more on readahead/hal
Tom London
selinux at gmail.com
Tue Jan 10 15:59:12 UTC 2006
Today's rawhide, targeted/enforcing.
[Reporting this since build log indicated fixes for hal/readahead.
Sorry if I am jumping the gun....]
hal issues:
----
type=PATH msg=audit(01/10/2006 07:18:22.011:13) : item=0
name=/media/disk/.created-by-hal flags=follow inode=2289300 dev=fd:00
mode=file,644 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:22.011:13) : cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:22.011:13) :
path=/media/disk/.created-by-hal
type=SYSCALL msg=audit(01/10/2006 07:18:22.011:13) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=870f008
a1=bf9ee1b8 a2=25cff4 a3=870f5a8 items=1 pid=2512
auid=unknown(4294967295) uid=root gid=root euid=root suid=root
fsuid=root egid=root sgid=root fsgid=root comm=hal-system-stor
exe=/bin/bash
type=AVC msg=audit(01/10/2006 07:18:22.011:13) : avc: denied {
getattr } for pid=2512 comm=hal-system-stor name=.created-by-hal
dev=dm-0 ino=2289300 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/10/2006 07:18:22.027:14) : item=0
name=/media/disk-1/.created-by-hal flags=follow inode=2289302
dev=fd:00 mode=file,644 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:22.027:14) : cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:22.027:14) :
path=/media/disk-1/.created-by-hal
type=SYSCALL msg=audit(01/10/2006 07:18:22.027:14) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=870f588
a1=bf9ee1b8 a2=25cff4 a3=870f008 items=1 pid=2512
auid=unknown(4294967295) uid=root gid=root euid=root suid=root
fsuid=root egid=root sgid=root fsgid=root comm=hal-system-stor
exe=/bin/bash
type=AVC msg=audit(01/10/2006 07:18:22.027:14) : avc: denied {
getattr } for pid=2512 comm=hal-system-stor name=.created-by-hal
dev=dm-0 ino=2289302 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/10/2006 07:18:22.059:15) : item=0
name=/media/disk-2/.created-by-hal flags=follow inode=2289314
dev=fd:00 mode=file,644 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:22.059:15) : cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:22.059:15) :
path=/media/disk-2/.created-by-hal
type=SYSCALL msg=audit(01/10/2006 07:18:22.059:15) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=870f688
a1=bf9ee1b8 a2=25cff4 a3=870f008 items=1 pid=2512
auid=unknown(4294967295) uid=root gid=root euid=root suid=root
fsuid=root egid=root sgid=root fsgid=root comm=hal-system-stor
exe=/bin/bash
type=AVC msg=audit(01/10/2006 07:18:22.059:15) : avc: denied {
getattr } for pid=2512 comm=hal-system-stor name=.created-by-hal
dev=dm-0 ino=2289314 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/10/2006 07:18:24.972:16) : item=0 name=/boot
flags=follow inode=2 dev=03:02 mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:24.972:16) : cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:24.972:16) : path=/boot
type=SYSCALL msg=audit(01/10/2006 07:18:24.972:16) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff484ce
a1=bff4844c a2=258ff4 a3=303 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:18:24.972:16) : avc: denied {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
type=PATH msg=audit(01/10/2006 07:18:25.076:17) : item=0 name=/boot
flags=follow inode=2 dev=03:02 mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:25.076:17) : cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:25.076:17) : path=/boot
type=SYSCALL msg=audit(01/10/2006 07:18:25.076:17) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff484ce
a1=bff4844c a2=258ff4 a3=302 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:18:25.076:17) : avc: denied {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
type=PATH msg=audit(01/10/2006 07:18:25.228:18) : item=0 name=/boot
flags=follow inode=2 dev=03:02 mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:25.228:18) : cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:25.228:18) : path=/boot
type=SYSCALL msg=audit(01/10/2006 07:18:25.228:18) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff484ce
a1=bff4844c a2=258ff4 a3=301 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:18:25.228:18) : avc: denied {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
type=PATH msg=audit(01/10/2006 07:18:31.368:20) : item=0 name=/boot
flags=follow inode=2 dev=03:02 mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:31.368:20) : cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:31.368:20) : path=/boot
type=SYSCALL msg=audit(01/10/2006 07:18:31.368:20) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff4864e
a1=bff485cc a2=258ff4 a3=301 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:18:31.368:20) : avc: denied {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
type=PATH msg=audit(01/10/2006 07:19:16.279:31) : item=0
name=/media/disk-3/.created-by-hal flags=parent,open,create
inode=2289282 dev=fd:00 mode=dir,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:19:16.279:31) : cwd=/
type=SYSCALL msg=audit(01/10/2006 07:19:16.279:31) : arch=i386
syscall=open success=no exit=-13(Permission denied) a0=bfc0b888
a1=8941 a2=1b6 a3=8941 items=1 pid=2837 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=touch exe=/bin/touch
type=AVC msg=audit(01/10/2006 07:19:16.279:31) : avc: denied {
create } for pid=2837 comm=touch name=.created-by-hal
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/10/2006 07:19:22.523:32) : item=0
name=/media/disk-3/.created-by-hal flags=parent,open,create
inode=2289282 dev=fd:00 mode=dir,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:19:22.523:32) : cwd=/
type=SYSCALL msg=audit(01/10/2006 07:19:22.523:32) : arch=i386
syscall=open success=no exit=-13(Permission denied) a0=bfdad851
a1=8941 a2=1b6 a3=8941 items=1 pid=2850 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=touch exe=/bin/touch
type=AVC msg=audit(01/10/2006 07:19:22.523:32) : avc: denied {
create } for pid=2850 comm=touch name=.created-by-hal
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/10/2006 07:19:22.531:33) : item=0 name=/boot
flags=follow inode=2 dev=03:02 mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/10/2006 07:19:22.531:33) : cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:19:22.531:33) : path=/boot
type=SYSCALL msg=audit(01/10/2006 07:19:22.531:33) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff4864e
a1=bff485cc a2=258ff4 a3=301 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:19:22.531:33) : avc: denied {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
type=PATH msg=audit(01/10/2006 07:19:22.531:34) : item=0
name=/media/disk-3 flags=follow inode=2 dev=03:02 mode=dir,755
ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:19:22.531:34) : cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:19:22.531:34) : path=/media/disk-3
type=SYSCALL msg=audit(01/10/2006 07:19:22.531:34) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff4864e
a1=bff485cc a2=258ff4 a3=301 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:19:22.531:34) : avc: denied {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
Still have problems with readahead. From /var/log/messages:
Jan 10 07:18:01 localhost kernel: audit(1136906246.537:4): avc:
denied { search } for pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir
Jan 10 07:18:01 localhost kernel: audit(1136906246.537:5): avc:
denied { search } for pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir
Jan 10 07:18:01 localhost kernel: audit(1136906246.537:6): avc:
denied { search } for pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir
Jan 10 07:18:01 localhost kernel: audit(1136906254.213:7): avc:
denied { search } for pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir
Jan 10 07:18:01 localhost kernel: audit(1136906254.213:8): avc:
denied { search } for pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir
Jan 10 07:18:01 localhost kernel: audit(1136906254.213:9): avc:
denied { search } for pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir
--
Tom London
More information about the fedora-selinux-list
mailing list