Odd messages during bootup from gdm

Fri May 5 01:36:25 UTC 2006

Paul Howarth wrote:
> Gene Heskett wrote:
>> Paul Howarth wrote:
>>> Gene Heskett wrote:
>>>> 2 Q's:
>>>> 1.  Was that the right thing to do, and
>>>
>>> No. The "allow" commands are not shell commands.
>>> See: http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow
>>>
>> bookmarked for study when I get in tonight, thanks
>>
>> 2. Is this permanent
>>>
>>> No, since it wouldn't have actually done anything. Loading a module 
>>> using "semodule" as described in the link above is permanent though.
>>>
>>> Before doing any of this, I would bear in mind a few things:
>>>
>>> 1. The AVC messages you're getting appear to be for several 
>>> different processes, suggesting that there are several different 
>>> issues here.
>>>
>> yes, there are several more "stanza's" of this in the logs.
>>> 2. Are any of these issues symptoms of an actual problem, other than 
>>> annoying messages coming up on the screen?
>>>
>> It has since day one sprinkled messages throughout the logs about the 
>> dvdd/cd writer being confused.
>
> ISTR something about this on the list not too long ago. Thought it 
> might be a hardware problem actually.
>
>  > NDI if this is related, and it did work
>> for making dvd's under XP, and has read anything I put in it except 
>> audio disks, those the players go thru all the motions of playing, 
>> but no sound actually comes out.
>>
>>> 3. The best solution might not be to "allow" these actions at all - 
>>> some may be due to file contexts being wrong, others might be 
>>> harmless and better off "dontaudit"ed instead,
>>>
>>> Have you at any time booted with SELinux disabled and have not since 
>>> done a full relabel? I'm guessing that you have. 
>> right, as  a test once
>>
>>> What's the output of:
>>>
>>> $ ls -lZd /etc/localtime /var
>>>
>>> I would expect:
>>>  -rw-r--r--  root     root     system_u:object_r:locale_t 
>>> /etc/localtime
>>> drwxr-xr-x  root     root     system_u:object_r:var_t          /var
>>>
>> [root at diablo ~]# ls -lZd /etc/localtime /var
>> -rw-r--r--  root     root     root:object_r:etc_t              
>> /etc/localtime
>> drwxr-xr-x  root     root     system_u:object_r:var_t          /var
>>
>>> You seem to have these as etc_t and file_t respectively.
>
> I was right about one of them then :-)
>
> I'd suggest relabelling the system before trying anything else. This 
> will take a long time so schedule it at an appropriate time.
>
> Set SELinux to permissive mode, reboot, and in the grub menu add 
> "autorelabel" to the end of the "kernel" line.
>
> After rebooting you can change SELinux back to enforcing mode if 
> that's the setting you had before.
>
> That will probably fix most of the AVC issues you're seeing.
>
> Paul.
>
Ok, thats next, I can answer the rest of this mail after thats done.  
Thanks :)

-- 
Cheers, Gene