denied avcs Rawhide how to troubleshoot
Stephen Smalley
sds at tycho.nsa.gov
Tue Apr 10 13:41:22 UTC 2007
On Tue, 2007-04-10 at 06:23 -0700, Antonio Olivares wrote:
> Dear list,
>
> I am running rawhide and I get these denied avcs
>
> [olivares at localhost ~]$ cat /etc/fedora-release
> Fedora release 6.92 (Rawhide)
> [olivares at localhost ~]$
>
> There is a tool semanage, but I do not know how to use it. Is there any reference to this new tool.
> How do I fix this using chcon -? or other tools to troubleshoot this.
>
> audit(1176209974.281:4): avc: denied { create } for pid=991 comm="create_floppy_d" name="fd0u1440" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=blk_file
In this case, it appears that udev is creating a device node without
properly setting its security context.
I can confirm the same behavior on a rawhide system here.
/sbin/restorecon -nv /dev/fd0u1440 reports that it has default_t but
should have removable_device_t according to policy.
Possibly a bug in the latest version of udev?
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list