more on readahead/hal

Tom London selinux at gmail.com
Tue Jan 10 15:59:12 UTC 2006


Today's rawhide, targeted/enforcing.

[Reporting this since build log indicated fixes for hal/readahead. 
Sorry if I am jumping the gun....]

hal issues:
----
type=PATH msg=audit(01/10/2006 07:18:22.011:13) : item=0
name=/media/disk/.created-by-hal flags=follow inode=2289300 dev=fd:00
mode=file,644 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:22.011:13) :  cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:22.011:13) : 
path=/media/disk/.created-by-hal
type=SYSCALL msg=audit(01/10/2006 07:18:22.011:13) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=870f008
a1=bf9ee1b8 a2=25cff4 a3=870f5a8 items=1 pid=2512
auid=unknown(4294967295) uid=root gid=root euid=root suid=root
fsuid=root egid=root sgid=root fsgid=root comm=hal-system-stor
exe=/bin/bash
type=AVC msg=audit(01/10/2006 07:18:22.011:13) : avc:  denied  {
getattr } for pid=2512 comm=hal-system-stor name=.created-by-hal
dev=dm-0 ino=2289300 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/10/2006 07:18:22.027:14) : item=0
name=/media/disk-1/.created-by-hal flags=follow inode=2289302
dev=fd:00 mode=file,644 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:22.027:14) :  cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:22.027:14) : 
path=/media/disk-1/.created-by-hal
type=SYSCALL msg=audit(01/10/2006 07:18:22.027:14) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=870f588
a1=bf9ee1b8 a2=25cff4 a3=870f008 items=1 pid=2512
auid=unknown(4294967295) uid=root gid=root euid=root suid=root
fsuid=root egid=root sgid=root fsgid=root comm=hal-system-stor
exe=/bin/bash
type=AVC msg=audit(01/10/2006 07:18:22.027:14) : avc:  denied  {
getattr } for pid=2512 comm=hal-system-stor name=.created-by-hal
dev=dm-0 ino=2289302 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/10/2006 07:18:22.059:15) : item=0
name=/media/disk-2/.created-by-hal flags=follow inode=2289314
dev=fd:00 mode=file,644 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:22.059:15) :  cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:22.059:15) : 
path=/media/disk-2/.created-by-hal
type=SYSCALL msg=audit(01/10/2006 07:18:22.059:15) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=870f688
a1=bf9ee1b8 a2=25cff4 a3=870f008 items=1 pid=2512
auid=unknown(4294967295) uid=root gid=root euid=root suid=root
fsuid=root egid=root sgid=root fsgid=root comm=hal-system-stor
exe=/bin/bash
type=AVC msg=audit(01/10/2006 07:18:22.059:15) : avc:  denied  {
getattr } for pid=2512 comm=hal-system-stor name=.created-by-hal
dev=dm-0 ino=2289314 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/10/2006 07:18:24.972:16) : item=0 name=/boot
flags=follow inode=2 dev=03:02 mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:24.972:16) :  cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:24.972:16) :  path=/boot
type=SYSCALL msg=audit(01/10/2006 07:18:24.972:16) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff484ce
a1=bff4844c a2=258ff4 a3=303 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:18:24.972:16) : avc:  denied  {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
type=PATH msg=audit(01/10/2006 07:18:25.076:17) : item=0 name=/boot
flags=follow inode=2 dev=03:02 mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:25.076:17) :  cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:25.076:17) :  path=/boot
type=SYSCALL msg=audit(01/10/2006 07:18:25.076:17) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff484ce
a1=bff4844c a2=258ff4 a3=302 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:18:25.076:17) : avc:  denied  {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
type=PATH msg=audit(01/10/2006 07:18:25.228:18) : item=0 name=/boot
flags=follow inode=2 dev=03:02 mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:25.228:18) :  cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:25.228:18) :  path=/boot
type=SYSCALL msg=audit(01/10/2006 07:18:25.228:18) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff484ce
a1=bff4844c a2=258ff4 a3=301 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:18:25.228:18) : avc:  denied  {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
type=PATH msg=audit(01/10/2006 07:18:31.368:20) : item=0 name=/boot
flags=follow inode=2 dev=03:02 mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/10/2006 07:18:31.368:20) :  cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:18:31.368:20) :  path=/boot
type=SYSCALL msg=audit(01/10/2006 07:18:31.368:20) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff4864e
a1=bff485cc a2=258ff4 a3=301 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:18:31.368:20) : avc:  denied  {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
type=PATH msg=audit(01/10/2006 07:19:16.279:31) : item=0
name=/media/disk-3/.created-by-hal flags=parent,open,create
inode=2289282 dev=fd:00 mode=dir,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:19:16.279:31) :  cwd=/
type=SYSCALL msg=audit(01/10/2006 07:19:16.279:31) : arch=i386
syscall=open success=no exit=-13(Permission denied) a0=bfc0b888
a1=8941 a2=1b6 a3=8941 items=1 pid=2837 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=touch exe=/bin/touch
type=AVC msg=audit(01/10/2006 07:19:16.279:31) : avc:  denied  {
create } for  pid=2837 comm=touch name=.created-by-hal
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/10/2006 07:19:22.523:32) : item=0
name=/media/disk-3/.created-by-hal flags=parent,open,create
inode=2289282 dev=fd:00 mode=dir,755 ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:19:22.523:32) :  cwd=/
type=SYSCALL msg=audit(01/10/2006 07:19:22.523:32) : arch=i386
syscall=open success=no exit=-13(Permission denied) a0=bfdad851
a1=8941 a2=1b6 a3=8941 items=1 pid=2850 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=touch exe=/bin/touch
type=AVC msg=audit(01/10/2006 07:19:22.523:32) : avc:  denied  {
create } for  pid=2850 comm=touch name=.created-by-hal
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=file
----
type=PATH msg=audit(01/10/2006 07:19:22.531:33) : item=0 name=/boot
flags=follow inode=2 dev=03:02 mode=dir,755 ouid=root ogid=root
rdev=00:00
type=CWD msg=audit(01/10/2006 07:19:22.531:33) :  cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:19:22.531:33) :  path=/boot
type=SYSCALL msg=audit(01/10/2006 07:19:22.531:33) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff4864e
a1=bff485cc a2=258ff4 a3=301 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:19:22.531:33) : avc:  denied  {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----
type=PATH msg=audit(01/10/2006 07:19:22.531:34) : item=0
name=/media/disk-3 flags=follow inode=2 dev=03:02 mode=dir,755
ouid=root ogid=root rdev=00:00
type=CWD msg=audit(01/10/2006 07:19:22.531:34) :  cwd=/
type=AVC_PATH msg=audit(01/10/2006 07:19:22.531:34) :  path=/media/disk-3
type=SYSCALL msg=audit(01/10/2006 07:19:22.531:34) : arch=i386
syscall=stat64 success=no exit=-13(Permission denied) a0=bff4864e
a1=bff485cc a2=258ff4 a3=301 items=1 pid=2507 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root comm=hald exe=/usr/sbin/hald
type=AVC msg=audit(01/10/2006 07:19:22.531:34) : avc:  denied  {
getattr } for pid=2507 comm=hald name=/ dev=hda2 ino=2
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:boot_t:s0 tclass=dir
----

Still have problems with readahead.  From /var/log/messages:
Jan 10 07:18:01 localhost kernel: audit(1136906246.537:4): avc: 
denied  { search } for  pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir
Jan 10 07:18:01 localhost kernel: audit(1136906246.537:5): avc: 
denied  { search } for  pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir
Jan 10 07:18:01 localhost kernel: audit(1136906246.537:6): avc: 
denied  { search } for  pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir
Jan 10 07:18:01 localhost kernel: audit(1136906254.213:7): avc: 
denied  { search } for  pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir
Jan 10 07:18:01 localhost kernel: audit(1136906254.213:8): avc: 
denied  { search } for  pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir
Jan 10 07:18:01 localhost kernel: audit(1136906254.213:9): avc: 
denied  { search } for  pid=1570 comm="readahead" name="/" dev=ramfs
ino=4195 scontext=system_u:system_r:readahead_t:s0
tcontext=system_u:object_r:ramfs_t:s0 tclass=dir

--
Tom London




More information about the fedora-selinux-list mailing list