AVC messages at boot and kdm login (latest Rawhide)

Aleksey Nogin aleksey at nogin.org
Thu Mar 11 12:38:53 UTC 2004 

After "update -u"; "load_policy /etc/security/selinux/policy.15"; reboot 
into single user; "setfiles /etc/security/selinux/file_contexts / 
/boot"; reboot, I see

Mar 11 04:19:44 dell kernel: audit(1079007536.909:0): avc:  denied  { 
execute } for  pid=15 exe=/sbin/init name=bash dev=hda2 ino=3662881 
scontext=system_u:system_r:init_t 
tcontext=system_u:object_r:shell_exec_t tclass=file
Mar 11 04:19:49 dell kernel: audit(1079007547.555:0): avc:  denied  { 
mounton } for  pid=327 exe=/bin/mount path=/var/lib/rpc_pipes dev=hda2 
ino=425580 scontext=system_u:system_r:mount_t 
tcontext=system_u:object_r:var_lib_t tclass=dir
Mar 11 04:19:49 dell kernel: audit(1079007550.054:0): avc:  denied  { 
execute } for  pid=378 exe=/sbin/init name=bash dev=hda2 ino=3662881 
scontext=system_u:system_r:init_t 
tcontext=system_u:object_r:shell_exec_t tclass=file
Mar 11 04:19:49 dell kernel: audit(1079007582.402:0): avc:  denied  { 
mounton } for  pid=1179 exe=/bin/mount path=/var/lib/rpc_pipes dev=hda2 
ino=425580 scontext=system_u:system_r:mount_t 
tcontext=system_u:object_r:var_lib_t tclass=dir
Mar 11 04:19:49 dell kernel: audit(1079007583.849:0): avc:  denied  { 
dac_override } for  pid=1296 exe=/bin/bash capability=1 
scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t 
tclass=capability
Mar 11 04:19:50 dell kernel: audit(1079007590.445:0): avc:  denied  { 
fsetid } for  pid=1504 exe=/bin/chmod capability=4 
scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t 
tclass=capability
Mar 11 04:19:53 dell kernel: audit(1079007591.541:0): avc:  denied  { 
dac_override } for  pid=1614 exe=/usr/sbin/sendmail.sendmail 
capability=1 scontext=system_u:system_r:sendmail_t 
tcontext=system_u:system_r:sendmail_t tclass=capability
Mar 11 04:19:53 dell kernel: audit(1079007592.875:0): avc:  denied  { 
read write } for  pid=1661 exe=/usr/sbin/gpm name=gpmdata dev=hda2 
ino=72912 scontext=system_u:system_r:gpm_t 
tcontext=system_u:object_r:device_t tclass=fifo_file
Mar 11 04:19:53 dell kernel: audit(1079007592.976:0): avc:  denied  { 
read write } for  pid=1665 exe=/usr/sbin/gpm name=event0 dev=hda2 
ino=4219044 scontext=system_u:system_r:gpm_t 
tcontext=system_u:object_r:device_t tclass=chr_file
Mar 11 04:19:53 dell kernel: audit(1079007592.976:0): avc:  denied  { 
ioctl } for  pid=1665 exe=/usr/sbin/gpm path=/dev/input/event0 dev=hda2 
ino=4219044 scontext=system_u:system_r:gpm_t 
tcontext=system_u:object_r:device_t tclass=chr_file
Mar 11 04:20:25 dell kernel: audit(1079007625.518:0): avc:  denied  { 
execute } for  pid=2098 exe=/sbin/init name=bash dev=hda2 ino=3662881 
scontext=system_u:system_r:init_t 
tcontext=system_u:object_r:shell_exec_t tclass=file
Mar 11 04:20:29 dell kernel: audit(1079007629.554:0): avc:  denied  { 
read } for  pid=2098 exe=/usr/bin/kdm name=mem dev=hda2 ino=2683359 
scontext=system_u:system_r:xdm_t 
tcontext=system_u:object_r:memory_device_t tclass=chr_file
Mar 11 04:20:36 dell kernel: audit(1079007636.465:0): avc:  denied  { 
read } for  pid=2112 exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 
ino=4219044 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=chr_file
Mar 11 04:20:36 dell kernel: audit(1079007636.466:0): avc:  denied  { 
ioctl } for  pid=2112 exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 
dev=hda2 ino=4219044 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=chr_file
Mar 11 04:20:36 dell kernel: audit(1079007636.466:0): avc:  denied  { 
write } for  pid=2112 exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 
ino=4219044 scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=chr_file
Mar 11 04:20:38 dell kernel: audit(1079007638.174:0): avc:  denied  { 
getattr } for  pid=2112 exe=/usr/X11R6/bin/XFree86 
path=/dev/input/event0 dev=hda2 ino=4219044 
scontext=system_u:system_r:xdm_xserver_t 
tcontext=system_u:object_r:device_t tclass=chr_file
Mar 11 04:20:39 dell kernel: audit(1079007639.611:0): avc:  denied  { 
search } for  pid=2113 exe=/usr/bin/kdm name=root dev=hda2 ino=294337 
scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:default_t 
tclass=dir
Mar 11 04:20:42 dell kernel: audit(1079007642.899:0): avc:  denied  { 
write } for  pid=2121 exe=/usr/bin/kdm_greet name=.qtrc.lock dev=hda2 
ino=670527 scontext=system_u:system_r:xdm_t 
tcontext=system_u:object_r:lib_t tclass=file
Mar 11 04:20:47 dell kernel: audit(1079007647.551:0): avc:  denied  { 
write } for  pid=2122 exe=/usr/bin/krootimage name=.qtrc.lock dev=hda2 
ino=670527 scontext=system_u:system_r:xdm_t 
tcontext=system_u:object_r:lib_t tclass=file
Mar 11 04:20:52 dell kernel: audit(1079007652.672:0): avc:  denied  { 
setattr } for  pid=2113 exe=/usr/bin/kdm name=sg0 dev=hda2 ino=2688146 
scontext=system_u:system_r:xdm_t 
tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file
Mar 11 04:20:52 dell kernel: audit(1079007652.936:0): avc:  denied  { 
entrypoint } for  pid=2131 exe=/usr/bin/kdm path=/etc/kde/kdm/Xsession 
dev=hda2 ino=1226634 scontext=user_u:user_r:user_t 
tcontext=system_u:object_r:etc_t tclass=file
Mar 11 04:20:54 dell kernel: audit(1079007654.232:0): avc:  denied  { 
getattr } for  pid=2131 exe=/bin/tcsh path=/var/log/messages dev=hda2 
ino=3613840 scontext=user_u:user_r:user_t 
tcontext=system_u:object_r:var_log_t tclass=file

And another interesting one I saw later:

Mar 11 04:21:32 dell kernel: audit(1079007691.925:0): avc:  denied  { 
search } for  pid=2363 exe=/usr/bin/ksysguardd 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:sysctl_dev_t 
tclass=dir

-- 
Aleksey Nogin

Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907

More information about the fedora-selinux-list mailing list