Re: Can't boot FC4;avc denied error message

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/4/06, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Fri, 2006-08-04 at 16:29 +0200, David Desscan wrote:
> On 8/4/06, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> > On Fri, 2006-08-04 at 04:25 +0200, David Desscan wrote:
>
> > uname -r
> > rpm -q selinux-policy-targeted
> >
> My kernel version is 2.6.17-1.2142_FC4
> SElinux policy targeted version is 1.27.1-2.28

Ok, nothing interesting there (same kernel and policy works fine here
for me).

/etc/rc.d/rc.sysinit runs restorecon -R /dev to fix up the dev labels
created before initial policy load, then udev handles labeling of all
subsequent nodes.  Can you verify that your rc.sysinit script contains
the restorecon -R /dev command?  If you run that sequence by hand (but
don't redirect stderr to /dev/null), does it work?

--
Stephen Smalley
National Security Agency

I am getting another avc denied message when I add a user with
useradd/adduser command.

audit(1154719461.914:11): avc : denied {create} for pid=2394
comm="useradd" name=".bashrc" scontext=root:system_r:kernel_t
tcontext=user_u:object_r:user_home_t tclass=file

audit(1154719461.930:12): avc : denied {create} for pid=2394
comm="useradd" name="passwd+" scontext=root:system_r:kernel_t
tcontext=system_u:object_r:etc_t tclass=file

useradd : cannot rewrite password file.

I have checked /etc for .lock files.  Each time I delete them, they
are recreated after the useradd command and the I get same error
message.

I did a fixfiles relabel and rebooted my system but still get same
error message.  I have also noted that some files have not been
relabeled (avc denied relabel from;comm=setfiles)

when I log on as root I also noticed an avc denied message with login

audit(1154723141.305.3): avc : denied {relabel} for pid=2044
comm="login" name="tty1"  dev=tmpfs ino=727
scontext=system_u:system_r:kernel_t
tcontext=root:object_r:tty_device_t tclass=chr_file

I rebooted my system with enforcing=0. I log in as root.  It did not
flag the error message I used to get when logging as root(it logged it
however). I checked with sestatus that SElinux is in permissive mode.
I created a user with useradd.  It displayed the above avc denied
message (when adding new user) but created the user.  I added password
and su to newuser.  I got an avc denied with su for relabel as with
login above and noted dev=tmpfs.

Something strange.  Subsequent adding of users does not flag the avc
denied for .bashrc and passwd.

I rebooted my system after that.  I get the usual avc denied login
relabel message and cannot create users.  useradd:cannot rewrite
password file.  SElinux mode=enforcing.

Thanks for your help.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux