nfs avc messages with kernel-2.6.16-1.2069_FC4

Stephen Smalley sds at tycho.nsa.gov
Mon Apr 3 13:14:33 UTC 2006


On Mon, 2006-04-03 at 09:02 -0400, Stephen Smalley wrote:
> On Sat, 2006-04-01 at 00:51 -0800, Antonio Olivares wrote:
> > Dear all, 
> >   I decided to install latest FC4 kernel
> > 2.6.16-1.2069_FC4 or so. Upon booting I can no longer
> > surf the internet.  I get some avc denied messages
> > from dmesg.  How can I fix this issue?
> > 
> > I do not want to disable selinux.
> 
> Can you post the avc messages (or just the first few if there are many
> repeats)?  You can use audit2allow to temporarily generate allow rules
> for the denials until a policy update is issued, although it isn't
> always what you want to do.  See the EXAMPLE section of the audit2allow
> man page.

Sorry - I see that you did in fact attach them.  The denials in this
case were due to new IPSEC-related SELinux controls that went into
2.6.16, introduced by IBM, so you did need an updated policy, as you
discovered.

-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list