selinux-policy-targeted-1.23.12-4: /proc {search} failures ?
Russell Coker
russell at coker.com.au
Mon Apr 25 06:10:25 UTC 2005
On Monday 25 April 2005 03:45, Tom London <selinux at gmail.com> wrote:
> Booting w/ enforcing=0 produces the attached log file.
>
> My guess is that this happens when init is checking to see if gdm is
> up (I boot with 'early-login'). Sound reasonable?
early-login is implemented in /etc/rc.sysinit so it should be running as
initrc_t not init_t.
avc: denied { write } for name=vcs7 dev=sysfs ino=5938
scontext=system_u:system_r:hotplug_t tcontext=system_u:object_r:sysfs_t
tclass=dir
This seems like a bug in hotplug to me. AFAIK it's not valid to create a file
under /sys/class/vc/vcs7 or do anything else that requires write access to
the directory. Could you please try and track down what is happening and
file a bugzilla?
avc: denied { read } for name=config dev=dm-0 ino=1275872
scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:selinux_config_t tclass=file
Is dhclient trying to run restorecon? At one stage it was trying to run
restorecon which could result in such access. Please find out what it's
doing, presumably it's something from /sbin/dhclient-script that's doing
this.
As for init_t trying to do something like "ps", could you find out what
exactly it's trying to do? Also it would be best if you posted the logs of
running with enforcing=0, if nothing else it will give more terse logs that
are easier to interpret.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the selinux
mailing list