[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux does not like crontab :(, default_t, kde



On 03/27/2009 05:59 PM, Antonio Olivares wrote:
Update to

selinux-policy-3.6.10-2.fc11

Not available :(

[root riohigh ~]# yum update
adobe-linux-i386                                         |  951 B     00:00
adobe-linux-i386/primary                                 |  10 kB     00:00
adobe-linux-i386                                                          17/17
rawhide/metalink                                         | 7.1 kB     00:00
rawhide                                                  | 3.4 kB     00:00
rawhide/primary_db                                       | 8.0 MB     00:24
Setting up Update Process
No Packages marked for Update


Selinux is going crazy, the setroubleshooter hogs the CPU with a great deal of denials even in permissive mode.  I hope I wake up next Monday and the problem goes away, hopefully with the release of Fedora 11 Beta :)

nsplugin, pulseaudio and others are also causing lots of trouble, problem is I tried to write a bug report but was unable to, setroubleshoot deamon died and I could not copy paste it :(

[olivares riohigh ~]$ dmesg | grep 'avc'
type=1400 audit(1238189886.196:3): avc:  denied  { search } for  pid=1553 comm="ifconfig" name="selinux" dev=sda5 ino=25722 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
type=1400 audit(1238189886.196:4): avc:  denied  { read } for  pid=1553 comm="ifconfig" name="config" dev=sda5 ino=97197 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
type=1400 audit(1238189886.196:5): avc:  denied  { open } for  pid=1553 comm="ifconfig" name="config" dev=sda5 ino=97197 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
type=1400 audit(1238189886.196:6): avc:  denied  { getattr } for  pid=1553 comm="ifconfig" path="/etc/selinux/config" dev=sda5 ino=97197 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
type=1400 audit(1238189886.197:7): avc:  denied  { getattr } for  pid=1553 comm="ifconfig" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
type=1400 audit(1238189886.197:8): avc:  denied  { search } for  pid=1553 comm="ifconfig" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=dir
type=1400 audit(1238189886.197:9): avc:  denied  { getattr } for  pid=1553 comm="ifconfig" path="/selinux/class" dev=selinuxfs ino=26 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=dir
type=1400 audit(1238189886.197:10): avc:  denied  { read } for  pid=1553 comm="ifconfig" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file
type=1400 audit(1238189886.198:11): avc:  denied  { open } for  pid=1553 comm="ifconfig" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file
type=1400 audit(1238189892.172:12): avc:  denied  { rlimitinh } for  pid=1815 comm="modprobe" scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:insmod_t:s0 tclass=process
type=1400 audit(1238189892.172:13): avc:  denied  { siginh } for  pid=1815 comm="modprobe" scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:insmod_t:s0 tclass=process
type=1400 audit(1238189892.172:14): avc:  denied  { noatsecure } for  pid=1815 comm="modprobe" scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:insmod_t:s0 tclass=process


Here are some anyway even with enforcing=0(permissive mode) :(

Regards,


Antonio




--
fedora-selinux-list mailing list
fedora-selinux-list redhat com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This sounds like you have a mislabeled system. Rawhide has opened today. see if the update fixes your problems, otherwise try a relabel.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]