Experiences with selinux enabled targetted on Fedora Core 3

Daniel J Walsh dwalsh at redhat.com
Tue Feb 22 00:33:18 UTC 2005 

Richard E Miles wrote:

>On Mon, 21 Feb 2005 19:09:29 -0500
>Colin Walters <walters at redhat.com> wrote:
>
>  
>
>>On Mon, 2005-02-21 at 16:05 -0800, Richard E Miles wrote:
>>
>>    
>>
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>      
>>>
>>Is your root filesystem labeled?
>>    
>>
>
>Probably not. The best way to do this is to touch /.autorelable right?
>  
>
/.autorelabel

>  
>
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>>>SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses genfs_contexts
>>><snip>
>>>IPv6 over IPv4 tunneling driver
>>>divert: not allocating divert_blk for non-ethernet device sit0
>>>audit(1109009547.625:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.625:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.625:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.763:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.766:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>audit(1109009547.766:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>>>
>>>Obviously something is amiss. I do not know how to correct these messages for
>>>the services. Does anyone know how the fix this delemma? If not should I
>>>bugzilla it?
>>>
>>>-- 
>>>Richard E Miles
>>>Federal Way WA. USA
>>>registered linux user 46097
>>>
>>>--
>>>fedora-selinux-list mailing list
>>>fedora-selinux-list at redhat.com
>>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>      
>>>
>>--
>>fedora-selinux-list mailing list
>>fedora-selinux-list at redhat.com
>>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>    
>>
>
>
>  
>

More information about the fedora-selinux-list mailing list