AVC with today's rawhide
Tom London
selinux at gmail.com
Thu Dec 6 17:42:30 UTC 2007
I think today's policykit update needs some more love....
Graphical login failed with 'respawn too fast' messages.
Here are the AVCs:
type=AVC msg=audit(1196960817.504:18): avc: denied { read } for
pid=2324 comm="hald" name="PolicyKit.reload" dev=dm-0 ino=67633
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:system_crond_var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1196960817.504:18): arch=40000003 syscall=292
success=no exit=-13 a0=d a1=923400 a2=106 a3=9b25d88 items=0 ppid=2323
pid=2324 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hald" exe="/usr/sbin/hald"
subj=system_u:system_r:hald_t:s0 key=(null)
type=AVC msg=audit(1196961900.294:38): avc: denied { getattr } for
pid=3308 comm="polkit-read-aut" scontext=root:system_r:hald_t:s0
tcontext=root:system_r:hald_t:s0 tclass=process
type=SYSCALL msg=audit(1196961900.294:38): arch=40000003 syscall=3
success=yes exit=24 a0=4 a1=945f538 a2=fff a3=fff items=0 ppid=2833
pid=3308 auid=0 uid=68 gid=68 euid=68 suid=68 fsuid=68 egid=87 sgid=87
fsgid=87 tty=(none) comm="polkit-read-aut"
exe="/usr/libexec/polkit-read-auth-helper"
subj=root:system_r:hald_t:s0 key=(null)
'audit2allow -M'/etc. fixes:
#============= hald_t ==============
allow hald_t self:process getattr;
allow hald_t system_crond_var_lib_t:file read;
tom
--
Tom London
More information about the fedora-selinux-list
mailing list