Steve G wrote:

Hi,

When yum updates my rawhide policy, I get these avcs:

type=PATH msg=audit(12/29/2005 08:26:52.659:120) : item=0 name=/etc/mtab inode=11403372 dev=03:07 mode=file,644 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:etc_runtime_t:s0 type=CWD msg=audit(12/29/2005 08:26:52.659:120) : cwd=/ type=SYSCALL msg=audit(12/29/2005 08:26:52.659:120) : arch=x86_64 syscall=open success=no exit=-13(Permission denied) a0=3446313756 a1=0 a2=1b6 a3=0 items=1 pid=2472 auid=root uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=tty1 comm=load_policy exe=/usr/sbin/load_policy subj=root:system_r:load_policy_t:s0-s0:c0.c255 type=AVC msg=audit(12/29/2005 08:26:52.659:120) : avc: denied { read } for pid=2472 comm=load_policy name=mtab dev=hda7 ino=11403372 scontext=root:system_r:load_policy_t:s0-s0:c0.c255 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file

-Steve

This looks like a bug of a file descriptor being left open. Somthing in the kernel/init/initrd must be opening /etc/mtab and not setting closeonexec. Need to bugzilla the kernel I guess.

__________________________________________ Yahoo! DSL – Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list