On Tue, 2007-04-10 at 06:23 -0700, Antonio Olivares wrote:
Dear list,
I am running rawhide and I get these denied avcs
[olivares@localhost ~]$ cat /etc/fedora-release
Fedora release 6.92 (Rawhide)
[olivares@localhost ~]$
There is a tool semanage, but I do not know how to use it. Is there any reference to
this new tool.
How do I fix this using chcon -? or other tools to troubleshoot this.
audit(1176209974.281:4): avc: denied { create } for pid=991
comm="create_floppy_d" name="fd0u1440"
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0
tclass=blk_file
In this case, it appears that udev is creating a device node without
properly setting its security context.
I can confirm the same behavior on a rawhide system here.
/sbin/restorecon -nv /dev/fd0u1440 reports that it has default_t but
should have removable_device_t according to policy.
Possibly a bug in the latest version of udev?
--
Stephen Smalley
National Security Agency