kernel-2.6.7-1.439 produces the AVCs shown below. Appears to be having some problem early on dealing with /proc (or /sys) ? (looks like inode#1121665 is the mount point /proc or /sys on /).
This didn't happen with earlier kernels. It appears to cause no problems.
tom
-------------------------------------------------- Jun 29 07:04:05 vaio kernel: SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts Jun 29 07:04:05 vaio kernel: audit(1088492566.426:0): avc: denied { search } for pid=226 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:05 vaio kernel: audit(1088492566.462:0): avc: denied { search } for pid=231 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:05 vaio kernel: audit(1088492566.500:0): avc: denied { search } for pid=236 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.538:0): avc: denied { search } for pid=241 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.571:0): avc: denied { search } for pid=245 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.611:0): avc: denied { search } for pid=251 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.651:0): avc: denied { search } for pid=257 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.721:0): avc: denied { search } for pid=272 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.756:0): avc: denied { search } for pid=277 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.793:0): avc: denied { search } for pid=282 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.832:0): avc: denied { search } for pid=287 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.855:0): avc: denied { search } for pid=289 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.883:0): avc: denied { search } for pid=293 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.915:0): avc: denied { search } for pid=297 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.954:0): avc: denied { search } for pid=303 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492566.994:0): avc: denied { search } for pid=309 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492567.049:0): avc: denied { search } for pid=318 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492567.072:0): avc: denied { search } for pid=320 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492567.178:0): avc: denied { search } for pid=334 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: audit(1088492567.181:0): avc: denied { search } for pid=332 exe=/bin/bash name=proc dev=hda2 ino=1121665 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_t tclass=dir Jun 29 07:04:06 vaio kernel: SELinux: initialized (dev ramfs, type ramfs), uses genfs_contexts
On Tue, 2004-06-29 at 10:34, Tom London wrote:
kernel-2.6.7-1.439 produces the AVCs shown below. Appears to be having some problem early on dealing with /proc (or /sys) ? (looks like inode#1121665 is the mount point /proc or /sys on /).
This didn't happen with earlier kernels. It appears to cause no problems.
It should be harmless, as any attempt by udev to access proc before it is mounted is going to fail anyway, so this just changes the error condition (ENOENT -> EACCES).
On Wed, 30 Jun 2004 01:28, Stephen Smalley sds@epoch.ncsc.mil wrote:
It should be harmless, as any attempt by udev to access proc before it is mounted is going to fail anyway, so this just changes the error condition (ENOENT -> EACCES).
We will have to add a dontaudit rule for it as we do for a number of other domains that may access mount points before the file system is mounted.
selinux@lists.fedoraproject.org