F17 systemd AVC

Daniel J Walsh dwalsh at redhat.com
Mon Jun 4 13:56:26 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/02/2012 02:13 PM, Vadym Chepkov wrote:
> Hi,
> 
> I just upgraded to Fedora 17. I see these AVC on the console and dmesg
> output during the startup:
> 
> 
> [   10.617385] type=1400 audit(1338674944.983:4): avc:  denied  { create }
> for  pid=472 comm="systemd-tmpfile" name="lp0"
> scontext=system_u:system_r:systemd_tmpfiles_t:s0
> tcontext=system_u:object_r:device_t:s0 tclass=chr_file [   10.618270]
> type=1400 audit(1338674944.984:5): avc:  denied  { create } for  pid=472
> comm="systemd-tmpfile" name="lp1"
> scontext=system_u:system_r:systemd_tmpfiles_t:s0
> tcontext=system_u:object_r:device_t:s0 tclass=chr_file [   10.619047]
> type=1400 audit(1338674944.985:6): avc:  denied  { create } for  pid=472
> comm="systemd-tmpfile" name="lp2"
> scontext=system_u:system_r:systemd_tmpfiles_t:s0
> tcontext=system_u:object_r:device_t:s0 tclass=chr_file [   10.619769]
> type=1400 audit(1338674944.985:7): avc:  denied  { create } for  pid=472
> comm="systemd-tmpfile" name="lp3"
> scontext=system_u:system_r:systemd_tmpfiles_t:s0
> tcontext=system_u:object_r:device_t:s0 tclass=chr_file [   10.648250]
> type=1400 audit(1338674945.014:8): avc:  denied  { read } for  pid=472
> comm="systemd-tmpfile" name="lock" dev="dm-3" ino=3764
> scontext=system_u:system_r:systemd_tmpfiles_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file [   10.648824]
> type=1400 audit(1338674945.014:9): avc:  denied  { read } for  pid=472
> comm="systemd-tmpfile" name="lock" dev="dm-3" ino=3764
> scontext=system_u:system_r:systemd_tmpfiles_t:s0
> tcontext=system_u:object_r:var_t:s0 tclass=lnk_file
> 
> Something I should be concerned about or can be safely ignored?
> 
> Thanks, Vadym=
> 
> 
> 
> -- selinux mailing list selinux at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
You can safely ignore this as long as the devices are created with the correct
label.  With the latest policy this should be fixed.

 ls -lZ /dev/lp*
crw-rw----. root lp system_u:object_r:printer_device_t:s0 /dev/lp0
crw-rw----. root lp system_u:object_r:printer_device_t:s0 /dev/lp1
crw-rw----. root lp system_u:object_r:printer_device_t:s0 /dev/lp2
crw-rw----. root lp system_u:object_r:printer_device_t:s0 /dev/lp3

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/MvooACgkQrlYvE4MpobN09QCg3zQUjSXoFzIswlvbX5rm5XiR
14gAn3qk74A5N+Kkzrx7To+G/XZL/suv
=3Z1E
-----END PGP SIGNATURE-----

More information about the selinux mailing list