With the latest kernel I am getting some strange AVC messages I didn't get with 2.6.5-1.358.
audit(1087039822.666:0): avc: denied { getattr } for pid=5262 exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t tcontext=system_u:object_r:root_t tclass=chr_file audit(1087039822.684:0): avc: denied { getattr } for pid=5262 exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t tcontext=system_u:object_r:root_t tclass=chr_file
There is no device node 16381 on the file system. Running the same command repeatedly gives similar messages with different inode numbers, so I guess it's some sort of temporary file. The machine is in enforcing mode and nothing that might want to create a root_t chr_file has permission to do so...
On Sat, 12 Jun 2004 21:38:37 +1000, Russell Coker said:
With the latest kernel I am getting some strange AVC messages I didn't get with 2.6.5-1.358.
audit(1087039822.666:0): avc: denied { getattr } for pid=5262 exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t tcontext=system_u:object_r:root_t tclass=chr_file audit(1087039822.684:0): avc: denied { getattr } for pid=5262 exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t tcontext=system_u:object_r:root_t tclass=chr_file
There is no device node 16381 on the file system. Running the same command repeatedly gives similar messages with different inode numbers, so I guess it's some sort of temporary file. The machine is in enforcing mode and nothing that might want to create a root_t chr_file has permission to do so...
I've been seeing this (avc points at a file that 'find -inum' can't find) with some recent 2.6.6 and 2.6.7-rc -mm kernels as well. I suspect (but haven't verified yet, I'll have to remember to boot single user and check) that the operation in question is referencing a file in /var (for instance), and that ino=16381 is in fact the inode *for the directory 'var' in /* and that while crossing over the mount point it's getting confused about the difference between the root inode of the mounted filesystem and the inode of the directory it's mounted on....
I'll try to remember to double-check this when I next reboot the laptop and follow up on it tomorrow...
On Sat, 2004-06-12 at 07:38, Russell Coker wrote:
With the latest kernel I am getting some strange AVC messages I didn't get with 2.6.5-1.358.
audit(1087039822.666:0): avc: denied { getattr } for pid=5262 exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t tcontext=system_u:object_r:root_t tclass=chr_file audit(1087039822.684:0): avc: denied { getattr } for pid=5262 exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t tcontext=system_u:object_r:root_t tclass=chr_file
There is no device node 16381 on the file system. Running the same command repeatedly gives similar messages with different inode numbers, so I guess it's some sort of temporary file. The machine is in enforcing mode and nothing that might want to create a root_t chr_file has permission to do so...
Have you rebooted with a policy that includes the devnull initial SID and context?
selinux@lists.fedoraproject.org