SELinux kerneloops and dhclient issues

Daniel J Walsh dwalsh at redhat.com
Fri Sep 12 13:23:16 UTC 2008


Stephen Croll wrote:
> Daniel J Walsh wrote:
>> So KDE+Konsole seems to be leaking a file descriptor.
>>
>>   
> Yes, that seems to be the case.  With KDE 4.1, the fd is now 23 (if
> that's somehow useful):
> 
> [root at gerbil ~]# ls -lZ /proc/self/fd
> lrwx------  root root
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 0 -> /dev/pts/1
> lrwx------  root root
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 1 -> /dev/pts/1
> lrwx------  root root
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2 -> /dev/pts/1
> lrwx------  root root
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 23 -> socket:[31558]
> lr-x------  root root
> unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 3 -> /proc/5660/fd
> 
> Also, NetworkManager, whether on or off, doesn't seem to make a
> difference now.
> -- 
> Steve Croll
> 
> 
> 
> 
Report it as a bug to kde.  You can CC me if you like.

You can allow this rule or dontaudit it using audit2allow to build
policy. Or you can tell setroubleshoot to ignore the avc.  It will not
cause you any problems and SELinux will close the leaked file descriptor
before starting any confined domains.




More information about the fedora-list mailing list