Many selinux complaints about ps after video card failure caused nouveou to fill /var
Edward Kuns
ekuns at kilroy.chi.il.us
Sat Aug 1 04:16:19 UTC 2009
I don't know if selinux was misbehaving or was just doing the best it
could on a crippled system. Apparently, my video card failed this
morning, causing nouveou to write 3.5 Gig of logs to /var/log/messages
in a matter of minutes -- the same text over and over and over. This
filled /var. I came upon the computer many hours later. The hard drive
light was flickering, so the computer was busy, but the computer was
basically crashed. Unreachable from the keyboard, unreachable from the
network.
To make a long story short, after I replaced the video card and moved an
enormous /var/log/messages to another partition for later review, then
rebooted, everything came up fine. And the tail end of the logs (when I
started cleaning things up) is full of selinux denials, almost all to
ps. I look at setroubleshoot and it has 50/50 complaints, almost all
about ps running in the context mysqld_safe_t, complaints such as:
SELinux is preventing ps (mysqld_safe_t) "getattr" hald_t.
SELinux is preventing ps (mysqld_safe_t) "getattr" initrc_t.
SELinux is preventing ps (mysqld_safe_t) "getattr" crond_t.
Is it worth my sending the full details for these AVCs to this list, or
is this an expected or understood misbehavior during /var-full
situations? (Or some 3rd option)
Thanks
Eddie
More information about the fedora-selinux-list
mailing list