Permission denied during rpm installation

Paul Howarth paul at city-fan.org
Fri Jul 28 16:25:22 UTC 2006 

Deepak Shrestha wrote:
>> These are probably not the relevant denials. Try to find ones from
>> around the time you were trying the RPM install. There should be a log
>> entry corresponding to when you did the "setenforce 0" (search for
>> "setenforce" in /var/log/messages), and the denials of interest should
>> be in the minutes preceding that.
>>
>> Paul.
> 
> Thanks paul,
> 
> looking for the setenforce and preceding logs, I found this, which
> from the point I use setenforce, installed rpm, setenforce back and
> reboot the computer:
> 
> ==============
> Jul 27 12:17:47 webcomp kernel: audit(1153973867.873:11): avc:
> granted  { setenforce } for  pid=2726 comm="setenforce"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:security_t:s0 tclass=security
> Jul 27 12:17:47 webcomp kernel: audit(1153973867.873:11): avc:
> granted  { setenforce } for  pid=2726 comm="setenforce"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:security_t:s0 tclass=security
> Jul 27 12:17:47 webcomp kernel: audit(1153973867.873:12): enforcing=0
> old_enforcing=1 auid=4294967295
> Jul 27 12:18:05 webcomp kernel: audit(1153973885.002:13): avc:  denied
> { unlink } for  pid=2731 comm="depmod" name="modules.dep" dev=dm-0
> ino=1147086 scontext=user_u:system_r:depmod_t:s0
> tcontext=root:object_r:modules_object_t:s0 tclass=file
> Jul 27 12:18:10 webcomp kernel: audit(1153973890.638:14): avc:
> granted  { setenforce } for  pid=2733 comm="setenforce"
> scontext=user_u:system_r:unconfined_t:s0
> tcontext=system_u:object_r:security_t:s0 tclass=security
> Jul 27 12:18:10 webcomp kernel: audit(1153973890.638:15): enforcing=1
> old_enforcing=0 auid=4294967295
> Jul 27 12:22:05 webcomp smartd[1789]: System clock time adjusted to
> the past. Resetting next wakeup time.
> Jul 27 13:18:28 webcomp kernel: NTFS driver 2.1.27 [Flags: R/W MODULE].
> Jul 27 13:18:28 webcomp kernel: NTFS volume version 3.1.
> Jul 27 13:18:28 webcomp kernel: SELinux: initialized (dev hdb1, type
> ntfs), uses genfs_contexts
> Jul 27 13:20:37 webcomp gconfd (deepak-2534): GConf server is not in
> use, shutting down.
> Jul 27 13:20:37 webcomp gconfd (deepak-2534): Exiting
> Jul 27 13:22:19 webcomp gdm[2264]: Restarting computer...
> ==========================
> 
> I gues this will be useful.

The problem appears to be depmod trying to unlink (delete) a file of 
context type modules_object_t. I can't see any need for it to delete 
anything that's actually a kernel module, so perhaps you have a 
labelling problem?

Can you post the output of the following commands:

$ ls -lZ /lib/modules//2.6.17-1.2157_FC5

$ rpm -q --scripts kernel-module-ntfs-2.6.17-1.2157_FC5

Paul.

More information about the fedora-list mailing list