dmesg returns
audit(1181681041.681:4): avc: denied { add_name } for pid=739 comm="mknod" name="slamr0" scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=dir
After I did this again
[olivares@localhost ~]$ su - Password: [root@localhost ~]# grep insmod /var/log/audit/audit.log | audit2allow -M myinsmod ******************** IMPORTANT *********************** To make this policy package active, execute:
semodule -i myinsmod.pp
[root@localhost ~]# semodule -i myinsmod.pp [root@localhost ~]#
Selinux troubleshooter returned this:
avc: denied { write } for comm="mknod" dev=tmpfs egid=0 euid=0 exe="/bin/mknod" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/" pid=2766 scontext=user_u:system_r:insmod_t:s0 sgid=0 subj=user_u:system_r:insmod_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:device_t:s0 tty=pts0 uid=0
Policy RPM: selinux-policy-2.6.4-8.fc7
Affected RPM Packages: coreutils-6.9-2.fc7 [application]Policy RPM: selinux-policy-2.6.4-12.fc7
How can I effectively fix this?
This is my /etc/modprobe.conf
[root@localhost Download]# cat /etc/modprobe.conf alias eth0 8139too alias scsi_hostadapter sata_via alias scsi_hostadapter1 pata_via alias snd-card-0 snd-via82xx options snd-card-0 index=0 options snd-via82xx index=0 install slamr modprobe --ignore-install ungrab-winmodem ; modprobe --ignore-install slamr; test -e /dev/slamr0 || (/bin/mknod -m 660 /dev/slamr0 c 242 0 2>/dev/null && chgrp dialout /dev/slamr0) [root@localhost Download]#
Thanks,
Antonio
____________________________________________________________________________________ Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
Antonio Olivares wrote:
dmesg returns
audit(1181681041.681:4): avc: denied { add_name } for pid=739 comm="mknod" name="slamr0" scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=dir
After I did this again
[olivares@localhost ~]$ su - Password: [root@localhost ~]# grep insmod /var/log/audit/audit.log | audit2allow -M myinsmod ******************** IMPORTANT *********************** To make this policy package active, execute:
semodule -i myinsmod.pp
[root@localhost ~]# semodule -i myinsmod.pp [root@localhost ~]#
Selinux troubleshooter returned this:
avc: denied { write } for comm="mknod" dev=tmpfs egid=0 euid=0 exe="/bin/mknod" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/" pid=2766 scontext=user_u:system_r:insmod_t:s0 sgid=0 subj=user_u:system_r:insmod_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:device_t:s0 tty=pts0 uid=0
Yes you allowed add_name to the directory now it is complaing about the write. It is best to put the machine in permissive mode, Run the app to completion, then generate the policy and retest in enforcing mode.
setenforce 0 run test grep insmod /var/log/audit/audit.log | audit2allow -M myinsmod semodule -i myinsmod.pp setenforce 1 run test
Policy RPM: selinux-policy-2.6.4-8.fc7
Affected RPM Packages: coreutils-6.9-2.fc7 [application]Policy RPM: selinux-policy-2.6.4-12.fc7
How can I effectively fix this?
This is my /etc/modprobe.conf
[root@localhost Download]# cat /etc/modprobe.conf alias eth0 8139too alias scsi_hostadapter sata_via alias scsi_hostadapter1 pata_via alias snd-card-0 snd-via82xx options snd-card-0 index=0 options snd-via82xx index=0 install slamr modprobe --ignore-install ungrab-winmodem ; modprobe --ignore-install slamr; test -e /dev/slamr0 || (/bin/mknod -m 660 /dev/slamr0 c 242 0 2>/dev/null && chgrp dialout /dev/slamr0) [root@localhost Download]#
Thanks,
Antonio
Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
selinux@lists.fedoraproject.org
-
Antonio Olivares -
Daniel J Walsh