top avcs

Steve G linux_4ever at yahoo.com
Sun Jan 1 14:23:43 UTC 2006


Hi,

I was running top as a normal user on my rawhide machine. Its scrolls avcs for
various pids like this:

type=PATH msg=audit(01/01/2006 08:55:21.980:306) : item=0 name=/proc/425/stat
inode=27852814 dev=00:03 mode=file,444 ouid=root ogid=root rdev=00:00
obj=system_u:system_r:udev_t:s0-s0:c0.c255
type=CWD msg=audit(01/01/2006 08:55:21.980:306) :
cwd=/home/sgrubb/working/BUILD
type=SYSCALL msg=audit(01/01/2006 08:55:21.980:306) : arch=x86_64 syscall=open
success=no exit=-13(Permission denied) a0=3446610680 a1=0 a2=0 a3=0 items=1
pid=3497 auid=sgrubb uid=sgrubb gid=sgrubb euid=sgrubb suid=sgrubb fsuid=sgrubb
egid=sgrubb sgid=sgrubb fsgid=sgrubb tty=tty2 comm=top exe=/usr/bin/top
subj=user_u:system_r:unconfined_t:s0
type=AVC msg=audit(01/01/2006 08:55:21.980:306) : avc:  denied  { read } for
pid=3497 comm=top name=stat dev=proc ino=27852814
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:system_r:udev_t:s0-s0:c0.c255 tclass=file

pid 425 is udevd. I am wondering if this is just something that needs correcting
in policy or if this is a case where polyinstantiation is needed for the proc
file system.

-Steve


	
		
__________________________________ 
Yahoo! for Good - Make a difference this year. 
http://brand.yahoo.com/cybergivingweek2005/




More information about the selinux mailing list