FC2: Audit errors on /var/log/messages (SELinux (?) newbie)

Rami Saarinen rs55862 at yahoo.com
Sun May 23 20:45:15 UTC 2004 

Hello again, 

A while ago I asked help for my odd xkb/mouse problems after doing FC1 ->
FC2 update. Now everything seems to be pretty ok, but I get a lot of audit
error messages. Now, I know I should try to figure it out myself, but I
could use some advice about where to look to get these things fixed (audit
is new to me, I assume it has something to do with selinux?). Below is a
bit of messages log created during the boot. 

There is quite a lot of those audit avc: denied messages in the log. Any
pointers? A good tutorial, howto or any other means to quickly get this
fixed? 

There were some discussion about /initrd left mounted or some such? Will
it be the cause of this problem? I have no idea of what is going on here
.. Is it possible to turn SELinux off or something? 

Thanks in advance!


Bits of log: 

May 23 22:40:56 localhost kernel: SELinux:  Initializing.
May 23 22:40:56 localhost kernel: SELinux:  Starting in permissive mode
May 23 22:40:56 localhost kernel: There is already a security framework
initialized, register_security failed. 
May 23 22:40:56 localhost kernel: Failure registering capabilities with
the kernel
May 23 22:40:56 localhost kernel: selinux_register_security:  Registering
secondary module capability
May 23 22:40:57 localhost kernel: Capability LSM initialized
May 23 22:40:57 localhost kernel: Dentry cache hash table entries: 32768
(order: 5, 131072 bytes)
May 23 22:40:57 localhost kernel: Inode-cache hash table entries: 32768
(order: 5, 131072 bytes)
May 23 22:40:57 localhost kernel: Mount-cache hash table entries: 512
(order: 0, 4096 bytes)
[...]
May 23 22:40:57 localhost kernel: audit: initializing netlink socket
(disabled)
May 23 22:40:57 localhost kernel: audit(1085352021.677:0): initialized
May 23 22:40:57 localhost kernel: Total HugeTLB memory allocated, 0
May 23 22:40:57 localhost kernel: VFS: Disk quotas dquot_6.5.1
May 23 22:40:57 localhost kernel: Dquot-cache hash table entries: 1024
(order 0, 4096 bytes)
May 23 22:40:57 localhost kernel: SELinux:  Registering netfilter hooks
May 23 22:40:57 localhost kernel: Initializing Cryptographic API
May 23 22:40:57 localhost kernel: Applying VIA southbridge workaround.
[...]
May 23 22:40:57 localhost kernel: security:  5 users, 7 roles, 1244 types,
1 bools
May 23 22:40:57 localhost kernel: security:  30 classes, 303377 rules
May 23 22:40:57 localhost kernel: SELinux:  Completing initialization.
May 23 22:40:57 localhost kernel: SELinux:  Setting up existing
superblocks.
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type
selinuxfs), uses genfs_contexts
May 23 22:40:57 localhost kernel: SELinux: initialized (dev hda1, type
ext3), uses xattr
May 23 22:40:57 localhost kernel: SELinux: initialized (dev ram0, type
ext2), uses xattr
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type
mqueue), not configured for labeling
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type
hugetlbfs), not configured for labeling
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type
devpts), uses transition SIDs
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type
eventpollfs),uses genfs_contexts
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type
pipefs), uses task SIDs
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type tmpfs),
uses transition SIDs
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type
futexfs), uses genfs_contexts
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type
sockfs), uses task SIDs
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type proc),
uses genfs_contexts
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type bdev),
uses genfs_contexts
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type
rootfs), uses genfs_contexts
May 23 22:40:57 localhost kernel: SELinux: initialized (dev , type sysfs),
uses genfs_contexts
May 23 22:40:57 localhost kernel: audit(1085352028.852:0): avc:  denied  {
getattr } for  pid=1 exe=/sbin/init path=/dev/initctl dev=hda1 ino=39510
scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t
tclass=fifo_file May 23 22:40:57 localhost kernel:
audit(1085352028.852:0): avc:  denied  { read write } for  pid=1
exe=/sbin/init name=initctl dev=hda1 ino=39510
scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t
tclass=fifo_file 
May 23 22:40:57 localhost kernel: audit(1085352029.698:0): avc:  denied  {
syslog_console } for  pid=457 exe=/bin/dmesg 
context=system_u:system_r:kernel_t tcon text=system_u:system_r:kernel_t
tclass=system 
May 23 22:40:57 localhost kernel: audit(1085352029.747:0): avc:  denied  {
search } for  pid=461 exe=/sbin/sysctl name=net dev= ino=-268435354
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:sysctl_net_t tclass=dir
May 23 22:40:57 localhost kernel: audit(1085352029.747:0): avc:  denied  {
write} for  pid=461 exe=/sbin/sysctl name=ip_forward dev= ino=-268435331
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:sysctl_net_t tclass=file
May 23 22:40:57 localhost kernel: audit(1085352029.747:0): avc:  denied  {
getattr } for  pid=461 exe=/sbin/sysctl path=/proc/sys/net/ipv4/ip_forward
dev= ino=-268435331 scontext=system_u:system_r:kernel_t 
context=system_u:object_r:sysctl_net_t tclass=file
[..]

--
Rami Saarinen


	
		
__________________________________
Do you Yahoo!?
Yahoo! Domains – Claim yours for only $14.70/year
http://smallbusiness.promotions.yahoo.com/offer

More information about the fedora-list mailing list