mknod still not working after suggested fix

Antonio Olivares olivares14031 at yahoo.com
Tue Jun 5 22:23:47 UTC 2007 


----- Original Message ----
From: Daniel J Walsh <dwalsh at redhat.com>
To: Antonio Olivares <olivares14031 at yahoo.com>
Cc: fedora-selinux-list at redhat.com
Sent: Tuesday, June 5, 2007 8:22:32 AM
Subject: Re: mknod still not working after suggested fix

Antonio Olivares wrote:
> selinux is still not allowing mknod to do its job.  
>
> I have to manually create the device node every boot 
>
> [root at localhost ~]# mknod -m 600 /dev/slamr0 c 242 0
> [1]+  Done                    gedit /boot/grub/grub.conf
> [root at localhost ~]# modprobe ungrab-winmodem
> [root at localhost ~]# modprobe slamr
> [root at localhost ~]# slmodemd -c USA /dev/slamr0 &
> [1] 2709
> [root at localhost ~]# SmartLink Soft Modem: version 2.9.11 Jun  4 2007 00:14:21
> symbolic link `/dev/ttySL0' -> `/dev/pts/1' created.
> modem `slamr0' created. TTY is `/dev/pts/1'
> Use `/dev/ttySL0' as modem device, Ctrl+C for termination.
>
>
>
> audit(1181023411.825:4): avc:  denied  { mknod } for  pid=673 comm="mknod" capability=27 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability
>
>
> [root at localhost ~]# grep insmod /var/log/audit/audit.log | audit2allow -M myinsmod
> ******************** IMPORTANT ***********************
> To make this policy package active, execute:
>
> semodule -i myinsmod.pp
>
> [root at localhost ~]# semodule -i myinsmod.pp
>
> What should I try now?  
>
> Regards,
>
> Antonio
>
>
>   
Are you seeing other avc messages?  Please attach the myinsmod.te and 
your audit.log
>
>        
> ____________________________________________________________________________________
> Get the Yahoo! toolbar and be alerted to new email wherever you're surfing.
> http://new.toolbar.yahoo.com/toolbar/features/mail/index.php
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>   

[root at localhost ~]# cat myinsmod.te 

module myinsmod 1.0;

require {
        type insmod_t;
        type device_t;
        class dir write;
}

#============= insmod_t ==============
allow insmod_t device_t:dir write;
[root at localhost ~]# 

Attachment was neglected by yahoo mail, sent it to text file and attached as auditlog.txt

[root at localhost audit]# cat audit.log | more
type=DAEMON_START msg=audit(1180930151.012:6690) auditd start, ver=1.5.3, format
=raw, auid=4294967295 pid=1558 res=success, auditd pid=1558
type=CONFIG_CHANGE msg=audit(1180930150.723:15): audit_enabled=1 old=0 by auid=4
294967295 subj=system_u:system_r:auditd_t:s0 res=1
type=CONFIG_CHANGE msg=audit(1180930150.723:16): audit_enabled=1 old=0 by auid=4
294967295 res=1
type=CONFIG_CHANGE msg=audit(1180930150.723:17): audit_backlog_limit=320 old=64 
by auid=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1
type=CONFIG_CHANGE msg=audit(1180930150.723:18): audit_backlog_limit=320 old=64 
by auid=4294967295 res=1
type=USER_AUTH msg=audit(1180930198.716:19): user pid=2385 uid=0 auid=4294967295
 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: authentication ac
ct=? : exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=failed)'
type=USER_LOGIN msg=audit(1180930199.216:20): user pid=2385 uid=0 auid=429496729
5 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='acct=olivares: exe="/
bin/login" (hostname=?, addr=?, terminal=tty1 res=failed)'
type=USER_AUTH msg=audit(1180930208.714:21): user pid=2385 uid=0 auid=4294967295
 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: authentication ac
ct=root : exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)'
type=USER_ACCT msg=audit(1180930208.714:22): user pid=2385 uid=0 auid=4294967295
 subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 msg='PAM: accounting acct=r
oot : exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)'
type=LOGIN msg=audit(1180930209.214:23): login pid=2385 uid=0 old auid=429496729
....


Thank you very much for your patience and your kindness with this issue. ,

Antonio 







 
____________________________________________________________________________________
We won't tell. Get more on shows you hate to love 
(and love to hate): Yahoo! TV's Guilty Pleasures list.
http://tv.yahoo.com/collections/265 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: auditlog.txt
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20070605/67d1f65a/attachment.txt>

More information about the fedora-selinux-list mailing list