selinux-policy-strict-1.13.9-1, difficulty.

Ivan Gyurdiev ivg2 at cornell.edu
Sun Jun 27 12:41:37 UTC 2004 

> 1.13.9 went out with tunables turned off.  1.13.10 fixes this problem.

Yes, that fixes 90% of all problems.
The AVCs left look familiar. Here's all of them. I left one of each
kind. 

Udev:

 audit(1088316302.804:0): avc:  denied  { execute } for  pid=260 exe=/
bin/bash name=udev.hotplug dev=hda7 ino=35718314 scontext=system_u:
system_r:kernel_t tcontext=system_u:object_r:udev_helper_exec_t
tclass=file

Lvm.static:

audit(1088337913.192:0): avc:  denied  { search } for  pid=854 exe=/
sbin/lvm.static name=selinux dev=hda7 ino=21763330 scontext=system_u:
system_r:lvm_t tcontext=system_u:object_r:selinux_config_t tclass=d
audit(1088337922.000:0): avc:  denied  { getattr } for  pid=854 exe=/

sbin/lvm.static path=/dev/vcsa01 dev=hda7 ino=12734292
scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:device_t
tclass=file

audit(1088337922.006:0): avc:  denied  { getattr } for  pid=854 exe=/
sbin/lvm.static path=/dev/vcsa05 dev=hda7 ino=12613346
scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:device_t
tclass=fileir


Hal:

audit(1088337915.701:0): avc:  denied  { search } for  pid=903 exe=/usr/
libexec/hal.dev name=dbus dev=hda7 ino=2677359 scontext=system_u:
system_r:udev_t tcontext=system_u:object_r:dbusd_var_run_t tclass=dir

Restorecon:

audit(1088337917.431:0): avc:  denied  { use } for  pid=912 exe=/sbin/
restorecon path=/dev/null dev=hda7 ino=15237714 scontext=system_u:
system_r:restorecon_t tcontext=system_u:system_r:hotplug_t tclass=fd

audit(1088337917.431:0): avc:  denied  { read write } for  pid=912 exe=/
sbin/restorecon path=socket:[966] dev=sockfs ino=966 scontext=system_u:
system_r:restorecon_t tcontext=system_u:system_r:udev_t
tclass=unix_dgram_socket

Sulogin:

Jun 27 06:17:21 cobra kernel: audit(1088337927.587:0): avc:  denied
{ search } for  pid=1605 exe=/sbin/sulogin name=selinux dev=hda7
ino=21763330 scontext=system_u:system_r:sulogin_t tcontext=system_u:
object_r:selinux_config_t tclass=dir

Klogd:

Jun 27 06:17:21 cobra kernel: audit(1088338640.308:0): avc:  denied
{ read } for  pid=2222 exe=/sbin/klogd name=System.map dev=hda1 ino=13
scontext=system_u:system_r:klogd_t tcontext=system_u:object_r:boot_t
tclass=lnk_file

Lock:

Jun 27 06:17:34 cobra kernel: audit(1088338654.709:0): avc:  denied
{ search } for  pid=2439 exe=/bin/bash name=lock dev=hda7 ino=31349249
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:var_lock_t
tclass=dir

Httpd:

Jun 27 06:17:39 cobra kernel: audit(1088338659.767:0): avc:  denied
{ getattr } for  pid=2429 exe=/usr/sbin/httpd path=/sbin dev=hda7
ino=4283144 scontext=system_u:system_r:httpd_t tcontext=system_u:
object_r:sbin_t tclass=dir

Jun 27 06:17:39 cobra kernel: audit(1088338659.767:0): avc:  denied
{ getattr } for  pid=2429 exe=/usr/sbin/httpd path=/usr/sbin dev=hda7
ino=1662509 scontext=system_u:system_r:httpd_t tcontext=system_u:
object_r:sbin_t tclass=dir

Jun 27 06:17:39 cobra kernel: audit(1088338659.768:0): avc:  denied
{ getattr } for  pid=2429 exe=/usr/sbin/httpd path=/bin dev=hda7 ino=132
scontext=system_u:system_r:httpd_t tcontext=system_u:object_r:bin_t
tclass=dir

Jun 27 06:17:39 cobra kernel: audit(1088338659.768:0): avc:  denied
{ getattr } for  pid=2429 exe=/usr/sbin/httpd path=/usr/bin dev=hda7
ino=4283629 scontext=system_u:system_r:httpd_t tcontext=system_u:
object_r:bin_t tclass=dir

Jun 27 06:17:39 cobra kernel: audit(1088338659.768:0): avc:  denied
{ getattr } for  pid=2429 exe=/usr/sbin/httpd path=/usr/X11R6/bin
dev=hda7 ino=5645421 scontext=system_u:system_r:httpd_t
tcontext=system_u:object_r:bin_t tclass=dir

Jun 27 06:17:41 cobra kernel: audit(1088338661.210:0): avc:  denied
{ getattr } for  pid=2451 exe=/usr/sbin/httpd path=/sbin dev=hda7
ino=4283144 scontext=system_u:system_r:httpd_t tcontext=system_u:
object_r:sbin_t tclass=dir

Jun 27 06:17:41 cobra kernel: audit(1088338661.441:0): avc:  denied
{ write } for  pid=2451 exe=/usr/sbin/httpd name=jk2.shm dev=hda7
ino=22857853 scontext=system_u:system_r:httpd_t tcontext=system_u:
object_r:httpd_log_t tclass=file

Jun 27 06:17:50 cobra kernel: audit(1088338670.336:0): avc:  denied
{ getattr } for  pid=2451 exe=/usr/sbin/httpd path=/usr/share/snmp/
mibs/.index dev=hda7 ino=5977546 scontext=system_u:system_r:httpd_t
tcontext=system_u:object_r:snmpd_var_lib_t tclass=file

Jun 27 06:17:50 cobra kernel: audit(1088338670.337:0): avc:  denied
{ write } for  pid=2451 exe=/usr/sbin/httpd name=.index dev=hda7
ino=5977546 scontext=system_u:system_r:httpd_t tcontext=system_u:
object_r:snmpd_var_lib_t tclass=file

xfs:

Jun 27 06:18:30 cobra kernel: audit(1088338710.740:0): avc:  denied
{ search } for  pid=2672 exe=/usr/X11R6/bin/xfs dev=tmpfs ino=2786
scontext=system_u:system_r:xfs_t tcontext=system_u:object_r:tmpfs_t
tclass=dir

Xorg:

Jun 27 06:18:57 cobra kernel: audit(1088338737.144:0): avc:  denied
{ getattr } for  pid=3276 exe=/usr/X11R6/bin/Xorg path=/tmp/.X11-unix
dev=tmpfs ino=6547 scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:xdm_tmpfs_t tclass=dir



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040627/3f2af2e7/attachment.sig>

More information about the fedora-selinux-list mailing list