denied avc's on rawhide: part 2
Daniel J Walsh
dwalsh at redhat.com
Fri Jan 23 20:22:19 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Dear list,
>
> I get the following avc's on rawhide. I had 7 days without internet connection, updated and now I get the following ones. Setroubleshoot does not kick in :(
>
> output done by dmesg:
>
> type=1400 audit(1232555999.381:4): avc: denied { write } for pid=1590 comm="ip6tables-resto" path="/0" dev=devpts ino=3 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
>
>
> type=1400 audit(1232556094.962:5): avc: denied { create } for pid=2654 comm="kde4-config" name=".kde" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
> type=1400 audit(1232556101.971:6): avc: denied { search } for pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.972:7): avc: denied { search } for pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.972:8): avc: denied { search } for pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.973:9): avc: denied { search } for pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.974:10): avc: denied { search } for pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.975:11): avc: denied { search } for pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.975:12): avc: denied { search } for pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.976:13): avc: denied { search } for pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.977:14): avc: denied { search } for pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.977:15): avc: denied { search } for pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> __ratelimit: 234 callbacks suppressed
> type=1400 audit(1232556109.359:94): avc: denied { search } for pid=2724 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556109.359:95): avc: denied { search } for pid=2724 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> fuse init (API version 7.11)
>
> Regards,
>
> Antonio
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
The first two are fixed and the third one seems to be a kde bug. kde
tools are trying to create files in / as if it were a home directory.
This is probably not what they intended.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkl6JvsACgkQrlYvE4MpobNTBgCeNqaO7NfHkqMzEUEegkFXcJrR
p+8AoLko5Mm+HsEsni7iM8Wil4RW0ape
=OAuf
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list