Here are some avc denied messages that showed up from doing a yum update while in enforcing mode:
Mar 26 01:28:15 old1 kernel: audit(1080282495.299:0): avc: denied { search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538 scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t tclass=dir Mar 26 01:28:15 old1 kernel: audit(1080282495.300:0): avc: denied { search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538 scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t tclass=dir Mar 26 01:35:20 old1 kernel: audit(1080282920.844:0): avc: denied { read } for pid=4397 exe=/sbin/consoletype path=pipe:[18262] dev= ino=18262 scontext=root:system_r:consoletype_t tcontext=root:sysadm_r:rpm_t tclass=fifo_file
Richard Hally
On Fri, 2004-03-26 at 02:25, Richard Hally wrote:
Here are some avc denied messages that showed up from doing a yum update while in enforcing mode:
Mar 26 01:28:15 old1 kernel: audit(1080282495.299:0): avc: denied { search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538 scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t tclass=dir Mar 26 01:28:15 old1 kernel: audit(1080282495.300:0): avc: denied { search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538 scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t tclass=dir
Hmm. Is there a file named "1" in your /? If so, and you do a: ls -ali /1 do you see 65538? If that file exists it's an artifact of an older bug in policy that has been fixed now IIRC.
Otherwise, can you do a: find / -inum 65538 (it may take a while, be patient)
Mar 26 01:35:20 old1 kernel: audit(1080282920.844:0): avc: denied { read } for pid=4397 exe=/sbin/consoletype path=pipe:[18262] dev= ino=18262 scontext=root:system_r:consoletype_t tcontext=root:sysadm_r:rpm_t tclass=fifo_file
I just sent a patch to dwalsh to fix this one.
-----Original Message----- From: fedora-selinux-list-bounces@redhat.com [mailto:fedora-selinux-list-bounces@redhat.com]On Behalf Of Colin Walters Sent: Friday, March 26, 2004 5:04 PM To: fedora-selinux-list@redhat.com Subject: Re: avc denied messages from updating
On Fri, 2004-03-26 at 02:25, Richard Hally wrote:
Here are some avc denied messages that showed up from doing a yum update while in enforcing mode:
Mar 26 01:28:15 old1 kernel: audit(1080282495.299:0): avc: denied { search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538 scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t tclass=dir Mar 26 01:28:15 old1 kernel: audit(1080282495.300:0): avc: denied { search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538 scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t tclass=dir
Hmm. Is there a file named "1" in your /? If so, and you do a: ls -ali /1 do you see 65538? If that file exists it's an artifact of an older bug in policy that has been fixed now IIRC. ________________________________ Yes, now that you mention it I remember that bug. I deleted /1 and /2 as well. Thanks, Richard Hally
On Fri, 26 Mar 2004 18:25, "Richard Hally" rhally@mindspring.com wrote:
Here are some avc denied messages that showed up from doing a yum update while in enforcing mode:
Mar 26 01:28:15 old1 kernel: audit(1080282495.299:0): avc: denied { search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538 scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t tclass=dir
Strange that this hasn't been noticed before. Add the following: can_ps(rpm_script_t, domain)
selinux@lists.fedoraproject.org
-
Colin Walters -
Richard Hally -
Russell Coker