denied avc's on rawhide

Antonio Olivares olivares14031 at yahoo.com
Tue Dec 9 00:44:15 UTC 2008


Dear fellow testers and selinux experts,

After updating to latest updates, I get several selinux denials, but setroubleshoot does not display, them.   I get to see them when the system starts and that is it :(

[olivares at localhost ~]$ rpm -qa selinux*                                        
[olivares at localhost ~]$ rpm -qa selinux
[olivares at localhost ~]$ rpm -qa selinux-policy*
selinux-policy-3.6.1-6.fc11.noarch             
selinux-policy-targeted-3.6.1-6.fc11.noarch    
[olivares at localhost ~]$ dmesg | grep 'avc'
type=1400 audit(1228782900.945:4): avc:  denied  { sys_tty_config } for  pid=709 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability                     
type=1400 audit(1228782901.610:5): avc:  denied  { sys_tty_config } for  pid=716 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability                     
type=1400 audit(1228782924.617:6): avc:  denied  { sys_tty_config } for  pid=1471 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability                    
type=1400 audit(1228782926.009:7): avc:  denied  { write } for  pid=1497 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file                      
type=1400 audit(1228782928.136:8): avc:  denied  { sys_tty_config } for  pid=1672 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
type=1400 audit(1228782964.027:9): avc:  denied  { sys_tty_config } for  pid=1688 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
type=1400 audit(1228782991.682:10): avc:  denied  { search } for  pid=2415 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
type=1400 audit(1228782992.039:11): avc:  denied  { search } for  pid=2445 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
type=1400 audit(1228782993.853:12): avc:  denied  { search } for  pid=2482 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
type=1400 audit(1228782995.570:13): avc:  denied  { search } for  pid=2574 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
type=1400 audit(1228783019.890:14): avc:  denied  { search } for  pid=2845 comm="polkit-read-aut" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir
[olivares at localhost ~]$


Regards,

Antonio 


      




More information about the fedora-selinux-list mailing list