1105 fails to boot....

Daniel J Walsh dwalsh at redhat.com
Fri Jan 21 17:32:50 UTC 2005


Stephen Smalley wrote:

>On Fri, 2005-01-21 at 10:38, Tom London wrote:
>  
>
>>Jan 21 07:24:30 fedora kernel: audit(1106292231.919:0): avc:  denied 
>>{ read } for  pid=478 exe=/bin/hostname path=/init dev=rootfs ino=17
>>scontext=system_u:system_r:hostname_t
>>tcontext=system_u:object_r:root_t tclass=file
>>    
>>
>
>I think that this denial reflects a kernel bug - leaking a descriptor to
>the rootfs to userspace.  Shouldn't interfere with booting.
>
>  
>
>>Jan 21 07:24:30 fedora kernel: audit(1106292234.081:0): avc:  denied 
>>{ read } for  pid=576 exe=/sbin/restorecon name=customizable_types
>>dev=hda2 ino=4506184 scontext=system_u:system_r:restorecon_t
>>tcontext=system_u:object_r:default_context_t tclass=file
>>    
>>
>
>This is more likely the culprit.  restorecon is now trying to read the
>customizable_types file to identify contexts that it shouldn't try to
>relabel, but if it lacks permission to do so, then the current code is
>going to prevent relabeling anything, as it is merely checking for a
>non-zero return from is_context_customizable(), which could be an
>error.  Fix is to allow access by restorecon_t and setfiles_t, but also
>likely change the calling code to distinguish the error case from > 0
>case.
>
>  
>
Fix in selinux-policy-*-1.21.2-7




More information about the fedora-selinux-list mailing list