Max,
To answer your question from yesterday, I had been getting the same errors even before I installed the policies yesterday which is strange because the messages indicate that a policy was loaded. Is there a built-in default policy? Where do I go from here?
Thanks,
Steve
>From /var/log/messages:
Jul 1 18:53:55 asa-ws-053 setroubleshoot: [program.ERROR] setroubleshoot generated AVC, exiting to avoid recursion, context=system_u:system_r:setroubleshootd_t:s0, AVC scontext=system_u:system_r:setroubleshootd_t:s0
and
Jul 1 18:53:51 asa-ws-053 kernel: security: class peer not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: class capability2 not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission recvfrom in class node not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission sendto in class node not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission ingress in class netif not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission egress in class netif not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission setfcap in class capability not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission forward_in in class packet not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission forward_out in class packet not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: SELinux: policy loaded with handle_unknown=deny
Jul 1 18:53:51 asa-ws-053 kernel: type=1403 audit(1214938405.305:2): policy loaded auid=4294967295 ses=4294967295
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938406.918:3): avc: denied { read write } for pid=505 comm="restorecon" path="/dev/console" dev=tmpfs ino=233 scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.569:4): avc: denied { create } for pid=739 comm="hwclock" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=netlink_audit_socket
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.583:5): avc: denied { getattr } for pid=739 comm="hwclock" path="/etc/adjtime" dev=dm-0 ino=36569532 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:adjtime_t:s0 tclass=file
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.583:6): avc: denied { read } for pid=739 comm="hwclock" name="adjtime" dev=dm-0 ino=36569532 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:adjtime_t:s0 tclass=file
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.938:7): avc: denied { sys_nice } for pid=611 comm="modprobe" capability=23 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.938:8): avc: denied { setsched } for pid=611 comm="modprobe" scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=process
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
