Booting problems with kernel and selinux

louisg00 at bellsouth.net louisg00 at bellsouth.net
Fri Feb 3 02:22:55 UTC 2006 

> > louisg00 at bellsouth.net wrote:
> >
> >    Just installed rawhide yesterday and noticed a kernel panic when in selinux enforcing mode. I
> > appended selinux=0 and it booted right up. Todays kernel (1884) did not panic but got stuck on 
> > starting udev. Again rebooted with selinux=0 and was fine.
> >
> >    -Louis
>  dwalsh at redhat.com wrote:
> 
> Instead of booting with selinux=0, boot with enforcing=0 and report the AVC messages. You might 
> need to relabel.
> 
> touch /.autorelabel
> reboot

I did a relabel but still having problems. This is what I get:

First I get many lines of this:

Feb  2 20:53:29 soncomputer kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22 for dev=hda3 ino=724920

with different ino #, Then this:

Feb  2 20:53:29 soncomputer kernel: audit(1138931589.627:32): avc:  denied  { search } for  pid=2095 comm="avahi-daemon" name="/" dev=hda3 ino=2 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
Feb  2 20:53:30 soncomputer kernel: audit(1138931589.627:33): avc:  denied  { search } for  pid=2095 comm="avahi-daemon" name="etc" dev=hda3 ino=650881 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
Feb  2 20:53:30 soncomputer kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22 for dev=hda3 ino=532524
Feb  2 20:53:30 soncomputer kernel: audit(1138931589.639:34): avc:  denied  { read } for  pid=2095 comm="avahi-daemon" name="libdaemon.so.0" dev=hda3 ino=532524 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file
Feb  2 20:53:30 soncomputer kernel: audit(1138931589.639:35): avc:  denied  { read } for  pid=2095 comm="avahi-daemon" name="libdaemon.so.0.2.4" dev=hda3 ino=551684 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
Feb  2 20:53:30 soncomputer kernel: audit(1138931589.651:36): avc:  denied  { getattr } for  pid=2095 comm="avahi-daemon" name="libdaemon.so.0.2.4" dev=hda3
ino=551684 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
Feb  2 20:53:30 soncomputer kernel: audit(1138931589.651:37): avc:  denied  { execute } for  pid=2095 comm="avahi-daemon" name="libdaemon.so.0.2.4" dev=hda3
ino=551684 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
Feb  2 20:53:30 soncomputer kernel: audit(1138931589.651:38): avc:  denied  { read } for  pid=2095 comm="avahi-daemon" name="libexpat.so.0" dev=hda3 ino=1627271 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=lnk_file
Feb  2 20:53:30 soncomputer kernel: audit(1138931589.671:39): avc:  denied  { read } for  pid=2097 comm="avahi-daemon" name="nsswitch.conf" dev=hda3 ino=650928 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
Feb  2 20:53:30 soncomputer kernel: audit(1138931589.671:40): avc:  denied  { getattr } for  pid=2097 comm="avahi-daemon" name="nsswitch.conf" dev=hda3 ino=650928 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
Feb  2 20:53:30 soncomputer kernel: audit(1138931589.671:41): avc:  denied  { execute } for  pid=2097 comm="avahi-daemon" name="libnss_files-2.3.90.so" dev=hda3 ino=1627241 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
Feb  2 20:53:30 soncomputer kernel: audit(1138931589.671:42): avc:  denied  { write } for  pid=2097 comm="avahi-daemon" name="log" dev=tmpfs ino=4859 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=sock_file
Feb  2 20:53:30 soncomputer kernel: audit(1138931589.671:43): avc:  denied  { sendto } for  pid=2097 comm="avahi-daemon" name="log" scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_dgram_socket

And back to this
Feb  2 20:53:30 soncomputer kernel: inode_doinit_with_dentry:  context_to_sid(unlabeled) returned 22 for dev=hda3 ino=1112204

going down the log:
Feb  2 20:53:35 soncomputer kernel: audit(1138931592.367:44): avc:  denied  { write } for  pid=2097 comm="avahi-daemon" name="system_bus_socket" dev=hda3 ino=1823236 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=sock_file
Feb  2 20:53:35 soncomputer kernel: audit(1138931592.367:45): avc:  denied  { connectto } for  pid=2097 comm="avahi-daemon" name="system_bus_socket" scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
Feb  2 20:53:35 soncomputer kernel: audit(1138931592.367:46): user pid=1843 uid=81 auid=4294967295 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=2097 scontext=system_u:system_r:avahi_t tcontext=system_u:system_r:initrc_t tclass=dbus
Feb  2 20:53:35 soncomputer kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
Feb  2 20:53:35 soncomputer kernel: audit(1138931592.371:47): user pid=1843 uid=81 auid=4294967295 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=RequestName dest=org.freedesktop.DBus spid=2097 scontext=system_u:system_r:avahi_t tcontext=system_u:system_r:initrc_t tclass=dbus
Feb  2 20:53:35 soncomputer kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
Feb  2 20:53:35 soncomputer kernel: audit(1138931592.371:48): user pid=1843 uid=81 auid=4294967295 msg='avc:  denied  { acquire_svc } for service=org.freedesktop.Avahi spid=2097 scontext=system_u:system_r:avahi_t tcontext=system_u:system_r:initrc_t tclass=dbus
Feb  2 20:53:35 soncomputer kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
Feb  2 20:53:35 soncomputer kernel: audit(1138931592.375:49): user pid=1843 uid=81 auid=4294967295 msg='avc:  denied  { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=AddMatch dest=org.freedesktop.DBus spid=2097 scontext=system_u:system_r:avahi_t tcontext=system_u:system_r:initrc_t tclass=dbus
Feb  2 20:53:35 soncomputer kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'

.............

Feb  2 20:53:35 soncomputer kernel: input: PC Speaker as /class/input/input2
Feb  2 20:53:35 soncomputer kernel: audit(1138931598.736:50): avc:  denied  { search } for  pid=2232 comm="consoletype" name="/" dev=hda3 ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
Feb  2 20:53:35 soncomputer kernel: audit(1138931598.736:51): avc:  denied  { search } for  pid=2232 comm="consoletype" name="etc" dev=hda3 ino=650881 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
Feb  2 20:53:35 soncomputer kernel: audit(1138931598.736:52): avc:  denied  { read } for  pid=2232 comm="consoletype" name="libc.so.6" dev=hda3 ino=1627226 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file
Feb  2 20:53:35 soncomputer kernel: audit(1138931598.736:53): avc:  denied  { read } for  pid=2232 comm="consoletype" name="libc-2.3.90.so" dev=hda3 ino=1629605 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
Feb  2 20:53:35 soncomputer kernel: audit(1138931598.736:54): avc:  denied  { getattr } for  pid=2232 comm="consoletype" name="libc-2.3.90.so" dev=hda3 ino=1629605 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
Feb  2 20:53:35 soncomputer kernel: audit(1138931598.736:55): avc:  denied  { execute } for  pid=2232 comm="consoletype" name="libc-2.3.90.so" dev=hda3 ino=1629605 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file

..............

Feb  2 20:53:53 soncomputer kernel: audit(1138931631.126:57): avc:  denied  { search } for  pid=2472 comm="automount" name="/" dev=hda3 ino=2 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir

..............

Feb  2 20:54:17 soncomputer kernel: audit(1138931657.503:58): avc:  denied  { associate } for  pid=2501 comm="su" name=".xauthMKz24i" scontext=user_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem

More information about the fedora-devel-list mailing list