Booting problems with kernel and selinux
louisg00 at bellsouth.net
louisg00 at bellsouth.net
Fri Feb 3 02:22:55 UTC 2006
> > louisg00 at bellsouth.net wrote:
> >
> > Just installed rawhide yesterday and noticed a kernel panic when in selinux enforcing mode. I
> > appended selinux=0 and it booted right up. Todays kernel (1884) did not panic but got stuck on
> > starting udev. Again rebooted with selinux=0 and was fine.
> >
> > -Louis
> dwalsh at redhat.com wrote:
>
> Instead of booting with selinux=0, boot with enforcing=0 and report the AVC messages. You might
> need to relabel.
>
> touch /.autorelabel
> reboot
I did a relabel but still having problems. This is what I get:
First I get many lines of this:
Feb 2 20:53:29 soncomputer kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22 for dev=hda3 ino=724920
with different ino #, Then this:
Feb 2 20:53:29 soncomputer kernel: audit(1138931589.627:32): avc: denied { search } for pid=2095 comm="avahi-daemon" name="/" dev=hda3 ino=2 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
Feb 2 20:53:30 soncomputer kernel: audit(1138931589.627:33): avc: denied { search } for pid=2095 comm="avahi-daemon" name="etc" dev=hda3 ino=650881 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
Feb 2 20:53:30 soncomputer kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22 for dev=hda3 ino=532524
Feb 2 20:53:30 soncomputer kernel: audit(1138931589.639:34): avc: denied { read } for pid=2095 comm="avahi-daemon" name="libdaemon.so.0" dev=hda3 ino=532524 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file
Feb 2 20:53:30 soncomputer kernel: audit(1138931589.639:35): avc: denied { read } for pid=2095 comm="avahi-daemon" name="libdaemon.so.0.2.4" dev=hda3 ino=551684 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
Feb 2 20:53:30 soncomputer kernel: audit(1138931589.651:36): avc: denied { getattr } for pid=2095 comm="avahi-daemon" name="libdaemon.so.0.2.4" dev=hda3
ino=551684 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
Feb 2 20:53:30 soncomputer kernel: audit(1138931589.651:37): avc: denied { execute } for pid=2095 comm="avahi-daemon" name="libdaemon.so.0.2.4" dev=hda3
ino=551684 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
Feb 2 20:53:30 soncomputer kernel: audit(1138931589.651:38): avc: denied { read } for pid=2095 comm="avahi-daemon" name="libexpat.so.0" dev=hda3 ino=1627271 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=lnk_file
Feb 2 20:53:30 soncomputer kernel: audit(1138931589.671:39): avc: denied { read } for pid=2097 comm="avahi-daemon" name="nsswitch.conf" dev=hda3 ino=650928 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
Feb 2 20:53:30 soncomputer kernel: audit(1138931589.671:40): avc: denied { getattr } for pid=2097 comm="avahi-daemon" name="nsswitch.conf" dev=hda3 ino=650928 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
Feb 2 20:53:30 soncomputer kernel: audit(1138931589.671:41): avc: denied { execute } for pid=2097 comm="avahi-daemon" name="libnss_files-2.3.90.so" dev=hda3 ino=1627241 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
Feb 2 20:53:30 soncomputer kernel: audit(1138931589.671:42): avc: denied { write } for pid=2097 comm="avahi-daemon" name="log" dev=tmpfs ino=4859 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=sock_file
Feb 2 20:53:30 soncomputer kernel: audit(1138931589.671:43): avc: denied { sendto } for pid=2097 comm="avahi-daemon" name="log" scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_dgram_socket
And back to this
Feb 2 20:53:30 soncomputer kernel: inode_doinit_with_dentry: context_to_sid(unlabeled) returned 22 for dev=hda3 ino=1112204
going down the log:
Feb 2 20:53:35 soncomputer kernel: audit(1138931592.367:44): avc: denied { write } for pid=2097 comm="avahi-daemon" name="system_bus_socket" dev=hda3 ino=1823236 scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=sock_file
Feb 2 20:53:35 soncomputer kernel: audit(1138931592.367:45): avc: denied { connectto } for pid=2097 comm="avahi-daemon" name="system_bus_socket" scontext=system_u:system_r:avahi_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_stream_socket
Feb 2 20:53:35 soncomputer kernel: audit(1138931592.367:46): user pid=1843 uid=81 auid=4294967295 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=Hello dest=org.freedesktop.DBus spid=2097 scontext=system_u:system_r:avahi_t tcontext=system_u:system_r:initrc_t tclass=dbus
Feb 2 20:53:35 soncomputer kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
Feb 2 20:53:35 soncomputer kernel: audit(1138931592.371:47): user pid=1843 uid=81 auid=4294967295 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=RequestName dest=org.freedesktop.DBus spid=2097 scontext=system_u:system_r:avahi_t tcontext=system_u:system_r:initrc_t tclass=dbus
Feb 2 20:53:35 soncomputer kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
Feb 2 20:53:35 soncomputer kernel: audit(1138931592.371:48): user pid=1843 uid=81 auid=4294967295 msg='avc: denied { acquire_svc } for service=org.freedesktop.Avahi spid=2097 scontext=system_u:system_r:avahi_t tcontext=system_u:system_r:initrc_t tclass=dbus
Feb 2 20:53:35 soncomputer kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
Feb 2 20:53:35 soncomputer kernel: audit(1138931592.375:49): user pid=1843 uid=81 auid=4294967295 msg='avc: denied { send_msg } for msgtype=method_call interface=org.freedesktop.DBus member=AddMatch dest=org.freedesktop.DBus spid=2097 scontext=system_u:system_r:avahi_t tcontext=system_u:system_r:initrc_t tclass=dbus
Feb 2 20:53:35 soncomputer kernel: : exe="?" (sauid=81, hostname=?, addr=?, terminal=?)'
.............
Feb 2 20:53:35 soncomputer kernel: input: PC Speaker as /class/input/input2
Feb 2 20:53:35 soncomputer kernel: audit(1138931598.736:50): avc: denied { search } for pid=2232 comm="consoletype" name="/" dev=hda3 ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
Feb 2 20:53:35 soncomputer kernel: audit(1138931598.736:51): avc: denied { search } for pid=2232 comm="consoletype" name="etc" dev=hda3 ino=650881 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir
Feb 2 20:53:35 soncomputer kernel: audit(1138931598.736:52): avc: denied { read } for pid=2232 comm="consoletype" name="libc.so.6" dev=hda3 ino=1627226 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=lnk_file
Feb 2 20:53:35 soncomputer kernel: audit(1138931598.736:53): avc: denied { read } for pid=2232 comm="consoletype" name="libc-2.3.90.so" dev=hda3 ino=1629605 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
Feb 2 20:53:35 soncomputer kernel: audit(1138931598.736:54): avc: denied { getattr } for pid=2232 comm="consoletype" name="libc-2.3.90.so" dev=hda3 ino=1629605 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
Feb 2 20:53:35 soncomputer kernel: audit(1138931598.736:55): avc: denied { execute } for pid=2232 comm="consoletype" name="libc-2.3.90.so" dev=hda3 ino=1629605 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file
..............
Feb 2 20:53:53 soncomputer kernel: audit(1138931631.126:57): avc: denied { search } for pid=2472 comm="automount" name="/" dev=hda3 ino=2 scontext=system_u:system_r:automount_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
..............
Feb 2 20:54:17 soncomputer kernel: audit(1138931657.503:58): avc: denied { associate } for pid=2501 comm="su" name=".xauthMKz24i" scontext=user_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
More information about the fedora-devel-list
mailing list