>> Which avc's still appear?
>
>
> After applying today's updates,
>
> [olivares@localhost ~]$ dmesg | grep 'avc'
> type=1400 audit(1220475941.234:4): avc: denied {
read write } for pid=613 comm="readahead"
path="/dev/console" dev=tmpfs ino=410
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220475941.235:5): avc: denied {
read write } for pid=613 comm="readahead"
path="/dev/console" dev=tmpfs ino=410
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220475941.235:6): avc: denied {
read write } for pid=613 comm="readahead"
path="/dev/console" dev=tmpfs ino=410
scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220475942.150:7): avc: denied {
fowner } for pid=613 comm="readahead"
capability=3 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475942.150:8): avc: denied {
fowner } for pid=613 comm="readahead"
capability=3 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475942.155:9): avc: denied {
fowner } for pid=613 comm="readahead"
capability=3 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475942.651:10): avc: denied {
fowner } for pid=613 comm="readahead"
capability=3 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475968.477:11): avc: denied {
write } for pid=1475 comm="ip6tables-resto"
path="/0" dev=devpts ino=2
scontext=system_u:system_r:iptables_t:s0
tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> type=1400 audit(1220475969.949:12): avc: denied {
write } for pid=1697 comm="ip"
path="/0" dev=devpts ino=2
scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> type=1400 audit(1220476005.919:13): avc: denied {
search } for pid=1958 comm="pcscd"
name="dbus" dev=dm-0 ino=3276848
scontext=system_u:system_r:pcscd_t:s0
tcontext=system_u:object_r:system_dbusd_var_run_t:s0
tclass=dir
> type=1400 audit(1220476026.870:14): avc: denied {
search } for pid=2368 comm="python"
name="hp" dev=dm-0 ino=28345940
scontext=system_u:system_r:cupsd_config_t:s0
tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir
> type=1400 audit(1220476026.972:15): avc: denied {
execute } for pid=2417 comm="gdm"
name="rpm" dev=dm-0 ino=24117291
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220476026.973:16): avc: denied {
getattr } for pid=2417 comm="gdm"
path="/bin/rpm" dev=dm-0 ino=24117291
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220476026.973:17): avc: denied {
getattr } for pid=2417 comm="gdm"
path="/bin/rpm" dev=dm-0 ino=24117291
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220476028.580:18): avc: denied {
search } for pid=2449 comm="python"
name="hp" dev=dm-0 ino=28345940
scontext=system_u:system_r:cupsd_config_t:s0
tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir
> [olivares@localhost ~]$
> [olivares@localhost ~]$ uname -a
> Linux localhost 2.6.27-0.297.rc5.git2.fc10.i686 #1 SMP
Tue Sep 2 11:19:36 EDT 2008 i686 athlon i386 GNU/Linux
>
>
>
OK, so running "restorecon" on your home
directory got rid of the
pulse related AVCs.
Are you booting/running in enforcing or permissive mode?
enforcing :)
tom
--
Tom London
Thanks,
Antonio