avc denied messages from lvm.static

Francis K Shim francis.shim at sympatico.ca
Mon Jun 14 12:13:45 UTC 2004


I am just adding the audit output I got with regards to lvm.static:

audit(1087215619.565:0): avc:  denied  { read } for  pid=835
exe=/sbin/lvm.static name=dri dev=hda6 ino=409347
scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:dri_device_t
tclass=dir
audit(1087215619.575:0): avc:  denied  { search } for  pid=835
exe=/sbin/lvm.static name=dri dev=hda6 ino=409347
scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:dri_device_t
tclass=dir
audit(1087215621.189:0): avc:  denied  { getattr } for  pid=835
exe=/sbin/lvm.static path=/dev/shm dev=hda6 ino=603157
scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t
tclass=dir
audit(1087215621.189:0): avc:  denied  { read } for  pid=835
exe=/sbin/lvm.static name=shm dev=hda6 ino=603157
scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t
tclass=dir

Regards,
Frank

On Mon, 2004-06-14 at 07:28, Russell Coker wrote:
> On Mon, 14 Jun 2004 15:27, Richard Hally <rhallyx at mindspring.com> wrote:
> > While booting the 427  kernel in enforcing mode with
> > selinux-policy-strict-1.13.4-5,
> > the following avc denied messages occur:
> >
> > Jun 13 21:04:03 new2 kernel: audit(1087175021.671:0): avc:  denied  {
> > search } for  pid=931 exe=/sbin/lvm.static dev=devpts ino=1
> > scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:devpts_t
> > tclass=dir
> 
> I guess we should add that, I'll put it in my tree now.
> 
> > Jun 13 21:04:03 new2 kernel: audit(1087175022.193:0): avc:  denied  {
> > getattr }
> > for  pid=931 exe=/sbin/lvm.static path=/dev/shm dev=hda2 ino=1091316
> > scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t
> > tclass=dir
> 
> It looks like you don't have /dev/shm mounted.  Have you done anything 
> deliberately to cause this?
-- 
Francis K Shim <francis.shim at sympatico.ca>




More information about the fedora-selinux-list mailing list