Help with avc's on /init
Stephen Smalley
sds at tycho.nsa.gov
Wed Jul 13 14:11:56 UTC 2005
On Wed, 2005-07-13 at 15:06 +0100, Ruth Ivimey-Cook wrote:
> I've just updated my desktop to FC4, have updated the policy to latest
> available versions, and am having problems with selinux denying access to a
> file I can't even find! Hoping someone can help.
>
> OS: FC4, updated today.
> Policy 1-25-1
> Mode Targeted
> kernel 2.6.12.1 (kernel.org)
>
>
> Jul 13 14:35:25 filestore kernel: [4294782.219000]
> audit(1121261725.182:0): avc: denied { use } for path=/init
> dev=rootfs ino=42 scontext=system_u:system_r:i18n_input_t
> tcontext=system_u:system_r:kernel_t tclass=fd
This is a file from the "rootfs", i.e. the in-memory filesystem exploded
from the initramfs image by the kernel during initialization. It isn't
an on-disk file. The kernel is improperly leaving a descriptor to it
open when it executes /sbin/init, and this is then being inherited by
all processes. SELinux rechecks access to open descriptors during
execve, and if in enforcing mode, should be closing the descriptor and
re-opening it to the null device due to the denial. Normally this stops
the flow of such audit messages early on, as it is no longer inherited
after that point.
> I'm not quite sure what effect the denials are having, but the system is not
> very stable at present.
That particular denial should have no impact on stability.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list