Odd SELinux denials
Daniel J Walsh
dwalsh at redhat.com
Tue May 29 17:03:01 UTC 2007
Anders Karlsson wrote:
> Hi there,
>
> I updated my system on the 26th, and after an involuntary restart this
> evening, if I have SELinux enabled, xend will not start. The errors in the
> logs are the following.
>
> audit(1180381236.512:338): avc: denied { execute } for pid=7781
> comm="python" name="bash" dev=dm-0 ino=1376288
> scontext=user_u:system_r:xend_t:s0 tcontext=system_u:object_r:shell_exec_t:s0
> tclass=file
> audit(1180381236.664:339): avc: denied { execute } for pid=7793
> comm="python" name="bash" dev=dm-0 ino=1376288
> scontext=user_u:system_r:xend_t:s0 tcontext=system_u:object_r:shell_exec_t:s0
> tclass=file
> audit(1180381237.276:340): avc: denied { execute } for pid=7797
> comm="python" name="bash" dev=dm-0 ino=1376288
> scontext=user_u:system_r:xend_t:s0 tcontext=system_u:object_r:shell_exec_t:s0
> tclass=file
>
> I have run a "restorecon -R /" to attempt to correct this, but it makes no
> difference.
>
> The installed SELinux packages are:
> libselinux.x86_64 1.33.4-2.fc6 installed
> libselinux.i386 1.33.4-2.fc6 installed
> libselinux-python.x86_64 1.33.4-2.fc6 installed
> selinux-policy.noarch 2.4.6-69.fc6 installed
> selinux-policy-targeted.noarch 2.4.6-69.fc6 installed
>
> I have re-installed these, just in case, and rerun restorecon. Enabling
> SELinux still gives the same errors.
>
> I am no expert on SELinux (and I failed the RHS333 exam :-/ ) and I am a bit
> stumped on this one. Does anyone have an idea what is wrong and what I can
> try to resolve this?
>
>
I will update policy to allow this
2.4.6-74.fc6
, For now to make it work you by creating a local policy customization.
# grep xend /var/log/audit/audit.log | audit2allow -M myxen
# semodule -i myxen.pp
> Thanks!
>
> /Anders
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the fedora-selinux-list
mailing list