Stephen Smalley wrote:
On Tue, 2005-04-26 at 15:07 -0400, Steve Brueckner wrote:
>I then did a touch /.autorelabel; reboot, then after rebooting a make
>reload. I'm using the targeted policy in permissive mode (things freeze up
>when I setenforce 1). Policy version is 19.
>
>I get a lot of avc denied messages on boot; enough to make me think I did
>something wrong with my policy update or kernel update.
>
>
It looks like a number of the avc denied messages are just noise;
normally hidden by enforcing mode (because an earlier denial that has a
dontaudit rule would have prevented the program from attempting the
later access that you see being denied). Only ones that I saw that
looked worrisome were the dhcpc attempt to run restorecon and the hald
attempt to update fstab without transitioning into updfstab_t.
I think the restorecon is removed from the latest dhclient, updfstab is
in policy as up 1.23-13-3, available on people.
Dan
--