While booting the 427 kernel in enforcing mode with selinux-policy-strict-1.13.4-5, the following avc denied messages occur:
Jun 13 21:04:03 new2 kernel: audit(1087175021.671:0): avc: denied { search } for pid=931 exe=/sbin/lvm.static dev=devpts ino=1 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:devpts_t tclass=dir Jun 13 21:04:03 new2 kernel: audit(1087175022.193:0): avc: denied { getattr } for pid=931 exe=/sbin/lvm.static path=/dev/shm dev=hda2 ino=1091316 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t tclass=dir
HTH Richard Hally
On Mon, 14 Jun 2004 15:27, Richard Hally rhallyx@mindspring.com wrote:
While booting the 427 kernel in enforcing mode with selinux-policy-strict-1.13.4-5, the following avc denied messages occur:
Jun 13 21:04:03 new2 kernel: audit(1087175021.671:0): avc: denied { search } for pid=931 exe=/sbin/lvm.static dev=devpts ino=1 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:devpts_t tclass=dir
I guess we should add that, I'll put it in my tree now.
Jun 13 21:04:03 new2 kernel: audit(1087175022.193:0): avc: denied { getattr } for pid=931 exe=/sbin/lvm.static path=/dev/shm dev=hda2 ino=1091316 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t tclass=dir
It looks like you don't have /dev/shm mounted. Have you done anything deliberately to cause this?
I am just adding the audit output I got with regards to lvm.static:
audit(1087215619.565:0): avc: denied { read } for pid=835 exe=/sbin/lvm.static name=dri dev=hda6 ino=409347 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:dri_device_t tclass=dir audit(1087215619.575:0): avc: denied { search } for pid=835 exe=/sbin/lvm.static name=dri dev=hda6 ino=409347 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:dri_device_t tclass=dir audit(1087215621.189:0): avc: denied { getattr } for pid=835 exe=/sbin/lvm.static path=/dev/shm dev=hda6 ino=603157 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t tclass=dir audit(1087215621.189:0): avc: denied { read } for pid=835 exe=/sbin/lvm.static name=shm dev=hda6 ino=603157 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t tclass=dir
Regards, Frank
On Mon, 2004-06-14 at 07:28, Russell Coker wrote:
On Mon, 14 Jun 2004 15:27, Richard Hally rhallyx@mindspring.com wrote:
While booting the 427 kernel in enforcing mode with selinux-policy-strict-1.13.4-5, the following avc denied messages occur:
Jun 13 21:04:03 new2 kernel: audit(1087175021.671:0): avc: denied { search } for pid=931 exe=/sbin/lvm.static dev=devpts ino=1 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:devpts_t tclass=dir
I guess we should add that, I'll put it in my tree now.
Jun 13 21:04:03 new2 kernel: audit(1087175022.193:0): avc: denied { getattr } for pid=931 exe=/sbin/lvm.static path=/dev/shm dev=hda2 ino=1091316 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t tclass=dir
It looks like you don't have /dev/shm mounted. Have you done anything deliberately to cause this?
On Mon, 14 Jun 2004 22:13, Francis K Shim francis.shim@sympatico.ca wrote:
I am just adding the audit output I got with regards to lvm.static:
audit(1087215619.565:0): avc: denied { read } for pid=835 exe=/sbin/lvm.static name=dri dev=hda6 ino=409347 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:dri_device_t tclass=dir audit(1087215619.575:0): avc: denied { search } for pid=835 exe=/sbin/lvm.static name=dri dev=hda6 ino=409347 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:dri_device_t tclass=dir
We will put in dontaudit rules for that.
audit(1087215621.189:0): avc: denied { getattr } for pid=835 exe=/sbin/lvm.static path=/dev/shm dev=hda6 ino=603157 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t tclass=dir audit(1087215621.189:0): avc: denied { read } for pid=835 exe=/sbin/lvm.static name=shm dev=hda6 ino=603157 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t tclass=dir
This is strange, you are the second person to report that /dev/shm is not mounted. Have you done anything to make it not be mounted?
I think that we have a bug here related to /dev/shm, please send me your /etc/fstab (by private mail).
selinux@lists.fedoraproject.org