sysfs AVC from today's Rawhide...

Tom London selinux at gmail.com
Tue Mar 13 14:28:05 UTC 2007 

On 3/13/07, Tom London <selinux at gmail.com> wrote:
> targeted/enforcing. Seems to occur during gnome login....
>
> type=AVC msg=audit(1173794972.786:18): avc:  denied  { write } for
> pid=3358 comm="modprobe" name="config" dev=sysfs ino=8517
> scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:sysfs_t:s0 tclass=file
> type=SYSCALL msg=audit(1173794972.786:18): arch=40000003 syscall=11
> success=yes exit=0 a0=bfabe678 a1=bfabd638 a2=bfabf020 a3=400 items=0
> ppid=3335 pid=3358 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> egid=0 sgid=0 fsgid=0 tty=tty7 comm="modprobe" exe="/sbin/modprobe"
> subj=system_u:system_r:insmod_t:s0-s0:c0.c1023 key=(null)
> type=AVC_PATH msg=audit(1173794972.786:18):
> path="/sys/devices/pci0000:00/0000:00:02.0/config"
>
>
Sorry for filing this here, not sure which component this would go against....:

Here are some more from /var/log/messages:

Mar 13 07:09:11 localhost kernel: audit(1173794898.399:2): enforcing=1
old_enforcing=0 auid=4294967295
Mar 13 07:09:11 localhost kernel: audit(1173794898.899:3): policy
loaded auid=4294967295
Mar 13 07:09:11 localhost kernel: audit(1173794903.294:4): avc:
denied  { getattr } for  pid=477 comm="start_udev" name="pts"
dev=tmpfs ino=1054 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:devpts_t:s0 tclass=dir
Mar 13 07:09:11 localhost kernel: sd 0:0:0:0: Attached scsi generic sg0 type 0
<<<<<SNIP>>>>>
Mar 13 07:09:11 localhost kernel: usbcore: registered new interface
driver hci_usb
Mar 13 07:09:11 localhost kernel: ipw3945: Detected Intel PRO/Wireless
3945ABG Network Connection
Mar 13 07:09:11 localhost kernel: audit(1173794909.293:5): avc:
denied  { setattr } for  pid=1522 comm="chown" name="cmd" dev=sysfs
ino=7725 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Mar 13 07:09:11 localhost kernel: audit(1173794909.293:6): avc:
denied  { setattr } for  pid=1523 comm="chmod" name="cmd" dev=sysfs
ino=7725 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=system_u:object_r:sysfs_t:s0 tclass=file
Mar 13 07:09:11 localhost kernel: audit(1173794909.293:7): avc:
denied  { read } for  pid=1524 comm="ipw3945d" name="ipw3945d.pid"
dev=dm-0 ino=66333 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
Mar 13 07:09:11 localhost kernel: floppy0: no floppy controllers found


-- 
Tom London

More information about the fedora-selinux-list mailing list