Permission denied during rpm installation

Paul Howarth paul at city-fan.org
Fri Jul 28 15:02:25 UTC 2006 

Deepak Shrestha wrote:
> On 7/28/06, Stephen Smalley <sds at tycho.nsa.gov> wrote:
>> On Fri, 2006-07-28 at 10:48 +0100, Paul Howarth wrote:
>> > Deepak Shrestha wrote:
>> > >> Look in /var/log/messages, or if you're running the audit daemon
>> > >> (default on in FC4), /var/log/audit/audit.log, for lines containing
>> > >> "type=AVC".
>> > >>
>> > >> Paul.
>> > >>
>> > >
>> > > I don't have audit directory or audit.log but issuing
>> > > # cat /var/log/messages | grep AVC
>> > >
>> > > gives me blank result
>> >
>> > It's possible that any messages may have been rotated out. Try:
>> >
>> > $ fgrep type=AVC /var/log/messages*
>> >
>> > If there's nothing there then it's likely that your issue was not
>> > SELinux-related.
>>
>> I think the type=AVC prefixes are only added if running auditd (in which
>> case you'd be checking /var/log/audit/audit.log*).  Otherwise, you'd
>> just get the raw audit message from the kernel in /var/log/messages.
>> The safest thing is to just look for "avc:"; that will be present
>> regardless.
>>
>> -- 
>> Stephen Smalley
>> National Security Agency
>>
>> -- 
>> fedora-list mailing list
>> fedora-list at redhat.com
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>
> 
> looking for "avc:", I found lots of entries with "denied" in 
> /var/log/messages
> 
> the entry is rather long so posting only the fragment (hope this will
> still make the point). Its is something like this
> ==============
> Jul 24 23:39:53 webcomp kernel: audit(1153755580.824:2): avc:  denied
> { getattr } for  pid=1153 comm="mount" name="kcore" dev=proc
> ino=-268435435 scontext=system_u:system_r:mount_t:s0
> tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file
> Jul 24 23:39:54 webcomp kernel: audit(1153755580.856:3): avc:  denied
> { getattr } for  pid=1153 comm="mount" name="kcore" dev=proc
> ino=-268435435 scontext=system_u:system_r:mount_t:s0
> tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file
> Jul 25 11:45:16 webcomp kernel: audit(1153799116.610:8): avc:  denied
> { use } for  pid=2467 comm="bluez-pin" name="[7581]" dev=pipefs
> ino=7581 scontext=user_u:system_r:bluetooth_helper_t:s0
> tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fd
> Jul 25 11:45:16 webcomp kernel: audit(1153799116.610:9): avc:  denied
> { use } for  pid=2467 comm="bluez-pin" name="[7581]" dev=pipefs
> ino=7581 scontext=user_u:system_r:bluetooth_helper_t:s0
> tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fd
> Jul 25 14:00:21 webcomp kernel: audit(1153807221.327:4): avc:  denied
> { use } for  pid=2291 comm="bluez-pin" name="[7243]" dev=pipefs
> ino=7243 scontext=user_u:system_r:bluetooth_helper_t:s0
> ......
> ......
> ......
> ......
> ..... and so on
> ==============
> 
> What does this mean??? and most importantly why? and what is the solution?

These are probably not the relevant denials. Try to find ones from 
around the time you were trying the RPM install. There should be a log 
entry corresponding to when you did the "setenforce 0" (search for 
"setenforce" in /var/log/messages), and the denials of interest should 
be in the minutes preceding that.

Paul.

More information about the fedora-list mailing list