
> -----Original Message-----
> From: fedora-selinux-list-bounces(a)redhat.com
> [mailto:fedora-selinux-list-bounces@redhat.com] On Behalf Of
> Daniel J Walsh
> You probably need to relabel.
>
> touch /.autorelabel and reboot.
Dan, my machine is grinding away relabeling. I assume that will take
care of the problem.
Is that something I will have to do regularly?
Thanks.
Tom Browder
19 years, 4 months
FC 3, permissive, strict: Error! Unable to set executable context.
by Browder, Tom
I just turned on SELinux on my FC 3 box at home (permissive, strict).
No problems and I'm building large /var/log/message file as we speak.
However, I did the same thing on a box at work and when I try to login
as a normal user I get an error messge on the gdm login screen that
says:
Error! Unable to set executable context.
And it won't let me login. But I can still login as root OK.
What am I doing wrong?
Thanks.
Tom Browder
19 years, 4 months
sending mail with squirrelmail
by Phil Anderson
Is anyone else having problems sending mail with squirrelmail? This is
the only remaining problem I have before I'm switching my server to
enforcing mode. The attachment problem was fixed in the latest policy
update.
Unfortunately, squirrelmail fails to send the mail silently... it even
puts a copy in the Sent folder :(
Dec 20 15:00:48 harry kernel: audit(1103515248.224:0): avc: denied {
read } for pid=12496 exe=/usr/sbin/sendmail.sendmail name=urandom
dev=tmpfs ino=870 scontext=user_u:system_r:system_mail_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
Any suggestions?
Phil
19 years, 4 months
multiple spec for '/var/run/dbus(/.*)?'
by Tom London
Running strict/enforcing, latest Rawhide.
Seems to be duplicate specs for /var/run/dbus,
one in distros.fc, the other in dbusd.fc.
Produces the following harmless warning:
WARNING: Multiple same specifications for /var/run/dbus(/.*)?.
tom
--
Tom London
19 years, 4 months
wihbindd avc errors
by Jim Cornette
I am trying to run some samba related programs and found that the
winbindd program causes some avc errors. I did a
touch /.autorelabel
and noticed that the errors were still present with this daemon. I did
not configure anything for this program. Attached is the avc errors for
today. I disabled the daemon and have no errors now.
Thanks,
Jim
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.233:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.234:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.235:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.236:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.236:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.237:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.290:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.290:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.291:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.356:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd_idmap.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.357:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.357:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.358:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.359:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.455:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=netsamlogon_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
Dec 18 14:16:54 cornette-fc3-lt kernel: audit(1103397414.324:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
Dec 18 14:16:54 cornette-fc3-lt kernel: audit(1103397414.324:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:var_run_t tclass=dir
Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:49:07 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Dec 18 15:54:00 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Dec 18 15:54:12 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Dec 18 15:59:09 cornette-fc3-lt kernel: audit(1103403334.306:0): avc: granted { setenforce } for pid=212 exe=/bin/bash scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security
Dec 18 15:59:09 cornette-fc3-lt kernel: audit(1103403523.164:0): avc: granted { setenforce } for pid=212 exe=/bin/bash scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.176:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.177:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.178:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.179:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.179:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.218:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.218:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.219:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.299:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd_idmap.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.300:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.301:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.412:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=netsamlogon_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
Dec 18 15:59:34 cornette-fc3-lt kernel: audit(1103403574.278:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file
Dec 18 15:59:34 cornette-fc3-lt kernel: audit(1103403574.278:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.585:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:var_run_t tclass=dir
Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.585:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.586:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file
Dec 18 16:11:18 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Dec 18 16:13:54 cornette-fc3-lt dbus: avc: 0 AV entries and 0/512 buckets used, longest chain length 0
Dec 18 16:31:46 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
19 years, 4 months
php script avc denied
by Edy Corak
Hello,
after update to selinux-policy-targeted-1.17.30-2.51 i have new error
when i try to send a mail from php script.
audit(1103462618.203:0): avc: denied { execute } for pid=31581
exe=/usr/sbin/httpd name=bash dev=md0 ino=830748
scontext=root:system_r:httpd_t tcontext=system_u:object_r:shell_exec_t
tclass=file
I try fixfiles relabel and restorecon but still the same error
System FC3, Postfix
How to fix this error
Thank you for any help.
Edy
--
Edy Corak
E-Mail: info(a)ecorak.de
Internet: http://www.ecorak.net/
-----
19 years, 4 months
Loadlin.
by Moller
Hello!
I want to dualboot FedoraCore3 with Win 98.
How do I do it ?
Here is a sample of my bootmessage that I get when I boot with loadlin:
..
NET: Registered protocol family 17
md: Autodetecting RAID arrays.
md: autorun ...
md: ...autorun DONE.
EXT2-f2 warning (device hda3):ext2_fill_super: mounting ext3 filesystem as ext2
VFS: Mounted root (ext2 filesystem) readonly
Freeing unused kernel memory: 144k freed
Warning: unable to open an initial console.
SELinux: Disabled at runtime.
SELinux: Unregistering netfilter hooks
19 years, 4 months