AVC message problem

Daniel J Walsh dwalsh at redhat.com
Mon Oct 24 18:06:36 UTC 2005 

Tom Diehl wrote:
> On Mon, 24 Oct 2005, Daniel J Walsh wrote:
>
>   
>> Tom Diehl wrote:
>>     
>>> Hi all,
>>>
>>> Since upgrading to EL4-U2 I am getting the following avc messages in my logs:
>>>
>>> Oct 23 14:46:21 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for  scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus
>>>
>>> Can someone tell me how to go about fixing this, short of turning off selinux?
>>>
>>> (pocono pts13) # rpm -qa | grep selinux
>>> libselinux-1.19.1-7
>>> libselinux-1.19.1-7
>>> selinux-policy-targeted-1.17.30-2.110
>>> libselinux-devel-1.19.1-7
>>> (pocono pts13) # rpm -qa dbus
>>> dbus-0.22-12.EL.5
>>> (pocono pts13) # uname -r
>>> 2.6.9-22.ELsmp
>>> (pocono pts13) #
>>>
>>> I get hundreds of these a day. I have tried relabeling but no change.
>>>
>>> The system arch is x86_64
>>>
>>>       
>> Could you try
>>     
>
> Yep
>
>   
>> ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3/selinux-policy-targeted-*
>>
>> We are moving to deliver an errata release of this policy.
>>     
>
> I did the following:
>
> (pocono pts18) # rpm -Fvh selinux-policy-targeted-1.17.30-2.117.noarch.rpm
> Preparing...                ########################################### [100%]
>    1:selinux-policy-targeted########################################### [100%]
> (pocono pts18) #
>
> And I got the following in the logs:
>
> Oct 24 10:59:21 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for  scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus
> Oct 24 10:59:31 pocono last message repeated 2 times
> Oct 24 10:59:35 pocono kernel: security:  3 users, 4 roles, 354 types, 25 bools
> Oct 24 10:59:35 pocono kernel: security:  55 classes, 21778 rules
> Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81 loginuid=-1 message=avc:  received policyload notice (seqno=1)
> Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81 loginuid=-1 message=avc:  4 AV entries and 4/512 buckets used, longest chain length 1
> Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=4252 uid=508 loginuid=-1 message=avc:  received policyload notice (seqno=1)
> Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=4252 uid=508 loginuid=-1 message=avc:  1 AV entries and 1/512 buckets used, longest chain length 1
>
> So far no more avc messages. They were showing up every 5-15 seconds
> before. It has been approx 5 minutes with no avc messages. 
>
> Is there anything else I should be looking at?
>
>   
Nope it should all work now. 
> Is there a bug for this?
>   
Yes, hopefully we will release this as an errata, It will definitely be 
in U3.
> Thank You for the help.
>
> Regards,
>
> Tom Diehl		tdiehl at rogueind.com		Spamtrap address mtd123 at rogueind.com
>   


--

More information about the fedora-selinux-list mailing list