On Fri, 2004-03-26 at 02:25, Richard Hally wrote:
Here are some avc denied messages that showed up from doing a yum
update
while in enforcing mode:
Mar 26 01:28:15 old1 kernel: audit(1080282495.299:0): avc: denied {
search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538
scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t
tclass=dir
Mar 26 01:28:15 old1 kernel: audit(1080282495.300:0): avc: denied {
search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538
scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t
tclass=dir
Hmm. Is there a file named "1" in your /? If so, and you do a:
ls -ali /1
do you see 65538? If that file exists it's an artifact of an older bug
in policy that has been fixed now IIRC.
Otherwise, can you do a:
find / -inum 65538
(it may take a while, be patient)
Mar 26 01:35:20 old1 kernel: audit(1080282920.844:0): avc: denied {
read } for pid=4397 exe=/sbin/consoletype path=pipe:[18262] dev=
ino=18262 scontext=root:system_r:consoletype_t
tcontext=root:sysadm_r:rpm_t tclass=fifo_file
I just sent a patch to dwalsh to fix this one.