changed selinux to permissive get new avcs

Antonio Olivares olivares14031 at yahoo.com
Sun Apr 2 02:11:34 UTC 2006



--- Rahul Sundaram <sundaram at fedoraproject.org> wrote:

> On Sat, 2006-04-01 at 17:56 -0800, Antonio Olivares
> wrote:
> > Dear all,
> >    As I had some previous trouble with selinux,
> and
> > have gotten little to no advice, I read through
> the
> > fedora wiki, and fedora selinux-faq and previous
> > knowlege/advice from fedora-list
> 
> Can you state what trouble you had specifically?
> 
> Rahul
> 
> 
Ok here we go, I sent these messages to
fedora-selinux-list as shown 

------------------------------

Message: 6
Date: Sat, 1 Apr 2006 00:51:47 -0800 (PST)
From: Antonio Olivares <olivares14031 at yahoo.com>
Subject: nfs avc messages with
kernel-2.6.16-1.2069_FC4 
To: fedora-selinux-list at redhat.com
Message-ID:
<20060401085147.91904.qmail at web52610.mail.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"

Dear all, 
  I decided to install latest FC4 kernel
2.6.16-1.2069_FC4 or so. Upon booting I can no longer
surf the internet.  I get some avc denied messages
from dmesg.  How can I fix this issue?

I do not want to disable selinux.

TIA,

Antonio 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dmesg-selinux04012006.log
Type: text/x-log
Size: 15583 bytes
Desc: 4111971101-dmesg-selinux04012006.log
Url : 
https://www.redhat.com/archives/fedora-selinux-list/attachments/20060401/45456085/dmesg-selinux04012006.bin

------------------------------


Message: 1
Date: Sat, 1 Apr 2006 09:57:40 -0800 (PST)
From: Antonio Olivares <olivares14031 at yahoo.com>
Subject: Re:  nfs avc messages with
kernel-2.6.16-1.2069_FC4 
To: fedora-selinux-list at redhat.com
Message-ID:
<20060401175740.57441.qmail at web52601.mail.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1


RE:  nfs avc messages with kernel-2.6.16-1.2069_FC4 

Message: 6
Date: Sat, 1 Apr 2006 00:51:47 -0800 (PST)
From: Antonio Olivares <olivares14031 at yahoo.com>
Subject: nfs avc messages with
kernel-2.6.16-1.2069_FC4 
To: fedora-selinux-list at redhat.com
Message-ID:
<20060401085147.91904.qmail at web52610.mail.yahoo.com>
Content-Type: text/plain; charset="iso-8859-1"

Dear all, 
  I decided to install latest FC4 kernel
2.6.16-1.2069_FC4 or so. Upon booting I can no longer
surf the internet.  I get some avc denied messages
from dmesg.  How can I fix this issue?

I do not want to disable selinux.

TIA,

Antonio 

======================================================

Here are the avc's.  Since they were not present in
the previous email to fedora-selinux-list at redhat.com 

I do not want to disable selinux to be able to surf
the internet.  How can I take care of this?

I appreciate all comments/help I can get.  

SELinux: initialized (dev binfmt_misc, type
binfmt_misc), uses genfs_contexts
ip_tables: (C) 2000-2006 Netfilter Core Team
Netfilter messages via NETLINK v0.30.
ip_conntrack version 2.4 (3071 buckets, 24568 max) -
232 bytes per conntrack
audit(1143912938.407:2): avc:  denied  { sendto } for 
pid=1620 comm="rpc.statd"
scontext=system_u:system_r:rpcd_t
tcontext=system_u:object_r:unlabeled_t
tclass=association
audit(1143912938.447:3): avc:  denied  { sendto } for 
pid=1620 comm="rpc.statd"
scontext=system_u:system_r:rpcd_t
tcontext=system_u:object_r:unlabeled_t
tclass=association
audit(1143912938.463:4): avc:  denied  { sendto } for 
pid=1620 comm="rpc.statd"
scontext=system_u:system_r:rpcd_t
tcontext=system_u:object_r:unlabeled_t
tclass=association


Also on another machine
I installed kernel-2.6.16.1 to an FC3 machine with
selinux disabled and I tried to reenable it since this
kernel comes with selinux in its options and i
compiled it in.  Yet when I rebooted it gave me a
kernel panic that no policy was in place.  How should
I define such a policy?  Is there a tarball somewhere
that I can get, or suggestions since FC3 is in legacy
already?

Regards,

Antonio

--------------------------------------------------

I have just set Selinux to permissive mode and I have
just submitted those new avc's.  I just need a little
bit of help cause I just do not want to give up on
SELinux. I want to set it back to enforce but I need
to take care of those issues and learn how to tackle
them.

Thanks for helping,

Antonio




__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 




More information about the fedora-selinux-list mailing list