More avc denies
by Leonard den Ottolander
Hi,
With the latest updates on a FC2t3 setup with SELinux running in
permissive mode I am still seeing avc errors. Kernel-2.6.5-1.358,
policy-1.11.3-3. Had to move in the /etc/security/selinux/policies
because they were created as .rpmnews.
System startup:
avc: denied { read } for pid=546 exe=/sbin/lvm.static name=dri
dev=hda2 ino=84499 scontext=system_u:system_r:lvm_t
tcontext=system_u:object_r:dri_device_t tclass=dir
avc: denied { search } for pid=546 exe=/sbin/lvm.static name=dri
dev=hda2 ino=84499 scontext=system_u:system_r:lvm_t
tcontext=system_u:object_r:dri_device_t tclass=dir
Root console login:
avc: denied { read } for pid=1559 exe=/bin/login
name=.default_contexts dev=hda2 ino=437194
scontext=system_u:system_r:local_login_t
tcontext=root:object_r:staff_home_dir_t tclass=file
avc: denied { getattr } for pid=1559 exe=/bin/login
path=/root/.default_contexts dev=hda2 ino=437194
scontext=system_u:system_r:local_login_t
tcontext=root:object_r:staff_home_dir_t tclass=file
ntpdate <server>:
avc: denied { getattr } for pid=1759 exe=/usr/sbin/ntpdate
path=/dev/tty1 dev=hda2 ino=71082 scontext=root:system_r:ntpd_t
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file
avc: denied { ioctl } for pid=1759 exe=/usr/sbin/ntpdate
path=/dev/tty1 dev=hda2 ino=71082 scontext=root:system_r:ntpd_t
tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file
Daily cron (webalizer?):
avc: denied { read } for pid=1818 exe=/bin/cat name=access_log
dev=hda2 ino=390310 scontext=system_u:system_r:system_crond_t
tcontext=root:object_r:httpd_log_t tclass=file
and 20 secs later:
avc: denied { execute_no_trans } for pid=1960 exe=/usr/sbin/prelink
path=/lib/ld-2.3.3.so dev=hda2 ino=32386
scontext=system_u:system_r:prelink_t tcontext=system_u:object_r:ld_so_t
tclass=file
ssh login and su - :
avc: denied { read } for pid=3489 exe=/bin/su name=.default_contexts
dev=hda2 ino=437194 scontext=user_u:user_r:user_su_t
tcontext=root:object_r:staff_home_dir_t tclass=file
avc: denied { getattr } for pid=3489 exe=/bin/su
path=/root/.default_contexts dev=hda2 ino=437194
scontext=user_u:user_r:user_su_t tcontext=root:object_r:staff_home_dir_t
tclass=file
avc: denied { add_name } for pid=3489 exe=/bin/su name=.xauthrQsUjb
scontext=user_u:user_r:user_su_t tcontext=root:object_r:staff_home_dir_t
tclass=dir
avc: denied { create } for pid=3489 exe=/bin/su name=.xauthrQsUjb
scontext=user_u:user_r:user_su_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
avc: denied { setattr } for pid=3489 exe=/bin/su name=.xauthrQsUjb
dev=hda2 ino=437207 scontext=user_u:user_r:user_su_t
tcontext=user_u:object_r:staff_home_dir_t tclass=file
And when setenforce 1 I get tons of prelink execute_no_trans errors for
prelink on /lib/ld-2.3.3.so .
Maybe some of these are expected behaviour, but then a few aren't :) .
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research