avc denied from /.autorelabel
Richard Hally
rhallyx at mindspring.com
Mon Dec 6 11:13:21 UTC 2004
Included below are the avc denied messages from trying to do an
autorelabel while in enforcing mode with the strict policy.
there are also messages about line 64 of rc.sysinit: permission denied.
Looks like sysinit(initrc_t) is trying to write to /selinux/enforce with
out being allowed to do so.
Thus setfiles can not read file_contexts.
HTH
Richard Hally
Dec 6 05:53:56 new2 kernel: audit(1102330419.769:0): avc: denied {
write } for pid=213 exe=/bin/bash name=enforce dev=selinuxfs ino=4
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:security_t tclass=file
Dec 6 05:53:56 new2 kernel: audit(1102330419.769:0): avc: denied {
write } for pid=213 exe=/bin/bash name=enforce dev=selinuxfs ino=4
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:security_t tclass=file
Dec 6 05:53:56 new2 kernel: audit(1102330420.005:0): avc: denied {
read } for pid=1279 exe=/usr/sbin/setfiles name=file_contexts dev=dm-0
ino=3998097 scontext=system_u:system_r:initrc_t
tcontext=root:object_r:file_context_t tclass=file
Dec 6 05:53:56 new2 kernel: audit(1102330420.026:0): avc: denied {
write } for pid=213 exe=/bin/bash name=enforce dev=selinuxfs ino=4
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:security_t tclass=file
Dec 6 05:53:56 new2 kernel: audit(1102330420.026:0): avc: denied {
write } for pid=213 exe=/bin/bash name=enforce dev=selinuxfs ino=4
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:security_t tclass=file
More information about the fedora-selinux-list
mailing list