SELinux: security_context_to_sid error

Anamitra Dutta Majumdar (anmajumd) anmajumd at cisco.com
Tue Aug 14 17:29:02 UTC 2012 

Hi Dan,

We are compiling our policies on the new OS and then installing it. All
the policies install fine.
When the box comes up after firstboot following the install that is when
we see this error in the
D message buffer.

Here are our current entries in the  /etc/fstab file


#
UUID=0325a3b6-4c4d-468d-8d41-218a625104af /                       ext4
defaults,noatime 1 1
UUID=9da9fcd3-127a-4cfd-8354-bda6b7b12b39 /common                 ext4
defaults        1 2
UUID=43b41e10-8147-4e6b-95fd-663b904a248a /grub                   ext4
defaults        1 2
UUID=a0e34fd5-d4a8-48e0-a1e8-c58b38880dd6 /partB                  ext4
defaults 1 0
UUID=41d14b91-c85d-4a69-8c35-df8213a0647c swap                    swap
defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
none   /var/log/ramfs/cm/trace/ccm/sdi   dbcfs
noauto,uid=513,gid=506,mode=0770,size=128M,wproc=ccm,dest=/var/log/active/c
m/trace/ccm/sdi 0 0
none   /var/log/ramfs/cm/trace/ccm/sdl   dbcfs
noauto,uid=513,gid=506,mode=0770,size=128M,wproc=ccm,dest=/var/log/active/c
m/trace/ccm/sdl 0 0
none   /var/log/ramfs/cm/trace/ccm/calllogs   dbcfs
noauto,uid=513,gid=506,mode=0770,size=128M,wproc=ccm,dest=/var/log/active/c
m/trace/ccm/calllogs 0 0
none   /var/log/ramfs/cm/trace/ccm/dntrace   dbcfs
noauto,uid=513,gid=506,mode=0770,size=128M,wproc=ccm,dest=/var/log/active/c
m/trace/ccm/dntrace 0 0
none   /var/log/ramfs/cm/trace/lbm/sdl   dbcfs
noauto,uid=0,gid=506,mode=0770,size=128M,wproc=lbm,dest=/var/log/active/cm/
trace/lbm/sdl 0 0
none   /var/log/ramfs/cm/trace/cti/sdi   dbcfs
noauto,uid=513,gid=506,mode=0770,size=128M,wproc=CTIManager,dest=/var/log/a
ctive/cm/trace/cti/sdi 0 0
none   /var/log/ramfs/cm/trace/cti/sdl   dbcfs
noauto,uid=513,gid=506,mode=0770,size=128M,wproc=CTIManager,dest=/var/log/a
ctive/cm/trace/cti/sdl 0 0
~                  
                   
          



Thanks,
Anamitra

On 8/14/12 6:44 AM, "Daniel J Walsh" <dwalsh at redhat.com> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On 08/13/2012 06:55 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>> Hi Dan,
>> 
>> Thanks for your response.
>> 
>> I do not see any denials though.
>> 
>> What policies should I be checking for.
>> 
>I am not sure what you are doing, but if you have a compiled policy on an
>Older OS, you should recompile it on the NEW Os. not just attempt to
>install a
>policy module.
>
>http://danwalsh.livejournal.com/49762.html
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.12 (GNU/Linux)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
>iEYEARECAAYFAlAqVlkACgkQrlYvE4MpobMUvgCgsiHuJ9wOaqVdfdR1R8lAQhRi
>u8wAoN6tL4tz9d34PRkTOaJpZWVLQGXs
>=SsuI
>-----END PGP SIGNATURE-----

More information about the selinux mailing list