On Wed, 2005-07-13 at 15:06 +0100, Ruth Ivimey-Cook wrote:
I've just updated my desktop to FC4, have updated the policy to
latest
available versions, and am having problems with selinux denying access to a
file I can't even find! Hoping someone can help.
OS: FC4, updated today.
Policy 1-25-1
Mode Targeted
kernel 2.6.12.1 (
kernel.org)
Jul 13 14:35:25 filestore kernel: [4294782.219000]
audit(1121261725.182:0): avc: denied { use } for path=/init
dev=rootfs ino=42 scontext=system_u:system_r:i18n_input_t
tcontext=system_u:system_r:kernel_t tclass=fd
This is a file from the "rootfs", i.e. the in-memory filesystem exploded
from the initramfs image by the kernel during initialization. It isn't
an on-disk file. The kernel is improperly leaving a descriptor to it
open when it executes /sbin/init, and this is then being inherited by
all processes. SELinux rechecks access to open descriptors during
execve, and if in enforcing mode, should be closing the descriptor and
re-opening it to the null device due to the denial. Normally this stops
the flow of such audit messages early on, as it is no longer inherited
after that point.
I'm not quite sure what effect the denials are having, but the
system is not
very stable at present.
That particular denial should have no impact on stability.
--
Stephen Smalley
National Security Agency