avc denied messages from boot
Richard Hally
rhally at mindspring.com
Tue Apr 6 16:53:04 UTC 2004
Daniel J Walsh wrote:
> Richard Hally wrote:
>
>> when booting to runlevel 5 in enforcing mode with the latest policy
>> there were only a few AVC denied messages. they are copied below.
>> [root at localhost root]# rpm -q policy policy-sources
>> policy-1.9.2-10
>> policy-sources-1.9.2-10
>> [root at localhost root]#
>>
>> Hope this helps,
>> Richard Hally
>
>
> There is a bug in the init scripts that leaves /initrd mounted. If
> you umount this directory most of these messages will disappear.
>
> The screensaver ones should be fixed by -12 policy
>
> Not sure why gnome is trying to manipulate the registry.xml file.
>
>
>>
>> --------------------messages-----------------------------
>> Apr 5 22:37:25 localhost crond: crond startup succeeded
>> Apr 5 22:37:25 localhost kernel: audit(1081219045.889:0): avc:
>> denied { read
>> } for pid=1647 exe=/usr/sbin/crond name=mailman dev=hdc3 ino=539689
>> scontext=system_u:system_r:crond_t tcontext=system_u:object_r:file_t
>> tclass=file
>> Apr 5 22:37:27 localhost xfs: xfs startup succeeded
>>
>>
>> Apr 5 22:38:04 localhost gdm(pam_unix)[1814]: session opened for
>> user richard by (uid=0)
>> Apr 5 22:38:19 localhost kernel: audit(1081219099.459:0): avc:
>> denied { setattr } for pid=1886
>> exe=/usr/libexec/gnome-settings-daemon name=registry.xml dev=hdc3
>> ino=3009195 scontext=richard:staff_r:staff_t
>> tcontext=system_u:object_r:var_t tclass=file
>> Apr 5 22:38:20 localhost kernel: audit(1081219100.136:0): avc:
>> denied { getattr } for pid=1901 exe=/usr/X11R6/bin/xscreensaver
>> path=/home/richard/.xscreensaver dev=hdc3 ino=2469233
>> scontext=richard:staff_r:staff_screensaver_t
>> tcontext=richard:object_r:staff_home_t tclass=file
>> Apr 5 22:38:29 localhost kernel: audit(1081219109.860:0): avc:
>> denied { getattr } for pid=1955 exe=/usr/libexec/gnome-vfs-daemon
>> path=/initrd dev=ram0 ino=2 scontext=richard:staff_r:staff_t
>> tcontext=system_u:object_r:file_t tclass=dir
>> Apr 5 22:38:30 localhost kernel: audit(1081219110.466:0): avc:
>> denied { getattr } for pid=1966 exe=/usr/bin/nautilus path=/initrd
>> dev=ram0 ino=2 scontext=richard:staff_r:staff_t
>> tcontext=system_u:object_r:file_t tclass=dir
>> Apr 5 22:38:30 localhost kernel: audit(1081219110.653:0): avc:
>> denied { getattr } for pid=1967 exe=/usr/bin/nautilus path=/initrd
>> dev=ram0 ino=2 scontext=richard:staff_r:staff_t
>> tcontext=system_u:object_r:file_t tclass=dir
>> Apr 5 22:38:37 localhost kernel: audit(1081219117.803:0): avc:
>> denied { setattr } for pid=1976 exe=/usr/libexec/mixer_applet2
>> name=registry.xml dev=hdc3 ino=3009195
>> scontext=richard:staff_r:staff_t tcontext=system_u:object_r:var_t tclas:
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
Thanks Dan! you and the other people working on SELinux are making great
progress. It looks like really will happen :)
Richard Hally
More information about the fedora-selinux-list
mailing list