loadkey avc denied

Laurent Jacquot jk at lutty.net
Thu Apr 10 17:58:32 UTC 2008 

Hello,
Every time I reboot, I have those 9 AVCs in /var/log/messages:

Apr  3 19:18:35 jack kernel: audit(1207243095.907:4): avc:  denied
{ sys_admin } for  pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr  3 19:18:35 jack kernel: audit(1207243095.907:5): avc:  denied
{ sys_admin } for  pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr  3 19:18:35 jack kernel: audit(1207243095.907:6): avc:  denied
{ sys_admin } for  pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr  3 19:18:35 jack kernel: audit(1207243095.907:7): avc:  denied
{ sys_admin } for  pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr  3 19:18:35 jack kernel: audit(1207243095.907:8): avc:  denied
{ sys_admin } for  pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr  3 19:18:35 jack kernel: audit(1207243095.907:9): avc:  denied
{ sys_admin } for  pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr  3 19:18:35 jack kernel: audit(1207243095.907:10): avc:  denied
{ sys_admin } for  pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr  3 19:18:35 jack kernel: audit(1207243095.907:11): avc:  denied
{ sys_admin } for  pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr  3 19:18:35 jack kernel: audit(1207243095.907:12): avc:  denied
{ sys_admin } for  pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability

They are generated before audit runs.
What are they trying to tell me? Should I relabel something or bug it?

TIA
	Laurent

More information about the fedora-selinux-list mailing list