Some AVC denials to consider:

[Dominick Grift]

On 08/04/2009 02:40 PM, Dominick Grift wrote:
> On 08/04/2009 02:37 PM, Miroslav Grepl wrote:
>> On 08/04/2009 02:30 PM, Dominick Grift wrote:
>>> dev_rw_generic_files(NetworkManager_t)
>>>
>>> allow consoletype_t device_t:file { read getattr ioctl };
>>>
>>> xserver_rw_xdm_home_files(staff_dbusd_t)
>>>
>>> allow staff_t staff_screen_t:process sigchld;
>>> allow staff_t print_spool_t:dir getattr;
>>> allow staff_t screen_var_run_t:fifo_file read;
>>> dev_rw_dri(staff_t)
>>>
>>> allow ifconfig_t device_t:file read;
>>>
>>> allow mount_t dgrift_t:unix_stream_socket { read write };
>>>
>>> allow nscd_t device_t:file read;
>>>
>>> allow ifconfig_t device_t:file read;
>>>
>>> allow mount_t dgrift_t:unix_stream_socket { read write };
>>>
>>> allow nscd_t device_t:file read;
>>>
>>> term_use_console(portreserve_t)
>>>
>>> allow readahead_t proc_kcore_t:file getattr;
>>> allow readahead_ self:capability net_admin;
>>>
>>> allow rpcbind_t self:udp_socket listen;
>>>
>>> allow xdm_dbusd_t xdm_var_lib_t:dir search;
>>>
>>> dev_rw_generic_files(auditctl_t)
>>>
>>> allow readahead_t self:capability net_admin;
>>> fs_rw_tmpfs_chr_files(readahead_t)
>>>
>>> fprintd_dbus_chat(staff_sudo_t)
>>>
>>> fprintd_dbus_chat(staff_t)
>>>
>>> fprintd_dbus_chat(fprintd_t)
Looks like fprintd_dbus_chat(fprintd_t) is a bad translation by 
audit2allow -R
>>> -- 
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>> What version of selinux-policy ?
>>
>> Regards,
>> Miroslav
> selinux-policy-targeted-3.6.12-69.fc11.noarch
> selinux-policy-3.6.12-69.fc11.noarch
>
> on a clean fedora 11 installation (note: semodule -DB could have been 
> enabled/ not in permissive mode)

If you want to see any specific raw AVC denials let me know