enforcing mode update errors

Wed Jun 9 03:28:44 UTC 2004

Russell Coker wrote:

> On Wed, 9 Jun 2004 07:37, Richard Hally <rhally at mindspring.com> wrote:
> 
>>Below are the error messages from running 'yum update' today while in
>>enforcing mode.
>>Perhaps this will be helpful to someone.
> 
> 
> What AVC messages did you get?
> 
Here are the avc messages that I think were from the update:

Jun  8 14:49:07 new2 kernel: audit(1086720547.359:0): avc:  denied  { 
read } for  pid=5967 exe=/usr/sbin/load_policy name=policy.17 dev=hda2 
ino=913086 scontext=root:sysadm_r:load_policy_t 
tcontext=root:object_r:etc_t tclass=file
Jun  8 14:49:43 new2 kernel: audit(1086720583.805:0): avc:  denied  { 
read } for  pid=6032 exe=/usr/sbin/load_policy name=policy.17 dev=hda2 
ino=913086 scontext=root:sysadm_r:load_policy_t 
tcontext=root:object_r:etc_t tclass=file

Jun  8 14:50:42 new2 kernel: audit(1086720642.556:0): avc:  denied  { 
read } for  pid=6040 exe=/usr/sbin/groupadd name=config dev=hda2 
ino=914871 scontext=root:sysadm_r:groupadd_t 
tcontext=system_u:object_r:selinux_config_t tclass=file
Jun  8 14:50:42 new2 kernel: audit(1086720642.857:0): avc:  denied  { 
read } for  pid=6041 exe=/usr/sbin/groupadd name=config dev=hda2 
ino=914871 scontext=root:sysadm_r:groupadd_t 
tcontext=system_u:object_r:selinux_config_t tclass=file
Jun  8 14:50:42 new2 kernel: audit(1086720642.860:0): avc:  denied  { 
read } for  pid=6042 exe=/usr/sbin/groupadd name=config dev=hda2 
ino=914871 scontext=root:sysadm_r:groupadd_t 
tcontext=system_u:object_r:selinux_config_t tclass=file
Jun  8 14:50:43 new2 kernel: audit(1086720643.071:0): avc:  denied  { 
read } for  pid=6043 exe=/usr/sbin/useradd name=config dev=hda2 
ino=914871 scontext=root:sysadm_r:useradd_t 
tcontext=system_u:object_r:selinux_config_t tclass=file

Jun  8 14:53:13 new2 kernel: audit(1086720793.835:0): avc:  denied  { 
read } for  pid=6446 exe=/usr/sbin/userdel name=config dev=hda2 
ino=914871 scontext=root:sysadm_r:useradd_t 
tcontext=system_u:object_r:selinux_config_t tclass=file
Jun  8 14:53:14 new2 kernel: audit(1086720794.145:0): avc:  denied  { 
read } for  pid=6447 exe=/usr/sbin/useradd name=config dev=hda2 
ino=914871 scontext=root:sysadm_r:useradd_t 
tcontext=system_u:object_r:selinux_config_t tclass=file
Jun  8 14:54:22 new2 kernel: audit(1086720862.714:0): avc:  denied  { 
read } for  pid=6504 exe=/usr/sbin/useradd name=config dev=hda2 
ino=914871 scontext=root:sysadm_r:useradd_t 
tcontext=system_u:object_r:selinux_config_t tclass=file
-----------------------------------------------------------------------------
And a ton of these(that are probably not related to the policy update:)

Jun  8 14:58:49 new2 kernel: audit(1086721129.020:0): avc:  denied  { 
read } for  pid=6718 exe=/sbin/ldconfig name=libgaim-remote.so.0.0.0 
dev=hda2 ino=52056 scontext=root:sysadm_r:ldconfig_t 
tcontext=root:object_r:lib_t tclass=file
Jun  8 14:59:17 new2 kernel: audit(1086721157.931:0): avc:  denied  { 
getattr }
for  pid=6722 exe=/sbin/ldconfig path=/usr/lib/libgaim-remote.so.0.0.0 
dev=hda2
ino=52056 scontext=root:sysadm_r:ldconfig_t tcontext=root:object_r:lib_t 
tclass=file
Jun  8 14:59:30 new2 kernel: audit(1086721170.335:0): avc:  denied  { 
read } for  pid=6722 exe=/sbin/ldconfig name=libgaim-remote.so.0.0.0 
dev=hda2 ino=52056 scontext=root:sysadm_r:ldconfig_t 
tcontext=root:object_r:lib_t tclass=file
Jun  8 15:00:13 new2 kernel: audit(1086721213.603:0): avc:  denied  { 
getattr }
for  pid=6760 exe=/sbin/ldconfig path=/usr/lib/libgaim-remote.so.0.0.0 
dev=hda2
ino=52056 scontext=root:sysadm_r:ldconfig_t tcontext=root:object_r:lib_t 
tclass=file
Jun  8 15:00:28 new2 kernel: audit(1086721228.071:0): avc:  denied  { 
read } for  pid=6760 exe=/sbin/ldconfig name=libgaim-remote.so.0.0.0 
dev=hda2 ino=52056 scontext=root:sysadm_r:ldconfig_t 
tcontext=root:object_r:lib_t tclass=file
Jun  8 15:02:05 new2 kernel: audit(1086721325.781:0): avc:  denied  { 
getattr }
for  pid=6762 exe=/sbin/ldconfig path=/usr/lib/libgaim-remote.so.0.0.0 
dev=hda2
ino=52056 scontext=root:sysadm_r:ldconfig_t tcontext=root:object_r:lib_t 
tclass=file
:

THT
Richard Hally