Odd messages during bootup from gdm

Gene Heskett gene.heskett at verizon.net
Thu May 4 09:29:13 UTC 2006 

Gene Heskett wrote:
> Kam Leo wrote:
>> On 5/4/06, Gene Heskett <gene.heskett at verizon.net> wrote:
>>> Greetings;
>>> These do not appear to be effecting gdm, but they are startling when 
>>> the
>>> screen fills with them just before its cleared and the init=3 login is
>>> presented.
>>> =======================
>>> May  4 02:49:10 diablo kernel: audit(1146728943.423:302): avc:  denied
>>> { read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May  4 02:49:10 diablo kernel: audit(1146728943.423:303): avc:  denied
>>> { read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May  4 02:49:10 diablo kernel: audit(1146728943.423:304): avc:  denied
>>> { read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May  4 02:49:10 diablo kernel: audit(1146728943.423:305): avc:  denied
>>> { read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May  4 02:49:10 diablo kernel: audit(1146728943.439:306): avc:  denied
>>> { read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May  4 02:49:10 diablo kernel: audit(1146728943.443:307): avc:  denied
>>> { read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May  4 02:49:10 diablo kernel: audit(1146728943.443:308): avc:  denied
>>> { read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> ==================================
>>> This is with:
>>> root at diablo ~]# uname -a
>>> Linux diablo.coyote.den 2.6.16-1.2096_FC5 #1 Wed Apr 19 05:14:36 EDT
>>> 2006 i686 athlon i386 GNU/Linux
>>>
>>> I note also that earlier in the login:
>>> ===================
>>> May  4 02:49:09 diablo kernel: md: Autodetecting RAID arrays.
>>> May  4 02:49:09 diablo kernel: md: autorun ...
>>> May  4 02:49:10 diablo kernel: md: ... autorun DONE.
>>> May  4 02:49:10 diablo kernel: audit(1146728910.033:292): avc:  denied
>>> { search } for  pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May  4 02:49:10 diablo kernel: audit(1146728910.033:293): avc:  denied
>>> { search } for  pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May  4 02:49:10 diablo kernel: audit(1146728910.033:294): avc:  denied
>>> { search } for  pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May  4 02:49:10 diablo kernel: audit(1146728910.033:295): avc:  denied
>>> { search } for  pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May  4 02:49:10 diablo kernel: audit(1146728910.033:296): avc:  denied
>>> { search } for  pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May  4 02:49:10 diablo kernel: device-mapper: 4.5.0-ioctl (2005-10-04)
>>> initialised: dm-devel at redhat.com
>>> May  4 02:49:10 diablo kernel: audit(1146728910.109:297): avc:  denied
>>> { search } for  pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May  4 02:49:10 diablo kernel: audit(1146728910.113:298): avc:  denied
>>> { search } for  pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May  4 02:49:10 diablo kernel: audit(1146728910.113:299): avc:  denied
>>> { search } for  pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May  4 02:49:10 diablo kernel: audit(1146728910.113:300): avc:  denied
>>> { search } for  pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May  4 02:49:10 diablo kernel: audit(1146728910.113:301): avc:  denied
>>> { search } for  pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May  4 02:49:10 diablo kernel: EXT3 FS on hda5, internal journal
>>> May  4 02:49:10 diablo kernel: kjournald starting.  Commit interval 5
>>> seconds
>>> ==============================
>>> But the md related stuff has been turned off with chkconfig, so why 
>>> am I
>>> getting these messages at all?
>>>
>>> -- 
>>> Cheers, Gene
>>>
>>
>> Install the policycoreutils package and pipe the errors to audit2why
>> to find out.
> Thanks Kam.
>> That doesn't seem to be available for install via kyum.  Since livna 
>> has been unavailable for several days now, can you suggest another 
>> repo that might have this package?
I found it was already installed.  Discovering the syntax gave very 
verbose output, and that eventually led to doing this:

[root at diablo ~]# audit2allow </var/log/messages
allow crond_t self:process execheap;
allow gpm_t etc_t:file read;
allow pam_console_t file_t:dir search;
allow restorecon_t unconfined_t:unix_stream_socket { read write };
allow semanage_t unconfined_t:unix_stream_socket { read write };
allow unconfined_t lib_t:file execmod;
allow unconfined_t self:process execheap;
[root at diablo ~]# audit2allow </var/log/messages >sh
[root at diablo ~]#

2 Q's:
1.  Was that the right thing to do, and
2. Is this permanent

-- 
Cheers, Gene

More information about the fedora-list mailing list