hald, udev ...

[Tom London]

Running strict/enforcing off of Rawhide,
kernel-2.6.10-1.1087_FC4.

After applying today's updates, but booting
above kernel (1089 has problems....)
I get the following AVCs:

Jan 15 11:38:33 fedora kernel: audit(1105789089.441:0): avc:  denied 
{ search } for  pid=1501 exe=/bin/bash name=modules dev=hda2
ino=3178500 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:modules_object_t tclass=dir
Jan 15 11:38:33 fedora kernel: audit(1105789091.037:0): avc:  denied 
{ search } for  pid=1659 exe=/bin/bash name=usb dev=hda2 ino=4456490
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:hotplug_var_run_t tclass=dir
Jan 15 11:38:33 fedora kernel: audit(1105789091.040:0): avc:  denied 
{ search } for  pid=1659 exe=/bin/bash name=modules dev=hda2
ino=3178500 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:modules_object_t tclass=dir
Jan 15 11:38:33 fedora kernel: audit(1105789091.055:0): avc:  denied 
{ search } for  pid=1691 exe=/bin/bash name=usb dev=hda2 ino=4456490
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:hotplug_var_run_t tclass=dir
Jan 15 11:38:33 fedora kernel: audit(1105789091.057:0): avc:  denied 
{ search } for  pid=1691 exe=/bin/bash name=modules dev=hda2
ino=3178500 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:modules_object_t tclass=dir
Jan 15 11:38:33 fedora kernel: audit(1105789091.869:0): avc:  denied 
{ search } for  pid=1688 exe=/bin/bash name=usb dev=hda2 ino=4456490
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:hotplug_var_run_t tclass=dir
Jan 15 11:38:33 fedora kernel: audit(1105789091.872:0): avc:  denied 
{ search } for  pid=1688 exe=/bin/bash name=modules dev=hda2
ino=3178500 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:modules_object_t tclass=dir
Jan 15 11:38:33 fedora kernel: audit(1105789092.598:0): avc:  denied 
{ search } for  pid=1724 exe=/bin/bash name=usb dev=hda2 ino=4456490
scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:hotplug_var_run_t tclass=dir
Jan 15 11:38:33 fedora kernel: audit(1105789092.601:0): avc:  denied 
{ search } for  pid=1724 exe=/bin/bash name=modules dev=hda2
ino=3178500 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:modules_object_t tclass=dir
Jan 15 11:38:33 fedora kernel: audit(1105789093.046:0): avc:  denied 
{ search } for  pid=1735 exe=/bin/bash name=modules dev=hda2
ino=3178500 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:modules_object_t tclass=dir
Jan 15 11:38:33 fedora kernel: audit(1105789093.091:0): avc:  denied 
{ search } for  pid=1772 exe=/bin/bash name=modules dev=hda2
ino=3178500 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:modules_object_t tclass=dir
Jan 15 11:38:33 fedora kernel: audit(1105789093.120:0): avc:  denied 
{ search } for  pid=1779 exe=/bin/bash name=modules dev=hda2
ino=3178500 scontext=system_u:system_r:udev_t
tcontext=system_u:object_r:modules_object_t tclass=dir
Jan 15 11:39:02 fedora kernel: audit(1105817942.699:0): avc:  denied 
{ search } for  pid=2766 exe=/usr/sbin/hald name=net dev=proc
ino=-268435434 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:proc_net_t tclass=dir
Jan 15 11:39:02 fedora kernel: audit(1105817942.924:0): avc:  denied 
{ search } for  pid=2766 exe=/usr/sbin/hald name=net dev=proc
ino=-268435434 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:proc_net_t tclass=dir

suggesting:
r_dir_file(hald_t, proc_net_t)
r_dir_file(udev_t, {hotplug_var_t modules_object_t})

tom


-- 
Tom London