Help with avc's on /init

Stephen Smalley sds at
Wed Jul 13 14:11:56 UTC 2005

On Wed, 2005-07-13 at 15:06 +0100, Ruth Ivimey-Cook wrote:
> I've just updated my desktop to FC4, have updated the policy to latest 
> available versions, and am having problems with selinux denying access to a 
> file I can't even find! Hoping someone can help.
> OS: FC4, updated today.
> Policy 1-25-1
> Mode Targeted
> kernel (
> Jul 13 14:35:25 filestore kernel: [4294782.219000]
> audit(1121261725.182:0): avc:  denied  { use } for  path=/init
> dev=rootfs ino=42 scontext=system_u:system_r:i18n_input_t
> tcontext=system_u:system_r:kernel_t tclass=fd

This is a file from the "rootfs", i.e. the in-memory filesystem exploded
from the initramfs image by the kernel during initialization.  It isn't
an on-disk file.  The kernel is improperly leaving a descriptor to it
open when it executes /sbin/init, and this is then being inherited by
all processes.  SELinux rechecks access to open descriptors during
execve, and if in enforcing mode, should be closing the descriptor and
re-opening it to the null device due to the denial.  Normally this stops
the flow of such audit messages early on, as it is no longer inherited
after that point.

> I'm not quite sure what effect the denials are having, but the system is not 
> very stable at present.

That particular denial should have no impact on stability.

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list