avc denied messages from boot

Daniel J Walsh dwalsh at redhat.com
Tue Apr 6 11:10:04 UTC 2004 

Richard Hally wrote:

> when booting to runlevel 5 in enforcing mode with the latest policy 
> there were only a few AVC denied  messages. they are copied below.
> [root at localhost root]# rpm -q policy policy-sources
> policy-1.9.2-10
> policy-sources-1.9.2-10
> [root at localhost root]#
>
> Hope this helps,
> Richard Hally

There is a bug in the init scripts that leaves /initrd mounted.  If you 
umount this directory most of these messages will disappear.

The screensaver ones should be fixed by -12 policy

Not sure why gnome is trying to manipulate the registry.xml file.


>
> --------------------messages-----------------------------
> Apr  5 22:37:25 localhost crond: crond startup succeeded
> Apr  5 22:37:25 localhost kernel: audit(1081219045.889:0): avc:  
> denied  { read
> } for  pid=1647 exe=/usr/sbin/crond name=mailman dev=hdc3 ino=539689 
> scontext=system_u:system_r:crond_t tcontext=system_u:object_r:file_t 
> tclass=file
> Apr  5 22:37:27 localhost xfs: xfs startup succeeded
>
>
> Apr  5 22:38:04 localhost gdm(pam_unix)[1814]: session opened for user 
> richard by (uid=0)
> Apr  5 22:38:19 localhost kernel: audit(1081219099.459:0): avc:  
> denied  { setattr } for  pid=1886 
> exe=/usr/libexec/gnome-settings-daemon name=registry.xml dev=hdc3 
> ino=3009195 scontext=richard:staff_r:staff_t 
> tcontext=system_u:object_r:var_t tclass=file
> Apr  5 22:38:20 localhost kernel: audit(1081219100.136:0): avc:  
> denied  { getattr } for  pid=1901 exe=/usr/X11R6/bin/xscreensaver 
> path=/home/richard/.xscreensaver dev=hdc3 ino=2469233 
> scontext=richard:staff_r:staff_screensaver_t 
> tcontext=richard:object_r:staff_home_t tclass=file
> Apr  5 22:38:29 localhost kernel: audit(1081219109.860:0): avc:  
> denied  { getattr } for  pid=1955 exe=/usr/libexec/gnome-vfs-daemon 
> path=/initrd dev=ram0 ino=2 scontext=richard:staff_r:staff_t 
> tcontext=system_u:object_r:file_t tclass=dir
> Apr  5 22:38:30 localhost kernel: audit(1081219110.466:0): avc:  
> denied  { getattr } for  pid=1966 exe=/usr/bin/nautilus path=/initrd 
> dev=ram0 ino=2 scontext=richard:staff_r:staff_t 
> tcontext=system_u:object_r:file_t tclass=dir
> Apr  5 22:38:30 localhost kernel: audit(1081219110.653:0): avc:  
> denied  { getattr } for  pid=1967 exe=/usr/bin/nautilus path=/initrd 
> dev=ram0 ino=2 scontext=richard:staff_r:staff_t 
> tcontext=system_u:object_r:file_t tclass=dir
> Apr  5 22:38:37 localhost kernel: audit(1081219117.803:0): avc:  
> denied  { setattr } for  pid=1976 exe=/usr/libexec/mixer_applet2 
> name=registry.xml dev=hdc3 ino=3009195 
> scontext=richard:staff_r:staff_t tcontext=system_u:object_r:var_t tclas:
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list

More information about the fedora-selinux-list mailing list