avc denied messages from boot

Richard Hally rhally at mindspring.com
Tue Apr 6 16:53:04 UTC 2004 

Daniel J Walsh wrote:

> Richard Hally wrote:
>
>> when booting to runlevel 5 in enforcing mode with the latest policy 
>> there were only a few AVC denied  messages. they are copied below.
>> [root at localhost root]# rpm -q policy policy-sources
>> policy-1.9.2-10
>> policy-sources-1.9.2-10
>> [root at localhost root]#
>>
>> Hope this helps,
>> Richard Hally
>
>
> There is a bug in the init scripts that leaves /initrd mounted.  If 
> you umount this directory most of these messages will disappear.
>
> The screensaver ones should be fixed by -12 policy
>
> Not sure why gnome is trying to manipulate the registry.xml file.
>
>
>>
>> --------------------messages-----------------------------
>> Apr  5 22:37:25 localhost crond: crond startup succeeded
>> Apr  5 22:37:25 localhost kernel: audit(1081219045.889:0): avc:  
>> denied  { read
>> } for  pid=1647 exe=/usr/sbin/crond name=mailman dev=hdc3 ino=539689 
>> scontext=system_u:system_r:crond_t tcontext=system_u:object_r:file_t 
>> tclass=file
>> Apr  5 22:37:27 localhost xfs: xfs startup succeeded
>>
>>
>> Apr  5 22:38:04 localhost gdm(pam_unix)[1814]: session opened for 
>> user richard by (uid=0)
>> Apr  5 22:38:19 localhost kernel: audit(1081219099.459:0): avc:  
>> denied  { setattr } for  pid=1886 
>> exe=/usr/libexec/gnome-settings-daemon name=registry.xml dev=hdc3 
>> ino=3009195 scontext=richard:staff_r:staff_t 
>> tcontext=system_u:object_r:var_t tclass=file
>> Apr  5 22:38:20 localhost kernel: audit(1081219100.136:0): avc:  
>> denied  { getattr } for  pid=1901 exe=/usr/X11R6/bin/xscreensaver 
>> path=/home/richard/.xscreensaver dev=hdc3 ino=2469233 
>> scontext=richard:staff_r:staff_screensaver_t 
>> tcontext=richard:object_r:staff_home_t tclass=file
>> Apr  5 22:38:29 localhost kernel: audit(1081219109.860:0): avc:  
>> denied  { getattr } for  pid=1955 exe=/usr/libexec/gnome-vfs-daemon 
>> path=/initrd dev=ram0 ino=2 scontext=richard:staff_r:staff_t 
>> tcontext=system_u:object_r:file_t tclass=dir
>> Apr  5 22:38:30 localhost kernel: audit(1081219110.466:0): avc:  
>> denied  { getattr } for  pid=1966 exe=/usr/bin/nautilus path=/initrd 
>> dev=ram0 ino=2 scontext=richard:staff_r:staff_t 
>> tcontext=system_u:object_r:file_t tclass=dir
>> Apr  5 22:38:30 localhost kernel: audit(1081219110.653:0): avc:  
>> denied  { getattr } for  pid=1967 exe=/usr/bin/nautilus path=/initrd 
>> dev=ram0 ino=2 scontext=richard:staff_r:staff_t 
>> tcontext=system_u:object_r:file_t tclass=dir
>> Apr  5 22:38:37 localhost kernel: audit(1081219117.803:0): avc:  
>> denied  { setattr } for  pid=1976 exe=/usr/libexec/mixer_applet2 
>> name=registry.xml dev=hdc3 ino=3009195 
>> scontext=richard:staff_r:staff_t tcontext=system_u:object_r:var_t tclas:
>>
>> -- 
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
Thanks Dan! you and the other people working on SELinux are making great 
progress. It looks like really will happen :)
Richard Hally

More information about the fedora-selinux-list mailing list