denied avc's on rawhide: part 2

Daniel J Walsh dwalsh at redhat.com
Fri Jan 23 20:22:19 UTC 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> Dear list, 
> 
> I get the following avc's on rawhide.  I had 7 days without internet connection, updated and now I get the following ones.  Setroubleshoot does not kick in :(
> 
> output done by dmesg:
> 
> type=1400 audit(1232555999.381:4): avc:  denied  { write } for  pid=1590 comm="ip6tables-resto" path="/0" dev=devpts ino=3 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> 
> 
> type=1400 audit(1232556094.962:5): avc:  denied  { create } for  pid=2654 comm="kde4-config" name=".kde" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:root_t:s0 tclass=dir
> type=1400 audit(1232556101.971:6): avc:  denied  { search } for  pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.972:7): avc:  denied  { search } for  pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.972:8): avc:  denied  { search } for  pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.973:9): avc:  denied  { search } for  pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.974:10): avc:  denied  { search } for  pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.975:11): avc:  denied  { search } for  pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.975:12): avc:  denied  { search } for  pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.976:13): avc:  denied  { search } for  pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.977:14): avc:  denied  { search } for  pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556101.977:15): avc:  denied  { search } for  pid=2694 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> __ratelimit: 234 callbacks suppressed
> type=1400 audit(1232556109.359:94): avc:  denied  { search } for  pid=2724 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> type=1400 audit(1232556109.359:95): avc:  denied  { search } for  pid=2724 comm="hal-acl-tool" name="PolicyKit-public" dev=dm-0 ino=3407878 scontext=system_u:system_r:hald_acl_t:s0 tcontext=system_u:object_r:polkit_var_lib_t:s0 tclass=dir
> fuse init (API version 7.11)
> 
> Regards,
> 
> Antonio 
> 
> 
>       
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
The first two are fixed and the third one seems to be a kde bug.  kde
tools are trying to create files in / as if it were a home directory.
This is probably not what they intended.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkl6JvsACgkQrlYvE4MpobNTBgCeNqaO7NfHkqMzEUEegkFXcJrR
p+8AoLko5Mm+HsEsni7iM8Wil4RW0ape
=OAuf
-----END PGP SIGNATURE-----




More information about the fedora-selinux-list mailing list