permission denied errors upgrading kernel

Matthew Miller mattdm at mattdm.org
Fri Dec 8 14:47:49 UTC 2006 

So, I'm trying to back myself out of having the non-working 2.6.19 kernel
packages installed in rawhide. What's up with these errors?


$ ls kernel-*.rpm
kernel-2.6.18-1.2849.fc6.x86_64.rpm
kernel-devel-2.6.18-1.2849.fc6.x86_64.rpm
kernel-headers-2.6.18-1.2849.fc6.x86_64.rpm

$ sudo rpm -ivh kernel-*
Preparing...                ########################################### [100%]
   1:kernel-headers         ########################################### [33%]
   2:kernel                 ########################################### [67%]
cp: cannot set setfscreatecon `system_u:object_r:sbin_t:s0': Permission denied
cp: cannot set setfscreatecon `system_u:object_r:insmod_exec_t:s0': Permission denied
cp: cannot set setfscreatecon `system_u:object_r:lvm_exec_t:s0': Permission denied
   3:kernel-devel           ########################################### [100%]

This is accompanied by a bunch of this in the log:

audit(1165588655.467:18): avc:  denied  { setfscreate } for  pid=3096
comm="cp" scontext=user_u:system_r:bootloader_t:s0
tcontext=user_u:system_r:bootloader_t:s0 tclass=process
audit(1165588655.563:19): avc:  denied  { execute_no_trans } for  pid=3097
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588655.563:20): avc:  denied  { execute_no_trans } for  pid=3098
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588655.599:21): avc:  denied  { execute_no_trans } for  pid=3099
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588655.615:22): avc:  denied  { execute_no_trans } for  pid=3100
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588655.639:23): avc:  denied  { execute_no_trans } for  pid=3101
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=3112970
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588655.663:24): avc:  denied  { execute_no_trans } for  pid=3102
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=3112970
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588655.691:25): avc:  denied  { setfscreate } for  pid=3108
comm="cp" scontext=user_u:system_r:bootloader_t:s0
tcontext=user_u:system_r:bootloader_t:s0 tclass=process
audit(1165588655.695:26): avc:  denied  { execute_no_trans } for  pid=3109
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588655.699:27): avc:  denied  { execute_no_trans } for  pid=3110
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588655.699:28): avc:  denied  { execute_no_trans } for  pid=3111
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588655.699:29): avc:  denied  { execute_no_trans } for  pid=3112
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588655.699:30): avc:  denied  { execute_no_trans } for  pid=3113
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=3112970
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588655.703:31): avc:  denied  { execute_no_trans } for  pid=3114
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=3112970
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588656.087:32): avc:  denied  { setfscreate } for  pid=3184
comm="cp" scontext=user_u:system_r:bootloader_t:s0
tcontext=user_u:system_r:bootloader_t:s0 tclass=process
audit(1165588656.091:33): avc:  denied  { execute_no_trans } for  pid=3185
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588656.095:34): avc:  denied  { execute_no_trans } for  pid=3186
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588656.095:35): avc:  denied  { execute_no_trans } for  pid=3187
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588656.095:36): avc:  denied  { execute_no_trans } for  pid=3188
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=950275
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588656.099:37): avc:  denied  { execute_no_trans } for  pid=3189
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=3112970
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file
audit(1165588656.099:38): avc:  denied  { execute_no_trans } for  pid=3190
comm="mkinitrd" name="ld-2.5.90.so" dev=dm-0 ino=3112970
scontext=user_u:system_r:bootloader_t:s0
tcontext=system_u:object_r:ld_so_t:s0 tclass=file


Thank you, SE Linux!

I haven't rebooted yet, but presumably it isn't gonna be happy.

How do I fix this? How do I make this not ever happen? How can I tell that
it was going to happen BEFORE it happens?

-- 
Matthew Miller           mattdm at mattdm.org          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>

More information about the fedora-selinux-list mailing list