More AVCs during boot
Daniel J Walsh
dwalsh at redhat.com
Mon Sep 20 21:18:14 UTC 2004
Felipe Alfaro Solana wrote:
> Hi!
>
> With selinux-policy-targeted, I get this during boot:
>
> audit(1095721178.335:0): avc: denied { associate } for pid=508
> exe=/sbin/restorecon name=initctl dev=tmpfs ino=1992
> scontext=system_u:object_r:initctl_t
> tcontext=system_u:object_r:tmpfs_t tclass=filesystem
>
> audit(1095721179.084:0): avc: denied { associate } for pid=721
> exe=/usr/sbin/setfiles name=initctl dev=tmpfs ino=1992
> scontext=system_u:object_r:initctl_t
> tcontext=system_u:object_r:tmpfs_t tclass=filesystem
>
> which seem related related to "/dev/initctl".
>
> audit(1095721179.097:0): avc: denied { associate } for pid=721
> exe=/usr/sbin/setfiles name=.udev.tdb dev=tmpfs ino=366
> scontext=system_u:object_r:udev_tbl_t
> tcontext=system_u:object_r:tmpfs_t tclass=filesystem
>
> which is related to /dev/.udev.tdb
>
Latest policy should fix these.
> audit(1095714008.289:0): avc: denied { setrlimit } for pid=2218
> exe=/usr/sbin/named scontext=user_u:system_r:named_t
> tcontext=user_u:system_r:named_t tclass=process
>
> related to bind
Added a rule to allow this in policy.
>
> audit(1095714008.771:0): avc: denied { read } for pid=2251
> exe=/usr/sbin/ntpd name=drift dev=hda2 ino=10289214
> scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t
> tclass=file
Which drift file are you accessing and where is it located? It should
not be marked file_t?
>
> related to ntpd.
>
> Any ideas?
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list