udev tries to execute files in /etc/dev.d
Daniel J Walsh
dwalsh at redhat.com
Fri Apr 16 16:22:44 UTC 2004
Aleksey Nogin wrote:
> I see a lot of messages of the form
>
> audit(1082098131.912:0): avc: denied { execute } for pid=3700
> exe=/sbin/udev name=dbus.dev dev=hda2 ino=229313
> scontext=system_u:system_r:udev_t tcontext=system_u:object_r:etc_t
> tclass=file
> audit(1082098131.920:0): avc: denied { execute } for pid=3701
> exe=/sbin/udev name=dbus.dev dev=hda2 ino=229313
> scontext=system_u:system_r:udev_t tcontext=system_u:object_r:etc_t
> tclass=file
> audit(1082098131.921:0): avc: denied { execute } for pid=3702
> exe=/sbin/udev name=pam_console.dev dev=hda2 ino=229315
> scontext=system_u:system_r:udev_t tcontext=system_u:object_r:etc_t
> tclass=file
> audit(1082098131.921:0): avc: denied { execute } for pid=3703
> exe=/sbin/udev name=selinux.dev dev=hda2 ino=229329
> scontext=system_u:system_r:udev_t tcontext=system_u:object_r:etc_t
> tclass=file
> audit(1082098131.922:0): avc: denied { execute } for pid=3704
> exe=/sbin/udev name=pam_console.dev dev=hda2 ino=229315
> scontext=system_u:system_r:udev_t tcontext=system_u:object_r:etc_t
> tclass=file
> audit(1082098131.922:0): avc: denied { execute } for pid=3705
> exe=/sbin/udev name=selinux.dev dev=hda2 ino=229329
> scontext=system_u:system_r:udev_t tcontext=system_u:object_r:etc_t
> tclass=file
>
> Should the files in /etc/dev.d be labeled differently?
Yes I am writing policy for the new version of udev now. It should be
inplace today.
More information about the fedora-selinux-list
mailing list