Weird denials at initialisation on FC4

Bojan Smojver bojan at rexursive.com
Sat Jun 25 09:11:14 UTC 2005 

First a bit of background. I have been experimenting on this system with
suspend2 patches, which caused my root filesystem (which sits
on /dev/hda2) to go nuts (probably not the fault of suspend2 patches,
but rather my unusual experiments with it). The file system check would
report "Resize inode invalid", which appears to be one of those
conditions where e2fsck doesn't know what to do and gives up. Anyway,
after a while and because I could still mount that file system, I
decided to copy all files to another file system (from the rescue mode),
recreate the file system and copy all the files back, while preserving
ownership, permissions, attributes etc. After that, I stared my system
with selinux=0, which stuffed up (on purpose) some SELinux attributes,
which then forced relabelling on the next reboot. Just to be sure I'm
back on the baseline.

All right, one would think that I would have a fully working system and
no issues whatsoever after this with targeted policy. Well, everything I
do actually does work, it's just that I get the following strange stuff
happening at boot:

------------------------------------------------
security:  3 users, 6 roles, 775 types, 89 bools
security:  55 classes, 183262 rules
SELinux:  Completing initialization.
SELinux:  Setting up existing superblocks.
SELinux: initialized (dev hda2, type ext3), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev selinuxfs, type selinuxfs), uses
genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), not configured for
labeling
SELinux: initialized (dev hugetlbfs, type hugetlbfs), not configured for
labelin
g
SELinux: initialized (dev devpts, type devpts), uses transition SIDs
SELinux: initialized (dev eventpollfs, type eventpollfs), uses
genfs_contexts
SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
SELinux: initialized (dev proc, type proc), uses genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
audit(1119689719.414:2): avc:  denied  { search } for  pid=465
comm="hotplug" name=proc dev=hda2 ino=439777
scontext=system_u:system_r:hotplug_t
tcontext=system_u:object_r:default_t tclass=dir
audit(1119689719.420:3): avc:  denied  { search } for  pid=468
comm="default.hotplug" name=proc dev=hda2 ino=439777
scontext=system_u:system_r:hotplug_t
tcontext=system_u:object_r:default_t tclass=dir
audit(1119689719.427:4): avc:  denied  { search } for  pid=466
comm="hotplug" name=proc dev=hda2 ino=439777
scontext=system_u:system_r:hotplug_t
tcontext=system_u:object_r:default_t tclass=dir
audit(1119689719.434:5): avc:  denied  { search } for  pid=470
comm="default.hotplug" name=proc dev=hda2 ino=439777
scontext=system_u:system_r:hotplug_t
tcontext=system_u:object_r:default_t tclass=dir

[... SNIP ...]

SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts
------------------------------------------------

The above denials actually go on for 40 lines. They all appear to be
referring to inode 439777 on /dev/hda2, which I could not locate with
find.

Anyone has any ideas as to what's going on here?

-- 
Bojan

More information about the fedora-selinux-list mailing list