rhgb....still no graphical boot when strict/enforcing

Tom London selinux at comcast.net
Sat Jul 31 20:48:42 UTC 2004


I'm still getting only text-based boots when running with strict/enforcing,
but graphical boots if I set 'enforcing=0'

Here are entries from the log from a strict/enforcing boot:

Jul 31 11:16:23 fedora kernel: SELinux: initialized (dev sockfs, type 
sockfs), uses task SIDs
Jul 31 11:16:23 fedora kernel: SELinux: initialized (dev proc, type 
proc), uses
genfs_contexts
Jul 31 11:16:23 fedora kernel: SELinux: initialized (dev bdev, type 
bdev), uses
genfs_contexts
Jul 31 11:16:23 fedora kernel: SELinux: initialized (dev rootfs, type 
rootfs), uses genfs_contexts
Jul 31 11:16:23 fedora kernel: SELinux: initialized (dev sysfs, type 
sysfs), uses genfs_contexts
Jul 31 11:16:23 fedora kernel: audit(1091272545.625:0): avc:  denied  { 
mounton
} for  pid=533 exe=/usr/bin/rhgb path=/initrd dev=ram0 ino=2 
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:file_t 
tclass=dir
Jul 31 11:16:23 fedora kernel: audit(1091272545.625:0): avc:  denied  { 
sys_admin } for  pid=533 exe=/usr/bin/rhgb capability=21 
scontext=system_u:system_r:rhgb_t tcontext=system_u:system_r:rhgb_t 
tclass=capability


Here are log entries from an 'enforcing=0' boot:

Jul 29 20:40:38 fedora kernel: SELinux: initialized (dev sockfs, type 
sockfs), uses task SIDs
Jul 29 20:40:38 fedora kernel: SELinux: initialized (dev proc, type 
proc), uses
genfs_contexts
Jul 29 20:40:38 fedora kernel: SELinux: initialized (dev bdev, type 
bdev), uses
genfs_contexts
Jul 29 20:40:38 fedora kernel: SELinux: initialized (dev rootfs, type 
rootfs), uses genfs_contexts
Jul 29 20:40:38 fedora kernel: SELinux: initialized (dev sysfs, type 
sysfs), uses genfs_contexts
Jul 29 20:40:38 fedora kernel: audit(1091133597.795:0): avc:  denied  { 
mounton
} for  pid=533 exe=/usr/bin/rhgb path=/initrd dev=ram0 ino=2 
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:file_t 
tclass=dir
Jul 29 20:40:38 fedora kernel: SELinux: initialized (dev ramfs, type 
ramfs), uses genfs_contexts
Jul 29 20:40:38 fedora kernel: audit(1091133597.795:0): avc:  denied  { 
mount }
for  pid=533 exe=/usr/bin/rhgb name=/ dev=ramfs ino=1291 
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:ramfs_t 
tclass=filesystem
Jul 29 20:40:38 fedora kernel: audit(1091133598.713:0): avc:  denied  { 
search } for  pid=534 exe=/usr/bin/rhgb name=run dev=hda2 ino=4456484 
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:var_run_t 
tclass=dir

tom



More information about the selinux mailing list