Errors while rebooting (selinux related)
Jim Cornette
jim-cornette at insight.rr.com
Fri Jun 11 00:41:08 UTC 2004
stucklep wrote:
>Hello,
>
>I get about 50 of these denied-type errors on reboot after installing
>Core 2. What might be the problem(s)?
>
>Jun 9 19:09:23 owl kernel: audit(1086808127.591:0): avc: denied {
>getattr } for pid=1 exe=/sbin/init path=/dev/initctl dev=hda3 ino=73171
>scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t
>tclass=fifo_file
>
>Jun 9 19:09:23 owl kernel: audit(1086808127.591:0): avc: denied {
>read write } for pid=1 exe=/sbin/init name=initctl dev=hda3 ino=73171
>scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t
>tclass=fifo_file
>
>Jun 9 19:09:23 owl kernel: audit(1086808127.693:0): avc: denied {
>execute } for pid=280 exe=/bin/bash name=hostname dev=hda3 ino=837233
>scontext=system_u:system_r:kernel_t
>tcontext=system_u:object_r:hostname_exec_t tclass=file
>
>Jun 9 19:09:23 owl kernel: audit(1086808127.693:0): avc: denied {
>execute_no_trans } for pid=280 exe=/bin/bash path=/bin/hostname
>dev=hda3 ino=837233 scontext=system_u:system_r:kernel_t
>tcontext=system_u:object_r:hostname_exec_t tclass=file
>
>Jun 9 19:09:23 owl kernel: audit(1086808129.245:0): avc: denied {
>getattr } for pid=279 exe=/sbin/initlog path=/dev/log dev=hda3
>ino=65676 scontext=system_u:system_r:kernel_t
>tcontext=system_u:object_r:file_t tclass=sock_file
>
>Jun 9 19:09:23 owl kernel: audit(1086808129.245:0): avc: denied {
>write } for pid=279 exe=/sbin/initlog name=log dev=hda3 ino=65676
>scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t
>tclass=sock_file
>
>Jun 9 19:09:23 owl kernel: audit(1086808129.330:0): avc: denied {
>syslog_console } for pid=447 exe=/bin/dmesg
>scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t
>tclass=system
>
>Thanks for any assistance.
>
>Paul
>
>
>
>
These messages are caused by SELinux needing to do things to set
permissions and context right for it to work as designed. If you want to
run selinux, there is a list that will help you with setting things up
to work, as designed.
Otherwise, you might want to add to your /etc/grub.conf file the below:
kernel /vmlinuz-2.6.6-1.406 ro root=LABEL=/ selinux=0
The selinux=0 is what you want to add to the kernel line. I just added
my boot line so you know what line that I was referring to.
Also there is a way to set the selinux to off in some config file. I am
not sure what it is. You might need to search the archives for how to
disable SELinux.
I did notice two programs on my search for selinux on my computer. I
have not tried to run them. They are listed below.
/usr/bin/selinuxdisable
/usr/bin/selinuxenabled
I imagine that one disables selinux, which you might desire. The other
should enable selinux.
I hope running them dos not cause any problems.
Jim
More information about the fedora-list
mailing list