Fedora Core 5 Test Update: selinux-policy-2.2.29-3.fc5
Daniel J Walsh
dwalsh at redhat.com
Sat Apr 8 14:55:16 UTC 2006
Jason L Tibbitts III wrote:
>>>>>> "DJW" == Daniel J Walsh <Daniel> writes:
>>>>>>
>
> DJW> Did you get any avc messages?
>
> That system is constantly throwing denials from hald and mount, but
> looking back through the log I see the following two messages at the
> time I applied the update:
>
> Apr 4 16:24:21 util10 kernel: audit(1144185861.320:675): avc: denied { write } for pid=19560 comm="semodule" name="files" dev=dm-0 ino=165314 scontext=user_u:system_r:semanage_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
> Apr 4 16:24:21 util10 kernel: audit(1144185861.340:676): avc: denied { write } for pid=19560 comm="semodule" name="files" dev=dm-0 ino=165314 scontext=user_u:system_r:semanage_t:s0 tcontext=system_u:object_r:file_context_t:s0 tclass=dir
>
> - J<
>
>
This rule should be in policy, but it might have been in this update.
You can force the update by temporarily executing setenforce 0, or you
could add this rule to policy via
grep semodule /var/log/messages | audit2allow -M temp
semodule -l temp.pp
Update rpm
semodule -r temp
More information about the fedora-test-list
mailing list