strange AVC messages with kernel 2.6.6-1.427
Stephen Smalley
sds at epoch.ncsc.mil
Tue Jun 15 12:10:29 UTC 2004
On Sat, 2004-06-12 at 07:38, Russell Coker wrote:
> With the latest kernel I am getting some strange AVC messages I didn't get
> with 2.6.5-1.358.
>
> audit(1087039822.666:0): avc: denied { getattr } for pid=5262
> exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t
> tcontext=system_u:object_r:root_t tclass=chr_file
> audit(1087039822.684:0): avc: denied { getattr } for pid=5262
> exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t
> tcontext=system_u:object_r:root_t tclass=chr_file
>
> There is no device node 16381 on the file system. Running the same command
> repeatedly gives similar messages with different inode numbers, so I guess
> it's some sort of temporary file. The machine is in enforcing mode and
> nothing that might want to create a root_t chr_file has permission to do
> so...
Have you rebooted with a policy that includes the devnull initial SID
and context?
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list