strange AVC messages with kernel 2.6.6-1.427
Russell Coker
russell at coker.com.au
Sat Jun 12 11:38:37 UTC 2004
With the latest kernel I am getting some strange AVC messages I didn't get
with 2.6.5-1.358.
audit(1087039822.666:0): avc: denied { getattr } for pid=5262
exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t
tcontext=system_u:object_r:root_t tclass=chr_file
audit(1087039822.684:0): avc: denied { getattr } for pid=5262
exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t
tcontext=system_u:object_r:root_t tclass=chr_file
There is no device node 16381 on the file system. Running the same command
repeatedly gives similar messages with different inode numbers, so I guess
it's some sort of temporary file. The machine is in enforcing mode and
nothing that might want to create a root_t chr_file has permission to do
so...
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list