F8 updates kill setroubleshootd?
Paul Howarth
paul at city-fan.org
Fri Feb 29 11:09:33 UTC 2008
Paul Howarth wrote:
> Having installed the latest bunch of Fedora 8 updates this morning,
> which included selinux-policy and setroubleshoot, I'm getting these
> denials:
>
> type=AVC msg=audit(1204275163.032:209): avc: denied { connectto } for
> pid=26345 comm="setroubleshootd" path="/var/run/audispd_events"
> scontext=unconfined_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:system_r:auditd_t:s0 tclass=unix_stream_socket
>
> type=AVC msg=audit(1204275171.133:210): avc: denied { read } for
> pid=26379 comm="setroubleshootd" name=".rpmmacros" dev=0:15 ino=6331637
> scontext=unconfined_u:system_r:setroubleshootd_t:s0
> tcontext=system_u:object_r:nfs_t:s0 tclass=file
>
> The first one looks like a policy issue but I can't fathom why
> setroubleshootd would be trying access ~/.rpmmacros for the second one.
Following a reboot, the socket /var/run/audispd_events changed from
auditd_t to audisp_var_run_t and there are no more AVCs for this. I
tried a restorecon before the reboot but that didn't do anything, which
is strange given that policy does indeed specify context:
# semanage fcontext -l | grep audisp
/sbin/audispd regular file
system_u:object_r:audisp_exec_t:s0
/sbin/audisp-prelude regular file
system_u:object_r:audisp_prelude_exec_t:s0
/var/run/audispd_events socket
system_u:object_r:audisp_var_run_t:s0
Perhaps that was finger trouble?
Paul.
More information about the fedora-selinux-list
mailing list