selinux and readahead
Daniel J Walsh
dwalsh at redhat.com
Wed Sep 3 15:19:52 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Dear all,
>
> I have encountered the following setroubleshoot warning:
>
>
> Summary:
>
> SELinux is preventing readahead (readahead_t) "read" to inotify (inotifyfs_t).
>
> Detailed Description:
>
> SELinux denied access requested by readahead. It is not expected that this
> access is required by readahead and this access may signal an intrusion attempt.
> It is also possible that the specific version or configuration of the
> application is causing it to require additional access.
>
> Allowing Access:
>
> Sometimes labeling problems can cause SELinux denials. You could try to restore
> the default system file context for inotify,
>
> restorecon -v 'inotify'
>
> If this does not work, there is currently no automatic way to allow this access.
> Instead, you can generate a local policy module to allow this access - see FAQ
> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not recommended.
> Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
> against this package.
>
> Additional Information:
>
> Source Context system_u:system_r:readahead_t:SystemLow-SystemHigh
> Target Context system_u:object_r:inotifyfs_t
> Target Objects inotify [ dir ]
> Source readahead
> Source Path /usr/sbin/readahead
> Port <Unknown>
> Host localhost.localdomain
> Source RPM Packages readahead-1.4.4-1.fc10
> Target RPM Packages
> Policy RPM selinux-policy-3.5.1-4.fc10
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name catchall_file
> Host Name localhost.localdomain
> Platform Linux localhost.localdomain
> 2.6.27-0.244.rc2.git1.fc10.i686 #1 SMP Fri Aug 8
> 13:26:20 EDT 2008 i686 i686
> Alert Count 2
> First Seen Thu 21 Aug 2008 04:04:26 AM CDT
> Last Seen Thu 21 Aug 2008 04:04:28 AM CDT
> Local ID c67dc8d2-0096-4510-9075-cbea7074ffa2
> Line Numbers
>
> Raw Audit Messages
>
> host=localhost.localdomain type=AVC msg=audit(1219309468.106:155): avc: denied { read } for pid=7574 comm="readahead" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:readahead_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir
>
> host=localhost.localdomain type=SYSCALL msg=audit(1219309468.106:155): arch=40000003 syscall=11 success=yes exit=0 a0=9f292d0 a1=9f29368 a2=9f295c0 a3=0 items=0 ppid=7564 pid=7574 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=24 comm="readahead" exe="/usr/sbin/readahead" subj=system_u:system_r:readahead_t:s0-s0:c0.c1023 key=(null)
>
>
>
>
> I do not know if readahead should be denied or not? What do you recommend that I do?
>
> Regards,
>
> Antonio
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Fixed in selinux-policy-3.5.6-1.fc10
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAki+qxgACgkQrlYvE4MpobPFVQCfRkAZKXtrEoL62+Q1tbQZAj1R
roYAmwRtzNJpWuGJaz0Wdf+juqPKqiwn
=jjmC
-----END PGP SIGNATURE-----
More information about the selinux
mailing list