How do I fix the following denied avc's

[Daniel J Walsh]

Antonio Olivares wrote:
> System Fedora Core 6 Test updated as of 10/06/2006
>
> [olivares at localhost ~]$ cat /etc/fedora-release 
> Fedora Core release 5.92 (FC6 Test3)
>
>
> SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
> SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
> audit(1160161820.458:4): avc:  denied  { name_bind } for  pid=1994 comm="hpiod" src=2208 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
> audit(1160161825.798:5): avc:  denied  { search } for  pid=2152 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1160161825.798:6): avc:  denied  { search } for  pid=2152 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1160161825.798:7): avc:  denied  { search } for  pid=2152 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1160161825.798:8): avc:  denied  { search } for  pid=2152 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1160161825.798:9): avc:  denied  { search } for  pid=2152 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
>
>
>   
The latest policy should have these rules.  So yum update should fix.

You can also use audit2allow to build a loadable policy module

grep avc /var/log/audit/audit.log | audit2allow -M local

> Thanks,
>
> Antonio 
>
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>