SELinux AVCs with swap stored in LVM volume
Stephen Smalley
sds at tycho.nsa.gov
Mon Oct 31 15:55:34 UTC 2005
On Mon, 2005-10-31 at 09:47 -0500, Daniel J Walsh wrote:
> The fd:use and blk_file read is caused by a kernel bug. Basically the
> kernel is leaking open file descriptors to subprocesses and SELinux is
> preventing access to these leaked file descriptors. This is a good
> thing, since these processes could gain would be able to manipulate
> these file descriptors. SELinux is great at detecting and preventing
> this type of problem. This has been reported to bugsilla. Reviewing
> you dmesg file also reveals that you have blkid.tab labeled incorrectly.
I think it may be a lvm bug rather than a kernel bug, so you may want to
re-assign it in bugzilla. Note that anything that runs prior to initial
policy load by /sbin/init or anything that runs as a usermode helper
from the kernel without a domain transition defined will run with type
kernel_t.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list