Newest Rawhide packages improve things a bit for strict/enforcing, but
still no joy.
When booting strict/enforcing, the system seems to boot to single user mode,
but is unable to write to the console. Last messages are avc denials from
/bin/dmesg, that seem to occur just before the 'Welcome to Fedora' message.
I can hear the device discovery going on, but nothing on the console.
After about 5 minutes, ALT-CTL-DEL brought the system down, with the
customary console messages. (But, error messages about most file systems
not being mounted).
Here are the early avcs...
Sep 3 07:25:35 fedora kernel: audit(1094196259.050:0): avc: denied {
create } for pid=1 exe=/sbin/init name=initctl
scontext=system_u:system_r:init_t tcontext=system_u:object_r:unlabeled_t
tclass=fifo_file
Sep 3 07:25:36 fedora smartd[2856]: Opened configuration file
/etc/smartd.conf
Sep 3 07:25:36 fedora kernel: audit(1094196259.050:0): avc: denied {
associate } for pid=1 exe=/sbin/init name=initctl
scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:fs_t
tclass=filesystem
Sep 3 07:25:36 fedora smartd[2856]: Configuration file /etc/smartd.conf
parsed.
Sep 3 07:25:36 fedora kernel: audit(1094196259.050:0): avc: denied {
read write } for pid=1 exe=/sbin/init name=initctl dev=tmpfs ino=2095
scontext=system_u:system_r:init_t tcontext=system_u:object_r:unlabeled_t
tclass=fifo_file
Sep 3 07:25:36 fedora smartd[2856]: Device: /dev/hda, opened
Sep 3 07:25:36 fedora kernel: audit(1094196259.050:0): avc: denied {
getattr } for pid=1 exe=/sbin/init path=/dev/initctl dev=tmpfs ino=2095
scontext=system_u:system_r:init_t tcontext=system_u:object_r:unlabeled_t
tclass=fifo_file
Sep 3 07:25:36 fedora smartd[2856]: Device: /dev/hda, found in smartd
database.
Sep 3 07:25:36 fedora kernel: audit(1094196259.312:0): avc: denied {
read write } for pid=344 exe=/bin/hostname name=console dev=tmpfs
ino=864 scontext=system_u:system_r:hostname_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
Sep 3 07:25:36 fedora kernel: audit(1094196259.382:0): avc: denied {
search } for pid=346 exe=/bin/bash dev=tmpfs ino=863
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:unlabeled_t
tclass=dir
Sep 3 07:25:36 fedora kernel: audit(1094196259.382:0): avc: denied {
read write } for pid=346 exe=/bin/bash name=tty dev=tmpfs ino=1227
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:unlabeled_t
tclass=chr_file
Sep 3 07:25:37 fedora smartd[2856]: Device: /dev/hda, is SMART capable.
Adding to "monitor" list.
Sep 3 07:25:37 fedora kernel: audit(1094196260.276:0): avc: denied {
read write } for pid=490 exe=/bin/mount name=console dev=tmpfs ino=864
scontext=system_u:system_r:mount_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
Sep 3 07:25:37 fedora smartd[2856]: Monitoring 1 ATA and 0 SCSI devices
Sep 3 07:25:37 fedora kernel: audit(1094196260.277:0): avc: denied {
search } for pid=490 exe=/bin/mount dev=tmpfs ino=863
scontext=system_u:system_r:mount_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
Sep 3 07:25:37 fedora kernel: SELinux: initialized (dev usbfs, type
usbfs), uses genfs_contexts
Sep 3 07:25:38 fedora smartd[2858]: smartd has fork()ed into background
mode. New PID=2858.
Sep 3 07:25:38 fedora kernel: audit(1094196260.368:0): avc: denied {
read write } for pid=514 exe=/sbin/consoletype name=console dev=tmpfs
ino=864 scontext=system_u:system_r:consoletype_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
Sep 3 07:25:38 fedora smartd: smartd startup succeeded
Sep 3 07:25:38 fedora kernel: audit(1094196260.368:0): avc: denied {
getattr } for pid=514 exe=/sbin/consoletype path=/dev/console dev=tmpfs
ino=864 scontext=system_u:system_r:consoletype_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
Sep 3 07:25:38 fedora kernel: audit(1094196260.368:0): avc: denied {
ioctl } for pid=514 exe=/sbin/consoletype path=/dev/console dev=tmpfs
ino=864 scontext=system_u:system_r:consoletype_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
Sep 3 07:25:38 fedora kernel: audit(1094196262.158:0): avc: denied {
read write } for pid=724 exe=/sbin/minilogd name=console dev=tmpfs
ino=864 scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
Sep 3 07:25:38 fedora kernel: audit(1094196262.158:0): avc: denied {
use } for pid=724 exe=/sbin/minilogd path=/init dev=rootfs ino=17
scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:kernel_t
tclass=fd
Sep 3 07:25:38 fedora kernel: audit(1094196262.158:0): avc: denied {
read } for pid=724 exe=/sbin/minilogd path=/init dev=rootfs ino=17
scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:root_t
tclass=file
Sep 3 07:25:38 fedora kernel: audit(1094196262.159:0): avc: denied {
search } for pid=724 exe=/sbin/minilogd dev=tmpfs ino=863
scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
Sep 3 07:25:38 fedora kernel: audit(1094196262.159:0): avc: denied {
write } for pid=724 exe=/sbin/minilogd dev=tmpfs ino=863
scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
Sep 3 07:25:38 fedora kernel: audit(1094196262.159:0): avc: denied {
add_name } for pid=724 exe=/sbin/minilogd name=log
scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
Sep 3 07:25:38 fedora kernel: audit(1094196262.159:0): avc: denied {
create } for pid=724 exe=/sbin/minilogd name=log
scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:unlabeled_t tclass=sock_file
Sep 3 07:25:38 fedora kernel: audit(1094196262.160:0): avc: denied {
getattr } for pid=727 exe=/sbin/minilogd path=/dev/log dev=tmpfs
ino=2641 scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:unlabeled_t tclass=sock_file
Sep 3 07:25:38 fedora kernel: audit(1094196262.217:0): avc: denied {
read write } for pid=730 exe=/bin/dmesg name=console dev=tmpfs ino=864
scontext=system_u:system_r:dmesg_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
Sep 3 07:25:38 fedora acpid: acpid startup succeeded
Sep 3 07:25:38 fedora kernel: audit(1094196262.285:0): avc: denied {
read write } for pid=735 exe=/sbin/restorecon name=console dev=tmpfs
ino=864 scontext=system_u:system_r:restorecon_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
Sep 3 07:25:38 fedora kernel: audit(1094196266.948:0): avc: denied {
create } for pid=746 exe=/sbin/udev name=input
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t
tclass=dir
tom