Kernel *-541 - avc errors - ... after fsck,reboot,fixfiles,reboot
by Jim Cornette
When I booted up with the latest development kernel -541, I got the
following avc errors. Also, I ended up damaging my installation.
The first attached file is from the first boot and encountering errors.
I'll send a second message with the after relabeling filesystem errors.
Here is the second avc error file. The system was fscked to eliminate
errors. (Also was dropped to init 1 because of file errors) Bad inodes
were detected, so I rebooted and did fixfiles relabel. After that, I
rebooted and logged in again. X would not startup, it hung at switching
to graphics and could not event be pinged from another computer on my
network. (Locked up, I presume.)
Jim
Aug 29 10:19:14 localhost dbus: avc: 2 AV entries and 2/512 buckets used, longest chain length 1
Aug 29 13:34:01 localhost kernel: audit(1093800840.407:0): avc: denied { name_bind } for pid=2896 exe=/sbin/portmap scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:rndc_port_t tclass=tcp_socket
Aug 29 15:59:39 localhost kernel: audit(1093795091.123:0): avc: denied { read } for pid=540 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093795108.860:0): avc: denied { read } for pid=981 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093795111.616:0): avc: denied { read } for pid=1061 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093795111.623:0): avc: denied { read } for pid=1085 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: uba:<3>audit(1093795111.668:0): avc: denied { read } for pid=1094 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093795111.733:0): avc: denied { read } for pid=1095 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093795111.777:0): avc: denied { read } for pid=1097 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809513.654:0): avc: denied { read } for pid=1276 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809513.657:0): avc: denied { read } for pid=1277 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809514.672:0): avc: denied { read } for pid=1334 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809515.563:0): avc: denied { read } for pid=1379 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809521.168:0): avc: denied { read } for pid=1398 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809521.187:0): avc: denied { read } for pid=1403 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809521.553:0): avc: denied { read } for pid=1409 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809538.678:0): avc: denied { read } for pid=2075 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809542.585:0): avc: denied { read } for pid=2097 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809546.717:0): avc: denied { read } for pid=2460 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809549.895:0): avc: denied { read } for pid=2464 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809567.142:0): avc: denied { read } for pid=2667 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:12:07 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Aug 29 16:14:38 localhost kernel: audit(1093795992.389:0): avc: denied { read } for pid=558 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093796009.505:0): avc: denied { read } for pid=852 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: uba:<3>audit(1093796012.291:0): avc: denied { read } for pid=944 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093796012.295:0): avc: denied { read } for pid=945 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093796012.298:0): avc: denied { read } for pid=946 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093796012.300:0): avc: denied { read } for pid=947 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093796012.310:0): avc: denied { read } for pid=949 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810411.029:0): avc: denied { read } for pid=962 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810411.033:0): avc: denied { read } for pid=963 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810413.351:0): avc: denied { read } for pid=1062 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810413.369:0): avc: denied { read } for pid=1066 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810415.423:0): avc: denied { read } for pid=1135 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810415.433:0): avc: denied { read } for pid=1137 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810416.925:0): avc: denied { read } for pid=1145 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810432.496:0): avc: denied { read } for pid=1647 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810436.371:0): avc: denied { read } for pid=1668 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810440.677:0): avc: denied { read } for pid=2031 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810460.930:0): avc: denied { read } for pid=2224 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810463.417:0): avc: denied { read } for pid=2274 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810477.009:0): avc: denied { read } for pid=2634 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 23:10:57 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Aug 30 07:48:10 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Aug 30 19:46:33 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Aug 30 19:49:05 localhost kernel: audit(1093895257.851:0): avc: denied { read } for pid=564 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093895275.011:0): avc: denied { read } for pid=858 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093895277.661:0): avc: denied { read } for pid=943 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093895277.665:0): avc: denied { read } for pid=944 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093895277.668:0): avc: denied { read } for pid=945 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: uba:<3>audit(1093895277.770:0): avc: denied { read } for pid=953 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093895277.780:0): avc: denied { read } for pid=955 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909680.749:0): avc: denied { read } for pid=1046 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909680.752:0): avc: denied { read } for pid=1047 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909681.408:0): avc: denied { read } for pid=1072 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909681.417:0): avc: denied { read } for pid=1074 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909683.430:0): avc: denied { read } for pid=1137 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909683.448:0): avc: denied { read } for pid=1142 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909684.958:0): avc: denied { read } for pid=1152 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909700.061:0): avc: denied { read } for pid=1654 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909704.006:0): avc: denied { read } for pid=1675 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909708.395:0): avc: denied { read } for pid=2039 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909716.420:0): avc: denied { read } for pid=2134 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909728.426:0): avc: denied { read } for pid=2231 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909731.223:0): avc: denied { read } for pid=2282 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909744.003:0): avc: denied { read } for pid=2641 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:55:30 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Aug 30 21:17:19 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Sep 1 21:03:06 localhost kernel: audit(1094086986.820:0): avc: granted { load_policy } for pid=12264 exe=/usr/sbin/load_policy scontext=root:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security
Sep 1 21:05:34 localhost dbus: avc: received policyload notice (seqno=1)
Sep 1 21:05:34 localhost dbus: avc: 3 AV entries and 3/512 buckets used, longest chain length 1
Sep 2 07:39:47 localhost dbus: avc: 3 AV entries and 3/512 buckets used, longest chain length 1
Sep 2 17:43:32 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Sep 2 19:40:55 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Sep 4 21:15:57 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
19 years, 7 months
- 1
- 0
Kernel *-541 - avc errors - busts inodes - kills X11
by Jim Cornette
When I booted up with the latest development kernel -541, I got the
following avc errors. Also, I ended up damaging my installation.
The first attached file is from the first boot and encountering errors.
I'll send a second message with the after relabeling filesystem errors.
Here is the first boot avc errors file from initial boot.
mode is enforcing/targeted
Jim
--
You're at the end of the road again.
Aug 29 10:19:14 localhost dbus: avc: 2 AV entries and 2/512 buckets used, longest chain length 1
Aug 29 13:34:01 localhost kernel: audit(1093800840.407:0): avc: denied { name_bind } for pid=2896 exe=/sbin/portmap scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:rndc_port_t tclass=tcp_socket
Aug 29 15:59:39 localhost kernel: audit(1093795091.123:0): avc: denied { read } for pid=540 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093795108.860:0): avc: denied { read } for pid=981 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093795111.616:0): avc: denied { read } for pid=1061 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093795111.623:0): avc: denied { read } for pid=1085 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: uba:<3>audit(1093795111.668:0): avc: denied { read } for pid=1094 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093795111.733:0): avc: denied { read } for pid=1095 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093795111.777:0): avc: denied { read } for pid=1097 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809513.654:0): avc: denied { read } for pid=1276 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809513.657:0): avc: denied { read } for pid=1277 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809514.672:0): avc: denied { read } for pid=1334 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809515.563:0): avc: denied { read } for pid=1379 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809521.168:0): avc: denied { read } for pid=1398 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809521.187:0): avc: denied { read } for pid=1403 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809521.553:0): avc: denied { read } for pid=1409 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809538.678:0): avc: denied { read } for pid=2075 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809542.585:0): avc: denied { read } for pid=2097 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809546.717:0): avc: denied { read } for pid=2460 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809549.895:0): avc: denied { read } for pid=2464 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 15:59:39 localhost kernel: audit(1093809567.142:0): avc: denied { read } for pid=2667 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:12:07 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Aug 29 16:14:38 localhost kernel: audit(1093795992.389:0): avc: denied { read } for pid=558 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093796009.505:0): avc: denied { read } for pid=852 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: uba:<3>audit(1093796012.291:0): avc: denied { read } for pid=944 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093796012.295:0): avc: denied { read } for pid=945 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093796012.298:0): avc: denied { read } for pid=946 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093796012.300:0): avc: denied { read } for pid=947 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093796012.310:0): avc: denied { read } for pid=949 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810411.029:0): avc: denied { read } for pid=962 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810411.033:0): avc: denied { read } for pid=963 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810413.351:0): avc: denied { read } for pid=1062 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810413.369:0): avc: denied { read } for pid=1066 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810415.423:0): avc: denied { read } for pid=1135 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810415.433:0): avc: denied { read } for pid=1137 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810416.925:0): avc: denied { read } for pid=1145 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810432.496:0): avc: denied { read } for pid=1647 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810436.371:0): avc: denied { read } for pid=1668 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810440.677:0): avc: denied { read } for pid=2031 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810460.930:0): avc: denied { read } for pid=2224 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810463.417:0): avc: denied { read } for pid=2274 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 16:14:38 localhost kernel: audit(1093810477.009:0): avc: denied { read } for pid=2634 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 29 23:10:57 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Aug 30 07:48:10 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Aug 30 19:46:33 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Aug 30 19:49:05 localhost kernel: audit(1093895257.851:0): avc: denied { read } for pid=564 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093895275.011:0): avc: denied { read } for pid=858 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093895277.661:0): avc: denied { read } for pid=943 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093895277.665:0): avc: denied { read } for pid=944 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093895277.668:0): avc: denied { read } for pid=945 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: uba:<3>audit(1093895277.770:0): avc: denied { read } for pid=953 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093895277.780:0): avc: denied { read } for pid=955 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909680.749:0): avc: denied { read } for pid=1046 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909680.752:0): avc: denied { read } for pid=1047 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909681.408:0): avc: denied { read } for pid=1072 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909681.417:0): avc: denied { read } for pid=1074 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909683.430:0): avc: denied { read } for pid=1137 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909683.448:0): avc: denied { read } for pid=1142 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909684.958:0): avc: denied { read } for pid=1152 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909700.061:0): avc: denied { read } for pid=1654 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909704.006:0): avc: denied { read } for pid=1675 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909708.395:0): avc: denied { read } for pid=2039 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909716.420:0): avc: denied { read } for pid=2134 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909728.426:0): avc: denied { read } for pid=2231 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909731.223:0): avc: denied { read } for pid=2282 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:49:05 localhost kernel: audit(1093909744.003:0): avc: denied { read } for pid=2641 exe=/sbin/minilogd path=/init dev=rootfs ino=27 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:root_t tclass=file
Aug 30 19:55:30 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Aug 30 21:17:19 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Sep 1 21:03:06 localhost kernel: audit(1094086986.820:0): avc: granted { load_policy } for pid=12264 exe=/usr/sbin/load_policy scontext=root:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security
Sep 1 21:05:34 localhost dbus: avc: received policyload notice (seqno=1)
Sep 1 21:05:34 localhost dbus: avc: 3 AV entries and 3/512 buckets used, longest chain length 1
Sep 2 07:39:47 localhost dbus: avc: 3 AV entries and 3/512 buckets used, longest chain length 1
Sep 2 17:43:32 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Sep 2 19:40:55 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1
19 years, 7 months
- 1
- 0
Todays issues with strict policy
by Leonard den Ottolander
Hi,
Noticed a lot of issues with selinux-policy-strict-1.17.8-2 today:
Loads of udev related avc denies:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130992 (old bug,
new messages)
Smartd fails to start:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131696
eth0 doesn't come up at system startup:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131698
Can't login to X because dbus policy incorrect/incomplete:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131701
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
19 years, 7 months
- 1
- 0
.541 status.... invalid context
by Tom London
Running strict, with latest from Rawhide (except gawk), with
selinux-policy-strict-1.17.8-2.
After backing out gawk and reinstalling .541, I have a system that
boots, but only in permissive mode.
In strict mode, many avc's rush past, and then the systems automagically
reboots before I have time to examine the screen (nothing makes it to
the log).
Booting in permissive mode produces scads of avc's.
I notice the following on 'make reload' of the policy:
Sep 2 20:26:29 fedora kernel: security: 4 users, 6 roles, 1220 types,
23 bools
Sep 2 20:26:29 fedora kernel: security: 53 classes, 278677 rules
Sep 2 20:26:29 fedora kernel: security: context user_u:user_r:dbusd_t
is invalid
checkpolicy doesn't seem to complain .....
Anything to worry about?
tom
19 years, 8 months
- 2
- 1
RAID HPT370 & Linux Fedora Core 2
by DP
Hi,
I have folowing problem:
I built RAID1 in HPT370 controller. After boot from installation CD Linux
FC2 not visible in system RAID field, but two physical disks. Help me
somebody?
Thanks
DP
19 years, 8 months
- 1
- 0
Progress! .532 boots! -- but dbus/hotplug/udev problems remain?
by Tom London
Newest Rawhide updates (including udev-030-10, mkinitrd-4.1.8-1,
kernel-2.6.8-1.532, and selinux-policy-strict-1.17.5-2)
now boots in strict/enforcing.
Many AVCs, and there is a problem
with runlevel 5 (graphical login, etc.) preventing
login, (but text login works).
Here are the first, early AVCs: (I'll dig for more later.)
Aug 28 10:23:40 fedora kernel: usbcore: registered new driver usblp
Aug 28 10:23:40 fedora kernel: drivers/usb/class/usblp.c: v0.13: USB
Printer Device Class driver
Aug 28 10:23:40 fedora acpid: acpid startup succeeded
Aug 28 10:23:40 fedora kernel: ACPI: Power Button (FF) [PWRF]
Aug 28 10:23:40 fedora kernel: ACPI: Sleep Button (CM) [FUTS]
Aug 28 10:23:40 fedora kernel: EXT3 FS on hda2, internal journal
Aug 28 10:23:41 fedora kernel: audit(1093713783.757:0): avc: denied {
search } for pid=1264 exe=/sbin/udev name=contexts dev=hda2 ino=4509745
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:default_context_t tclass=dir
Aug 28 10:23:41 fedora kernel: audit(1093713783.790:0): avc: denied {
execute_no_trans } for pid=1271 exe=/sbin/udev
path=/etc/udev/scripts/pam_console.dev dev=hda2 ino=574019
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:etc_t
tclass=file
Aug 28 10:23:41 fedora kernel: audit(1093713783.790:0): avc: denied {
write }
for pid=1264 exe=/sbin/udev name=fscreate dev=proc ino=82837526
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t
tclass=file
There repeat many times. When run in permissive mode, this sequence
becomes:
Aug 28 10:32:25 fedora kernel: EXT3 FS on hda2, internal journal
Aug 28 10:32:25 fedora kernel: audit(1093714297.852:0): avc: denied {
search } for pid=1283 exe=/sbin/udev name=contexts dev=hda2 ino=4509745
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:default_context_t tclass=dir
Aug 28 10:32:25 fedora kernel: audit(1093714297.859:0): avc: denied {
search } for pid=1283 exe=/sbin/udev name=files dev=hda2 ino=4509746
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:file_context_t tclass=dir
Aug 28 10:32:25 fedora kernel: audit(1093714297.872:0): avc: denied {
read } for pid=1283 exe=/sbin/udev name=file_contexts dev=hda2
ino=4505700 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:file_context_t tclass=file
Aug 28 10:32:25 fedora kernel: audit(1093714297.872:0): avc: denied {
getattr
} for pid=1283 exe=/sbin/udev
path=/etc/selinux/strict/contexts/files/file_contexts dev=hda2
ino=4505700 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:file_context_t tclass=file
Aug 28 10:32:25 fedora kernel: audit(1093714298.077:0): avc: denied {
execute_no_trans } for pid=1285 exe=/sbin/udev
path=/etc/udev/scripts/pam_console.dev dev=hda2 ino=574019
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:etc_t
tclass=file
Aug 28 10:32:25 fedora kernel: audit(1093714298.109:0): avc: denied {
search } for pid=1285 exe=/bin/bash name=console dev=hda2 ino=4456494
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:pam_var_console_t tclass=dir
Aug 28 10:32:25 fedora kernel: audit(1093714298.113:0): avc: denied {
write }
for pid=1283 exe=/sbin/udev name=fscreate dev=proc ino=84082710
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t
tclass=file
Aug 28 10:32:25 fedora kernel: audit(1093714298.113:0): avc: denied {
setfscreate } for pid=1283 exe=/sbin/udev
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t
tclass=process
Aug 28 10:32:25 fedora kernel: audit(1093714317.126:0): avc: denied {
search } for pid=1671 exe=/sbin/udev name=files dev=hda2 ino=4509746
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:file_context_t tclass=dir
Audit2allow on this says:
allow : { write };
allow udev_t default_context_t:dir { search };
allow udev_t etc_t:file { execute_no_trans };
allow udev_t file_context_t:dir { search };
allow udev_t file_context_t:file { read };
allow udev_t pam_var_console_t:dir { search };
allow udev_t udev_t:process { setfscreate };
The funny 'allow : { write };' is for the write of 'fscreate' in /proc.
After obtaining the graphical login screen, here is the offending AVC:
Aug 28 10:24:42 fedora gdm(pam_unix)[3888]: session opened for user tbl
by (uid=0)
Aug 28 10:24:43 fedora kernel: audit(1093713883.626:0): avc: denied {
create } for pid=4042 exe=/usr/bin/dbus-daemon-1
scontext=user_u:user_r:user_t tcontext=user_u:user_r:user_t
tclass=netlink_selinux_socket
An error window pops up reporting an SELinux/AVC type failure. It then
returns to the login screen.
Just prior to that, there are many 'denied's from udev and hald. Here
are a few:
Aug 28 10:24:21 fedora dbus: avc: denied { send_msg } for
scontext=system_u:system_r:hald_t tcontext=system_u:system_r:updfstab_t
tclass=dbus
Aug 28 10:24:21 fedora kernel: audit(1093713853.755:0): avc: denied {
execute
} for pid=3466 exe=/usr/sbin/hald name=hal-hotplug-map dev=hda2
ino=606213 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 28 10:24:21 fedora udev[3953]: creating device node '/dev/vcs7'
Aug 28 10:24:22 fedora dbus: avc: denied { send_msg } for
scontext=system_u:system_r:hald_t tcontext=system_u:system_r:updfstab_t
tclass=dbus
Aug 28 10:24:22 fedora kernel: audit(1093713853.817:0): avc: denied {
search } for pid=3798 exe=/sbin/udev name=contexts dev=hda2 ino=4509745
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:default_context_t tclass=dir
Aug 28 10:24:22 fedora dbus: avc: denied { send_msg } for
scontext=system_u:system_r:hald_t tcontext=system_u:system_r:updfstab_t
tclass=dbus
Aug 28 10:24:22 fedora kernel: audit(1093713853.819:0): avc: denied {
execute_no_trans } for pid=3846 exe=/sbin/udev
path=/etc/udev/scripts/pam_console.dev dev=hda2 ino=574019
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:etc_t
tclass=file
Aug 28 10:24:22 fedora dbus: avc: denied { send_msg } for
scontext=system_u:system_r:updfstab_t tcontext=system_u:system_r:hald_t
tclass=dbus
Aug 28 10:24:22 fedora kernel: audit(1093713853.820:0): avc: denied {
write }
for pid=3798 exe=/sbin/udev name=fscreate dev=proc ino=248905750
scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t
tclass=file
[BTW: When I reboot, /etc/fstab has been relabeled to type tmp_t.
Is the above causing this?]
I rebooted strict/permissive, and things appear OK, including loading
of sound modules.
However, as noted above, something is relabeling /etc/fstab to tmp_t:
Aug 28 10:33:21 fedora gdm(pam_unix)[3786]: session opened for user tbl
by (uid=0)
Aug 28 10:33:21 fedora kernel: audit(1093714401.349:0): avc: denied {
read } for pid=3786 exe=/usr/bin/gdm-binary name=fstab dev=hda2
ino=4654141 scontext=system_u:system_r:xdm_t
tcontext=system_u:object_r:tmp_t tclass=file
Aug 28 10:33:21 fedora kernel: audit(1093714401.350:0): avc: denied {
getattr
} for pid=3786 exe=/usr/bin/gdm-binary path=/etc/fstab dev=hda2
ino=4654141 scontext=system_u:system_r:xdm_t
tcontext=system_u:object_r:tmp_t tclass=file
I believe I'm running a 'stock' Rawhide system.
tom
19 years, 8 months
- 7
- 13
hald/hal-hotplug-map
by Tom London
hald seems to need to execute /usr/libexec/hal-hotplug-map:
Aug 29 12:45:46 fedora kernel: audit(1093808744.270:0): avc: denied {
execute
} for pid=3436 exe=/usr/sbin/hald name=hal-hotplug-map dev=hda2
ino=4123436 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:bin_t tclass=file
Aug 29 12:45:46 fedora kernel: audit(1093808744.284:0): avc: denied {
execute
} for pid=3436 exe=/usr/sbin/hald name=hal-hotplug-map dev=hda2
ino=4123436 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:bin_t tclass=file
Does it make sense to label /usr/libexec/hal* as hald_exec_t and add
'canexec(hald_t, hald_exec_t)' to hald.te ?
Also, seems that hald and updfstab need to do their dbus thing,
and hald wants to access printer_device_t.
Suggested patches to hald.te and hald.fc
--- hald.te 2004-08-27 14:37:17.000000000 -0700
+++ /etc/selinux/strict/src.old/policy/domains/program/hald.te
2004-08-28 13:40:57.000000000 -0700
@@ -37,7 +37,12 @@
ifdef(`udev.te', `
domain_auto_trans(hald_t, udev_exec_t, udev_t)
allow udev_t hald_t:unix_dgram_socket sendto;
+allow hald_t updfstab_t:dbus { send_msg };
+allow updfstab_t hald_t:dbus { send_msg };
')
allow hald_t usbdevfs_t:dir search;
allow hald_t usbdevfs_t:file { getattr read };
+
+allow hald_t printer_device_t:chr_file { read write };
+can_exec(hald_t, hald_exec_t)
---
/etc/selinux/strict/src.old/policy/domains/program/../../file_contexts/program/hald.fc
2004-08-27 14:37:17.000000000 -0700
+++ hald.fc 2004-08-29 13:36:44.147534409 -0700
@@ -1,2 +1,3 @@
# hald - hardware informationd daemon
/usr/sbin/hald -- system_u:object_r:hald_exec_t
+/usr/libexec/hal-.* -- system_u:object_r:hald_exec_t
Please correct/improve,
tom
tom
19 years, 8 months
- 3
- 3