loadkey avc denied

Daniel J Walsh dwalsh at redhat.com
Thu Apr 10 20:00:13 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Laurent Jacquot wrote:
> Hello,
> Every time I reboot, I have those 9 AVCs in /var/log/messages:
> 
> Apr  3 19:18:35 jack kernel: audit(1207243095.907:4): avc:  denied
> { sys_admin } for  pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr  3 19:18:35 jack kernel: audit(1207243095.907:5): avc:  denied
> { sys_admin } for  pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr  3 19:18:35 jack kernel: audit(1207243095.907:6): avc:  denied
> { sys_admin } for  pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr  3 19:18:35 jack kernel: audit(1207243095.907:7): avc:  denied
> { sys_admin } for  pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr  3 19:18:35 jack kernel: audit(1207243095.907:8): avc:  denied
> { sys_admin } for  pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr  3 19:18:35 jack kernel: audit(1207243095.907:9): avc:  denied
> { sys_admin } for  pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr  3 19:18:35 jack kernel: audit(1207243095.907:10): avc:  denied
> { sys_admin } for  pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr  3 19:18:35 jack kernel: audit(1207243095.907:11): avc:  denied
> { sys_admin } for  pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr  3 19:18:35 jack kernel: audit(1207243095.907:12): avc:  denied
> { sys_admin } for  pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> 
> They are generated before audit runs.
> What are they trying to tell me? Should I relabel something or bug it?
> 
> TIA
> 	Laurent
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This is saying loadkeys is requesting a sys_admin capability.  I have no
idea why, and have never seen it before.

You can add this rule by executing

# dmesg | audit2allow -M myloadkeys
# semodule -i myloadkeys.pp

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEUEARECAAYFAkf+ccwACgkQrlYvE4MpobNDYQCY0lGhLJux23bezHvmnWC9MUCJ
rwCg2H8EwY0V31A35UBXm++kumHRu4Y=
=/js5
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list