rhgb - bootup denials

Tom London selinux at comcast.net
Wed Jul 21 18:09:23 UTC 2004


With strict/enforcing, I get the following avcs at bootup.
Looks like rhgb does not 'run'; I get a text-style boot
display.

Jul 21 10:47:52 fedora kernel: audit(1090406834.263:0): avc:  denied  { 
mounton } for  pid=533 exe=/usr/bin/rhgb path=/initrd dev=ram0 ino=2 
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:file_t 
tclass=dir
Jul 21 10:47:52 fedora kernel: audit(1090406834.263:0): avc:  denied  { 
sys_admin } for  pid=533 exe=/usr/bin/rhgb capability=21 
scontext=system_u:system_r:rhgb_t tcontext=system_u:system_r:rhgb_t 
tclass=capability

audit2allow on this yields:
allow rhgb_t file_t:dir { mounton };
allow rhgb_t rhgb_t:capability { sys_admin };

but this seems a bit too 'heavy'.....

tom




More information about the selinux mailing list