AVCs with rawhide policy....
Running latest rawhide, targeted/enforcing.
Get these on boot in /var/log/messages:
Feb 28 18:03:58 localhost kernel: audit(1172714587.604:4): avc:
denied { getattr } for pid=436 comm="mount" name="/" dev=selinuxfs
ino=540 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
and
Feb 28 18:03:58 localhost kernel: loop: loaded (max 8 devices)
Feb 28 18:03:58 localhost kernel: audit(1172714600.629:6): avc:
denied { getattr } for pid=1719 comm="fsck" name="/" dev=selinuxfs
ino=540 scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
Feb 28 18:03:58 localhost kernel: audit(1172714600.923:7): avc:
denied { getattr } for pid=1724 comm="mount" name="/" dev=selinuxfs
ino=540 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
Feb 28 18:03:58 localhost kernel: EXT3 FS on dm-0, internal journal
Feb 28 18:03:58 localhost kernel: audit(1172714601.074:8): avc:
denied { getattr } for pid=1728 comm="mount" name="/" dev=selinuxfs
ino=540 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
Feb 28 18:03:58 localhost kernel: audit(1172714601.078:9): avc:
denied { getattr } for pid=1729 comm="mount" name="/" dev=selinuxfs
ino=540 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
Feb 28 18:03:58 localhost kernel: audit(1172714601.082:10): avc:
denied { getattr } for pid=1730 comm="mount" name="/" dev=selinuxfs
ino=540 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
Feb 28 18:03:58 localhost kernel: audit(1172714601.086:11): avc:
denied { getattr } for pid=1731 comm="mount" name="/" dev=selinuxfs
ino=540 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
Feb 28 18:03:58 localhost kernel: audit(1172714601.089:12): avc:
denied { getattr } for pid=1732 comm="mount" name="/" dev=selinuxfs
ino=540 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
and
Feb 28 18:03:58 localhost kernel: audit(1172714602.004:14): avc:
denied { getattr } for pid=1787 comm="swapon" name="/"
dev=selinuxfs
ino=540 scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
and
Feb 28 18:03:58 localhost kernel: audit(1172714603.821:16): avc:
denied { getattr } for pid=1904 comm="iptables-restor" name="/"
dev=selinuxfs ino=540 scontext=system_u:system_r:iptables_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
and
Feb 28 18:03:58 localhost kernel: audit(1172714605.500:17): avc:
denied { getattr } for pid=2092 comm="ifconfig" name="/"
dev=selinuxfs ino=540 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=filesystem
I attach audit.log.
tom
--
Tom London
Attachments:
- audit-log.txt (text/plain — 9.8 KB)