Re: Permission denied during rpm installation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Deepak Shrestha wrote:
On 7/28/06, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Fri, 2006-07-28 at 10:48 +0100, Paul Howarth wrote:
> Deepak Shrestha wrote:
> >> Look in /var/log/messages, or if you're running the audit daemon
> >> (default on in FC4), /var/log/audit/audit.log, for lines containing
> >> "type=AVC".
> >>
> >> Paul.
> >>
> >
> > I don't have audit directory or audit.log but issuing
> > # cat /var/log/messages | grep AVC
> >
> > gives me blank result
>
> It's possible that any messages may have been rotated out. Try:
>
> $ fgrep type=AVC /var/log/messages*
>
> If there's nothing there then it's likely that your issue was not
> SELinux-related.

I think the type=AVC prefixes are only added if running auditd (in which
case you'd be checking /var/log/audit/audit.log*).  Otherwise, you'd
just get the raw audit message from the kernel in /var/log/messages.
The safest thing is to just look for "avc:"; that will be present
regardless.

--
Stephen Smalley
National Security Agency

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list


looking for "avc:", I found lots of entries with "denied" in /var/log/messages

the entry is rather long so posting only the fragment (hope this will
still make the point). Its is something like this
==============
Jul 24 23:39:53 webcomp kernel: audit(1153755580.824:2): avc:  denied
{ getattr } for  pid=1153 comm="mount" name="kcore" dev=proc
ino=-268435435 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file
Jul 24 23:39:54 webcomp kernel: audit(1153755580.856:3): avc:  denied
{ getattr } for  pid=1153 comm="mount" name="kcore" dev=proc
ino=-268435435 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file
Jul 25 11:45:16 webcomp kernel: audit(1153799116.610:8): avc:  denied
{ use } for  pid=2467 comm="bluez-pin" name="[7581]" dev=pipefs
ino=7581 scontext=user_u:system_r:bluetooth_helper_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fd
Jul 25 11:45:16 webcomp kernel: audit(1153799116.610:9): avc:  denied
{ use } for  pid=2467 comm="bluez-pin" name="[7581]" dev=pipefs
ino=7581 scontext=user_u:system_r:bluetooth_helper_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fd
Jul 25 14:00:21 webcomp kernel: audit(1153807221.327:4): avc:  denied
{ use } for  pid=2291 comm="bluez-pin" name="[7243]" dev=pipefs
ino=7243 scontext=user_u:system_r:bluetooth_helper_t:s0
......
......
......
......
..... and so on
==============

What does this mean??? and most importantly why? and what is the solution?

These are probably not the relevant denials. Try to find ones from around the time you were trying the RPM install. There should be a log entry corresponding to when you did the "setenforce 0" (search for "setenforce" in /var/log/messages), and the denials of interest should be in the minutes preceding that.

Paul.



--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux