selinux does not like crontab :(, default_t, kde
Daniel J Walsh
dwalsh at redhat.com
Mon Mar 30 13:42:22 UTC 2009
On 03/27/2009 05:59 PM, Antonio Olivares wrote:
>> Update to
>>
>> selinux-policy-3.6.10-2.fc11
>
> Not available :(
>
> [root at riohigh ~]# yum update
> adobe-linux-i386 | 951 B 00:00
> adobe-linux-i386/primary | 10 kB 00:00
> adobe-linux-i386 17/17
> rawhide/metalink | 7.1 kB 00:00
> rawhide | 3.4 kB 00:00
> rawhide/primary_db | 8.0 MB 00:24
> Setting up Update Process
> No Packages marked for Update
>
>
> Selinux is going crazy, the setroubleshooter hogs the CPU with a great deal of denials even in permissive mode. I hope I wake up next Monday and the problem goes away, hopefully with the release of Fedora 11 Beta :)
>
> nsplugin, pulseaudio and others are also causing lots of trouble, problem is I tried to write a bug report but was unable to, setroubleshoot deamon died and I could not copy paste it :(
>
> [olivares at riohigh ~]$ dmesg | grep 'avc'
> type=1400 audit(1238189886.196:3): avc: denied { search } for pid=1553 comm="ifconfig" name="selinux" dev=sda5 ino=25722 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:selinux_config_t:s0 tclass=dir
> type=1400 audit(1238189886.196:4): avc: denied { read } for pid=1553 comm="ifconfig" name="config" dev=sda5 ino=97197 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
> type=1400 audit(1238189886.196:5): avc: denied { open } for pid=1553 comm="ifconfig" name="config" dev=sda5 ino=97197 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
> type=1400 audit(1238189886.196:6): avc: denied { getattr } for pid=1553 comm="ifconfig" path="/etc/selinux/config" dev=sda5 ino=97197 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:selinux_config_t:s0 tclass=file
> type=1400 audit(1238189886.197:7): avc: denied { getattr } for pid=1553 comm="ifconfig" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=filesystem
> type=1400 audit(1238189886.197:8): avc: denied { search } for pid=1553 comm="ifconfig" name="/" dev=selinuxfs ino=1 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=dir
> type=1400 audit(1238189886.197:9): avc: denied { getattr } for pid=1553 comm="ifconfig" path="/selinux/class" dev=selinuxfs ino=26 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=dir
> type=1400 audit(1238189886.197:10): avc: denied { read } for pid=1553 comm="ifconfig" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file
> type=1400 audit(1238189886.198:11): avc: denied { open } for pid=1553 comm="ifconfig" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:ifconfig_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file
> type=1400 audit(1238189892.172:12): avc: denied { rlimitinh } for pid=1815 comm="modprobe" scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:insmod_t:s0 tclass=process
> type=1400 audit(1238189892.172:13): avc: denied { siginh } for pid=1815 comm="modprobe" scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:insmod_t:s0 tclass=process
> type=1400 audit(1238189892.172:14): avc: denied { noatsecure } for pid=1815 comm="modprobe" scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:insmod_t:s0 tclass=process
>
>
> Here are some anyway even with enforcing=0(permissive mode) :(
>
> Regards,
>
>
> Antonio
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This sounds like you have a mislabeled system. Rawhide has opened
today. see if the update fixes your problems, otherwise try a relabel.
More information about the fedora-selinux-list
mailing list