alot of selinux messages after todays rawhide update

Jason Dravet dravet at hotmail.com
Fri Oct 21 13:41:18 UTC 2005 

>From: Stephen Smalley <sds at tycho.nsa.gov>
>To: Jason Dravet <dravet at hotmail.com>
>CC: James Morris <jmorris at namei.org>, fedora-selinux-list at redhat.com
>Subject: Re: alot of selinux messages after todays rawhide update
>Date: Fri, 21 Oct 2005 07:56:34 -0400
>
>On Thu, 2005-10-20 at 16:19 -0500, Jason Dravet wrote:
> > After updating my system to todays rawhide I see alot selinux related
> > messages.  I am running selinux-policy-targeted-1.27.1-21.  I see these
> > messages during boot and shutdown.  I did a touch /autorelabel and 
>reboot to
> > see if things got better but they remained the same.  The first and 
>third
> > messages (hwclock and fsck) have me concerned the most.  Here are the
> > messages:
> >
> > Oct 20 15:52:47 pcjason kernel: audit(1129823524.869:2): avc:  denied  { 
>use
> > } for  pid=417 comm="hwclock" name="VolGroup00-LogVol01" dev=tmpfs 
>ino=760
> > scontext=system_u:system_r:hwclock_t:s0
> > tcontext=system_u:system_r:kernel_t:s0 tclass=fd
> >
> > Oct 20 15:52:50 pcjason kernel: audit(1129841541.911:3): avc:  denied  {
> > read } for  pid=1164 comm="restorecon" name="VolGroup00-LogVol01" 
>dev=tmpfs
> > ino=760 scontext=system_u:system_r:restorecon_t:s0
> > tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
>
>This means that the kernel (or early userspace prior to initial policy
>load) is leaking a descriptor to that device to all descendants.
>SELinux is then correctly denying access to the descriptor and device
>and closing it on each domain transition.  Someone needs to track down
>the offending entity that is leaking the descriptor and fix it.  In the
>absence of SELinux, this kind of bug would likely never be noticed
>(unless some program tried using the inherited descriptor for some
>reason).
>
>--
>Stephen Smalley
>National Security Agency
>

Thank you for the information.  It was informative.  How do you suggest one 
track down the offending process?  Please keep in mind I am not a kernel 
programmer, but I would like to help if I can.  Should I open a bugzilla 
entry?  If so what package should these messages be reported too?

Thanks,
Jason Dravet

More information about the selinux mailing list