Can't boot FC4;avc denied error message
Tod Merley
todbot88 at gmail.com
Wed Aug 2 19:02:37 UTC 2006
On 8/2/06, David Desscan <ddesscan at gmail.com> wrote:
>
> I can't boot one of my FC4 system. I am getting the following error
> message and init can't start.
>
> audit(1154201702.315.303): avc :denied {search} for pid=748
> comm="mingetty" name="/" dev tmpfs ino 504 scontext=system_u : system_r :
> getty_t tcontext=system_u: object_r : tmpfs_ tclass=dir
> INIT : Id 1 respawning too fast : disabled for 5 mins
> INIT : Id 3 respawning too fast : disabled for 5 mins
> INIT : Id 4 respawning too fast : disabled for 5 mins
> INIT : Id 6 respawning too fast : disabled for 5 mins
> INIT : Id 2 respawning too fast : disabled for 5 mins
> INIT : Id 5 respawning too fast : disabled for 5 mins
>
> INIT : no more processes left in this runlevel.
>
> I have commented the lines in inittab for mingetty and the error message
> changes to:
>
> INIT: cannot execute /etc/rc.d/rc.sysinit
> Entering runlevel 3
> cannot execute /etc/rc.d/rc
> INIT: no more processes left in this runlevel
>
> the audit message id is incremented as well as the pid. ino 504, 505 but
> same mingetty error message. I have already checked file attributes for rc
> and rc.sysinit. It has not changed and is rwxr-xr-x. The INIT Id changes
> as well.
>
> Thanks for all help or reference to web sites for solutions.
>
> David
>
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
> Hi David!
Learning with you, not an expert!
I did find that AVC appears to be strongly associated, if not SElinux:
http://www.die.net/doc/linux/man/man3/avc_cache_stats.3.html
And is mentioned in at least one SElinux FAQ:
From : http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2826243
Q:
My application isn't working as expected and I am seeing avc: denied
messages, how do I fix this?
A:
This message means that the current SELinux policy is not allowing the
application to do something. There are a number of reasons this could
happen.
First, one of the files the application is trying to access could be
mislabeled. If the AVC message refers to a specific file, inspect its
current label with ls -alZ /path/to/file. If it seems wrong, you could try
using restorecon -v /path/to/file. If you have a large number of denials
related to files, you may want to use fixfiles relabel, or run restorecon
with the -R option to recursively relabel a directory path.
Other times, denials may be due to a configuration change in the program not
being allowed by the policy. For example, if you change Apache to also
listen on port 8800, this will require a change in the security policy,
apache.te. See External Link List for more information about writing policy.
If you are having trouble getting a specific application like Apache to
work, see How to use system-config-securitylevel for how to disable
enforcement just for that application.
AVC may have to do with other things I am still googleing.
If I were you I would be looking at my policy file and turning off SElinux
to see what is going on.
I hope this helps!
Good Hunting!
Tod
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060802/cca663e8/attachment-0001.htm>
More information about the fedora-list
mailing list