Re: New AVCs from Rawhide...
On Thu, 2004-08-05 at 11:13, Tom London wrote:
Running strict/enforcing, and running
Rawhide (selinux-policy-strict-1.15.11-1 and kernel-2.6.7-1.509),
some new AVCs logged. [Sorry if I'm 'amid updates']
<snip>
Aug 5 06:58:02 fedora kernel: audit(1091689038.197:0): avc: denied
{
read write } for pid=1 exe=/sbin/init path=/dev/console dev=rootfs
ino=5 scontext=system_u:system_r:init_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
<snip>
Aug 5 06:58:02 fedora kernel: audit(1091689038.318:0): avc: denied
{
read } for pid=1 exe=/sbin/init path=/init dev=rootfs ino=14
scontext=system_u:system_r:init_t tcontext=system_u:object_r:unlabeled_t
tclass=file
This requires a change to the SELinux kernel code to address properly;
need to be able to assign security contexts to inodes unpacked from
initramfs into the rootfs.
--
Stephen Smalley <sds(a)epoch.ncsc.mil>
National Security Agency