strange AVC messages with kernel 2.6.6-1.427

Russell Coker russell at coker.com.au
Sat Jun 12 11:38:37 UTC 2004


With the latest kernel I am getting some strange AVC messages I didn't get 
with 2.6.5-1.358.

audit(1087039822.666:0): avc:  denied  { getattr } for  pid=5262 
exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t 
tcontext=system_u:object_r:root_t tclass=chr_file
audit(1087039822.684:0): avc:  denied  { getattr } for  pid=5262 
exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t 
tcontext=system_u:object_r:root_t tclass=chr_file

There is no device node 16381 on the file system.  Running the same command 
repeatedly gives similar messages with different inode numbers, so I guess 
it's some sort of temporary file.  The machine is in enforcing mode and 
nothing that might want to create a root_t chr_file has permission to do 
so...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



More information about the fedora-selinux-list mailing list