How do I fix the following denied avc's
Daniel J Walsh
dwalsh at redhat.com
Sat Oct 7 11:34:10 UTC 2006
Antonio Olivares wrote:
> System Fedora Core 6 Test updated as of 10/06/2006
>
> [olivares at localhost ~]$ cat /etc/fedora-release
> Fedora Core release 5.92 (FC6 Test3)
>
>
> SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
> SELinux: initialized (dev autofs, type autofs), uses genfs_contexts
> audit(1160161820.458:4): avc: denied { name_bind } for pid=1994 comm="hpiod" src=2208 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
> audit(1160161825.798:5): avc: denied { search } for pid=2152 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1160161825.798:6): avc: denied { search } for pid=2152 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1160161825.798:7): avc: denied { search } for pid=2152 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1160161825.798:8): avc: denied { search } for pid=2152 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
> audit(1160161825.798:9): avc: denied { search } for pid=2152 comm="hald" name="irq" dev=proc ino=-268435212 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:sysctl_irq_t:s0 tclass=dir
>
>
>
The latest policy should have these rules. So yum update should fix.
You can also use audit2allow to build a loadable policy module
grep avc /var/log/audit/audit.log | audit2allow -M local
> Thanks,
>
> Antonio
>
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the selinux
mailing list