1105 fails to boot....
Daniel J Walsh
dwalsh at redhat.com
Fri Jan 21 17:32:50 UTC 2005
Stephen Smalley wrote:
>On Fri, 2005-01-21 at 10:38, Tom London wrote:
>
>
>>Jan 21 07:24:30 fedora kernel: audit(1106292231.919:0): avc: denied
>>{ read } for pid=478 exe=/bin/hostname path=/init dev=rootfs ino=17
>>scontext=system_u:system_r:hostname_t
>>tcontext=system_u:object_r:root_t tclass=file
>>
>>
>
>I think that this denial reflects a kernel bug - leaking a descriptor to
>the rootfs to userspace. Shouldn't interfere with booting.
>
>
>
>>Jan 21 07:24:30 fedora kernel: audit(1106292234.081:0): avc: denied
>>{ read } for pid=576 exe=/sbin/restorecon name=customizable_types
>>dev=hda2 ino=4506184 scontext=system_u:system_r:restorecon_t
>>tcontext=system_u:object_r:default_context_t tclass=file
>>
>>
>
>This is more likely the culprit. restorecon is now trying to read the
>customizable_types file to identify contexts that it shouldn't try to
>relabel, but if it lacks permission to do so, then the current code is
>going to prevent relabeling anything, as it is merely checking for a
>non-zero return from is_context_customizable(), which could be an
>error. Fix is to allow access by restorecon_t and setfiles_t, but also
>likely change the calling code to distinguish the error case from > 0
>case.
>
>
>
Fix in selinux-policy-*-1.21.2-7
More information about the fedora-selinux-list
mailing list