----- Original Message ---- From: Daniel J Walsh dwalsh@redhat.com To: Antonio Olivares olivares14031@yahoo.com Cc: fedora-selinux-list@redhat.com Sent: Tuesday, June 5, 2007 8:22:32 AM Subject: Re: mknod still not working after suggested fix

Antonio Olivares wrote:

selinux is still not allowing mknod to do its job.

I have to manually create the device node every boot

[root@localhost ~]# mknod -m 600 /dev/slamr0 c 242 0 [1]+ Done gedit /boot/grub/grub.conf [root@localhost ~]# modprobe ungrab-winmodem [root@localhost ~]# modprobe slamr [root@localhost ~]# slmodemd -c USA /dev/slamr0 & [1] 2709 [root@localhost ~]# SmartLink Soft Modem: version 2.9.11 Jun 4 2007 00:14:21 symbolic link `/dev/ttySL0' -> `/dev/pts/1' created. modem `slamr0' created. TTY is `/dev/pts/1' Use `/dev/ttySL0' as modem device, Ctrl+C for termination.

audit(1181023411.825:4): avc: denied { mknod } for pid=673 comm="mknod" capability=27 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability

[root@localhost ~]# grep insmod /var/log/audit/audit.log | audit2allow -M myinsmod ******************** IMPORTANT *********************** To make this policy package active, execute:

semodule -i myinsmod.pp

[root@localhost ~]# semodule -i myinsmod.pp

What should I try now?

Regards,

Antonio

Are you seeing other avc messages? Please attach the myinsmod.te and your audit.log

---

Get the Yahoo! toolbar and be alerted to new email wherever you're surfing. http://new.toolbar.yahoo.com/toolbar/features/mail/index.php

-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[root@localhost ~]# cat myinsmod.te

module myinsmod 1.0;

require { type insmod_t; type device_t; class dir write; }

#============= insmod_t ============== allow insmod_t device_t:dir write; [root@localhost ~]#

Attachment was neglected by yahoo mail, sent it to text file and attached as auditlog.txt

[root@localhost audit]# cat audit.log | more type=DAEMON_START msg=audit(1180930151.012:6690) auditd start, ver=1.5.3, format =raw, auid=4294967295 pid=1558 res=success, auditd pid=1558 type=CONFIG_CHANGE msg=audit(1180930150.723:15): audit_enabled=1 old=0 by auid=4 294967295 subj=system_u:system_r:auditd_t:s0 res=1 type=CONFIG_CHANGE msg=audit(1180930150.723:16): audit_enabled=1 old=0 by auid=4 294967295 res=1 type=CONFIG_CHANGE msg=audit(1180930150.723:17): audit_backlog_limit=320 old=64 by auid=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 type=CONFIG_CHANGE msg=audit(1180930150.723:18): audit_backlog_limit=320 old=64 by auid=4294967295 res=1 type=USER_AUTH msg=audit(1180930198.716:19): user pid=2385 uid=0 auid=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: authentication ac ct=? : exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=failed)' type=USER_LOGIN msg=audit(1180930199.216:20): user pid=2385 uid=0 auid=429496729 5 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='acct=olivares: exe="/ bin/login" (hostname=?, addr=?, terminal=tty1 res=failed)' type=USER_AUTH msg=audit(1180930208.714:21): user pid=2385 uid=0 auid=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: authentication ac ct=root : exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)' type=USER_ACCT msg=audit(1180930208.714:22): user pid=2385 uid=0 auid=4294967295 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: accounting acct=r oot : exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)' type=LOGIN msg=audit(1180930209.214:23): login pid=2385 uid=0 old auid=429496729 ....

Thank you very much for your patience and your kindness with this issue. ,

Antonio

____________________________________________________________________________________ We won't tell. Get more on shows you hate to love (and love to hate): Yahoo! TV's Guilty Pleasures list. http://tv.yahoo.com/collections/265