Odd messages during bootup from gdm
Gene Heskett
gene.heskett at verizon.net
Thu May 4 09:29:13 UTC 2006
Gene Heskett wrote:
> Kam Leo wrote:
>> On 5/4/06, Gene Heskett <gene.heskett at verizon.net> wrote:
>>> Greetings;
>>> These do not appear to be effecting gdm, but they are startling when
>>> the
>>> screen fills with them just before its cleared and the init=3 login is
>>> presented.
>>> =======================
>>> May 4 02:49:10 diablo kernel: audit(1146728943.423:302): avc: denied
>>> { read } for pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May 4 02:49:10 diablo kernel: audit(1146728943.423:303): avc: denied
>>> { read } for pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May 4 02:49:10 diablo kernel: audit(1146728943.423:304): avc: denied
>>> { read } for pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May 4 02:49:10 diablo kernel: audit(1146728943.423:305): avc: denied
>>> { read } for pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May 4 02:49:10 diablo kernel: audit(1146728943.439:306): avc: denied
>>> { read } for pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May 4 02:49:10 diablo kernel: audit(1146728943.443:307): avc: denied
>>> { read } for pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> May 4 02:49:10 diablo kernel: audit(1146728943.443:308): avc: denied
>>> { read } for pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
>>> 0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
>>> tclass=file
>>> ==================================
>>> This is with:
>>> root at diablo ~]# uname -a
>>> Linux diablo.coyote.den 2.6.16-1.2096_FC5 #1 Wed Apr 19 05:14:36 EDT
>>> 2006 i686 athlon i386 GNU/Linux
>>>
>>> I note also that earlier in the login:
>>> ===================
>>> May 4 02:49:09 diablo kernel: md: Autodetecting RAID arrays.
>>> May 4 02:49:09 diablo kernel: md: autorun ...
>>> May 4 02:49:10 diablo kernel: md: ... autorun DONE.
>>> May 4 02:49:10 diablo kernel: audit(1146728910.033:292): avc: denied
>>> { search } for pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May 4 02:49:10 diablo kernel: audit(1146728910.033:293): avc: denied
>>> { search } for pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May 4 02:49:10 diablo kernel: audit(1146728910.033:294): avc: denied
>>> { search } for pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May 4 02:49:10 diablo kernel: audit(1146728910.033:295): avc: denied
>>> { search } for pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May 4 02:49:10 diablo kernel: audit(1146728910.033:296): avc: denied
>>> { search } for pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May 4 02:49:10 diablo kernel: device-mapper: 4.5.0-ioctl (2005-10-04)
>>> initialised: dm-devel at redhat.com
>>> May 4 02:49:10 diablo kernel: audit(1146728910.109:297): avc: denied
>>> { search } for pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May 4 02:49:10 diablo kernel: audit(1146728910.113:298): avc: denied
>>> { search } for pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May 4 02:49:10 diablo kernel: audit(1146728910.113:299): avc: denied
>>> { search } for pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May 4 02:49:10 diablo kernel: audit(1146728910.113:300): avc: denied
>>> { search } for pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May 4 02:49:10 diablo kernel: audit(1146728910.113:301): avc: denied
>>> { search } for pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
>>> =3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
>>> tcontext=system_u:object_r:file_t:s0 tclass=dir
>>> May 4 02:49:10 diablo kernel: EXT3 FS on hda5, internal journal
>>> May 4 02:49:10 diablo kernel: kjournald starting. Commit interval 5
>>> seconds
>>> ==============================
>>> But the md related stuff has been turned off with chkconfig, so why
>>> am I
>>> getting these messages at all?
>>>
>>> --
>>> Cheers, Gene
>>>
>>
>> Install the policycoreutils package and pipe the errors to audit2why
>> to find out.
> Thanks Kam.
>> That doesn't seem to be available for install via kyum. Since livna
>> has been unavailable for several days now, can you suggest another
>> repo that might have this package?
I found it was already installed. Discovering the syntax gave very
verbose output, and that eventually led to doing this:
[root at diablo ~]# audit2allow </var/log/messages
allow crond_t self:process execheap;
allow gpm_t etc_t:file read;
allow pam_console_t file_t:dir search;
allow restorecon_t unconfined_t:unix_stream_socket { read write };
allow semanage_t unconfined_t:unix_stream_socket { read write };
allow unconfined_t lib_t:file execmod;
allow unconfined_t self:process execheap;
[root at diablo ~]# audit2allow </var/log/messages >sh
[root at diablo ~]#
2 Q's:
1. Was that the right thing to do, and
2. Is this permanent
--
Cheers, Gene
More information about the fedora-list
mailing list