many avcs at startup, readahead and several others

[Antonio Olivares]

> >> Which avc's still appear?
> >
> >
> > After applying today's updates,
> >
> > [olivares at localhost ~]$ dmesg | grep 'avc'
> > type=1400 audit(1220475941.234:4): avc:  denied  {
> read write } for  pid=613 comm="readahead"
> path="/dev/console" dev=tmpfs ino=410
> scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
> > type=1400 audit(1220475941.235:5): avc:  denied  {
> read write } for  pid=613 comm="readahead"
> path="/dev/console" dev=tmpfs ino=410
> scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
> > type=1400 audit(1220475941.235:6): avc:  denied  {
> read write } for  pid=613 comm="readahead"
> path="/dev/console" dev=tmpfs ino=410
> scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
> > type=1400 audit(1220475942.150:7): avc:  denied  {
> fowner } for  pid=613 comm="readahead"
> capability=3 scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> > type=1400 audit(1220475942.150:8): avc:  denied  {
> fowner } for  pid=613 comm="readahead"
> capability=3 scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> > type=1400 audit(1220475942.155:9): avc:  denied  {
> fowner } for  pid=613 comm="readahead"
> capability=3 scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> > type=1400 audit(1220475942.651:10): avc:  denied  {
> fowner } for  pid=613 comm="readahead"
> capability=3 scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> > type=1400 audit(1220475968.477:11): avc:  denied  {
> write } for  pid=1475 comm="ip6tables-resto"
> path="/0" dev=devpts ino=2
> scontext=system_u:system_r:iptables_t:s0
> tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> > type=1400 audit(1220475969.949:12): avc:  denied  {
> write } for  pid=1697 comm="ip"
> path="/0" dev=devpts ino=2
> scontext=system_u:system_r:ifconfig_t:s0
> tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> > type=1400 audit(1220476005.919:13): avc:  denied  {
> search } for  pid=1958 comm="pcscd"
> name="dbus" dev=dm-0 ino=3276848
> scontext=system_u:system_r:pcscd_t:s0
> tcontext=system_u:object_r:system_dbusd_var_run_t:s0
> tclass=dir
> > type=1400 audit(1220476026.870:14): avc:  denied  {
> search } for  pid=2368 comm="python"
> name="hp" dev=dm-0 ino=28345940
> scontext=system_u:system_r:cupsd_config_t:s0
> tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir
> > type=1400 audit(1220476026.972:15): avc:  denied  {
> execute } for  pid=2417 comm="gdm"
> name="rpm" dev=dm-0 ino=24117291
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
> > type=1400 audit(1220476026.973:16): avc:  denied  {
> getattr } for  pid=2417 comm="gdm"
> path="/bin/rpm" dev=dm-0 ino=24117291
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
> > type=1400 audit(1220476026.973:17): avc:  denied  {
> getattr } for  pid=2417 comm="gdm"
> path="/bin/rpm" dev=dm-0 ino=24117291
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
> > type=1400 audit(1220476028.580:18): avc:  denied  {
> search } for  pid=2449 comm="python"
> name="hp" dev=dm-0 ino=28345940
> scontext=system_u:system_r:cupsd_config_t:s0
> tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir
> > [olivares at localhost ~]$
> > [olivares at localhost ~]$ uname -a
> > Linux localhost 2.6.27-0.297.rc5.git2.fc10.i686 #1 SMP
> Tue Sep 2 11:19:36 EDT 2008 i686 athlon i386 GNU/Linux
> >
> >
> >
> OK, so running "restorecon" on your home
> directory got rid of the
> pulse related AVCs.
> 
> Are you booting/running in enforcing or permissive mode?
enforcing :)
> 
> tom
> -- 
> Tom London

Thanks,

Antonio