Odd messages during bootup from gdm

Paul Howarth paul at city-fan.org
Thu May 4 15:24:47 UTC 2006 

Gene Heskett wrote:
> Paul Howarth wrote:
>> Gene Heskett wrote:
>>> 2 Q's:
>>> 1.  Was that the right thing to do, and
>>
>> No. The "allow" commands are not shell commands.
>> See: http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow
>>
> bookmarked for study when I get in tonight, thanks
> 
> 2. Is this permanent
>>
>> No, since it wouldn't have actually done anything. Loading a module 
>> using "semodule" as described in the link above is permanent though.
>>
>> Before doing any of this, I would bear in mind a few things:
>>
>> 1. The AVC messages you're getting appear to be for several different 
>> processes, suggesting that there are several different issues here.
>>
> yes, there are several more "stanza's" of this in the logs.
>> 2. Are any of these issues symptoms of an actual problem, other than 
>> annoying messages coming up on the screen?
>>
> It has since day one sprinkled messages throughout the logs about the 
> dvdd/cd writer being confused.

ISTR something about this on the list not too long ago. Thought it might 
be a hardware problem actually.

  > NDI if this is related, and it did work
> for making dvd's under XP, and has read anything I put in it except 
> audio disks, those the players go thru all the motions of playing, but 
> no sound actually comes out.
> 
>> 3. The best solution might not be to "allow" these actions at all - 
>> some may be due to file contexts being wrong, others might be harmless 
>> and better off "dontaudit"ed instead,
>>
>> Have you at any time booted with SELinux disabled and have not since 
>> done a full relabel? I'm guessing that you have. 
> right, as  a test once
> 
>> What's the output of:
>>
>> $ ls -lZd /etc/localtime /var
>>
>> I would expect:
>>  -rw-r--r--  root     root     system_u:object_r:locale_t /etc/localtime
>> drwxr-xr-x  root     root     system_u:object_r:var_t          /var
>>
> [root at diablo ~]# ls -lZd /etc/localtime /var
> -rw-r--r--  root     root     root:object_r:etc_t              
> /etc/localtime
> drwxr-xr-x  root     root     system_u:object_r:var_t          /var
> 
>> You seem to have these as etc_t and file_t respectively.

I was right about one of them then :-)

I'd suggest relabelling the system before trying anything else. This 
will take a long time so schedule it at an appropriate time.

Set SELinux to permissive mode, reboot, and in the grub menu add 
"autorelabel" to the end of the "kernel" line.

After rebooting you can change SELinux back to enforcing mode if that's 
the setting you had before.

That will probably fix most of the AVC issues you're seeing.

Paul.

More information about the fedora-list mailing list