* Stephen Smalley <sds(a)epoch.ncsc.mil> [2004-05-27 14:45]:
On Thu, 2004-05-27 at 04:39, Matthew East wrote:
> p.s. Just for the record, or in case they are useful, here are the error
> messages I get when booting my new kernel which was compiled with
> selinux set to permissive.
>
> Freeing unused kernel memory: 160k freed
> security: 5 users, 7 roles, 1244 types, 1 bools
> security: 30 classes, 303377 rules
> SELinux: Completing initialization.
> SELinux: Setting up existing superblocks.
> SELinux: initialized (dev , type selinuxfs), uses genfs_contexts
> SELinux: initialized (dev hda2, type ext3), uses xattr
> audit(1085619351.268:0): avc: denied { ioctl } for pid=164
> exe=/bin/bash path=/dev/null dev=hda2 ino=283937
> scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:unlabeled_t tclass=chr_file
> audit(1085619351.271:0): avc: denied { getattr } for pid=176
> exe=/bin/bash path=/etc/hotplug dev=hda2 ino=49185
> scontext=system_u:system_r:kernel_t
> tcontext=system_u:object_r:unlabeled_t tclass=dir
Very odd; these certainly shouldn't be unlabeled_t. What does a
getfilecon /etc/hotplug (or any of these files that are showing up with
unlabeled_t) show?
It looks like it is a similar problem like the one that has bitten
me[0].
Matthew said he had built a custom kernel so it is possible that a an
unusual combination of kernel options is causing this.
I am attaching my kernel .config (run through egrep -v '^#') so that
hopefully someone with more kernel knowledge can debug this and find the
problem. (I would be happy to test kernel patches trying to fix this)
Thanks,
Thomas
[0]: see
http://marc.theaimsgroup.com/?l=selinux&m=108535024629852&w=2
--
http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA D09E C562 2BAE B2F4 ABE7