-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/02/2011 04:22 PM, Jerry James wrote:
> 8.206691] type=1400 audit(1312314954.461:3): avc: denied {
> dyntransition } for pid=1 comm="systemd"
> scontext=system_u:system_r:kernel_t:s0
> tcontext=system_u:system_r:init_t:s0 tclass=process [ 11.777659]
> type=1400 audit(1312314958.032:4): avc: denied { read } for
> pid=572 comm="systemd-sysctl" name="sysctl.conf" dev=dm-1 ino=131521
> scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:system_conf_t:s0 tclass=file [
> 11.781152] type=1400 audit(1312314958.035:5): avc: denied { open }
> for pid=572 comm="systemd-sysctl" name="sysctl.conf" dev=dm-1
> ino=131521 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:system_conf_t:s0 tclass=file [
> 11.800415] type=1400 audit(1312314958.055:6): avc: denied { getattr
> } for pid=572 comm="systemd-sysctl" path="/etc/sysctl.conf" dev=dm-1
> ino=131521 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:system_conf_t:s0 tclass=file [
> 17.387700] type=1400 audit(1312314963.642:7): avc: denied {
> relabelto } for pid=663 comm="systemd-tmpfile" name="seats"
> dev=tmpfs ino=12579 scontext=system_u:system_r:systemd_tmpfiles_t:s0
> tcontext=system_u:object_r:systemd_logind_var_run_t:s0 tclass=dir [
> 17.393413] type=1400 audit(1312314963.648:8): avc: denied {
> relabelto } for pid=663 comm="systemd-tmpfile" name="sessions"
> dev=tmpfs ino=12583 scontext=system_u:system_r:systemd_tmpfiles_t:s0
> tcontext=system_u:object_r:systemd_logind_sessions_t:s0 tclass=dir [
> 19.280082] type=1400 audit(1312314965.535:9): avc: denied { unlink
> } for pid=677 comm="NetworkManager" name="resolv.conf" dev=dm-1
> ino=131244 scontext=system_u:system_r:NetworkManager_t:s0
> tcontext=system_u:object_r:etc_t:s0 tclass=file [ 19.629917]
> type=1400 audit(1312314965.884:10): avc: denied { name_bind } for
> pid=840 comm="dhclient" src=11807
> scontext=system_u:system_r:dhcpc_t:s0
> tcontext=system_u:object_r:port_t:s0 tclass=udp_socket [ 20.125998]
> type=1400 audit(1312314966.380:11): ac: denied { rename } for
> pid=904 comm="Xorg" name="Xorg.0.log" dev=dm-1 ino=392488
> scontext=system_u:system_r:xserver_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:var_log_t:s0 tclass=file [ 20.130982]
> type=1400 audit(1312314966.384:12): avc: denied { unlink } for
> pid=904 comm="Xorg" name="Xorg.0.log.old" dev=dm-1 ino=392491
> scontext=system_u:system_r:xserver_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:var_log_t:s0 tclass=file [ 607.234395]
> type=1400 audit(1312315564.790:13): avc: denied { read } for
> pid=1745 comm="sendmail" name="online" dev=sysfs ino=34
> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:sysfs_t:s0 tclass=file [ 607.234488]
> type=1400 audit(1312315564.790:14): avc: denied { open } for
> pid=1745 comm="sendmail" name="online" dev=sysfs ino=34
> scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:sysfs_t:s0 tclass=file
>
> In addition, looking back farther in the log, I see LOTS of these
> when SELinux was in enforcing mode:
>
> avc: denied { sigchld } for pid=1 comm="systemd"
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:kernel_t:s0 tclass=process
Most of these are fixed in the latest policy
selinux-policy-3.10.0-14.fc17.noarch
selinux-policy-3.10.0-14.fc16.noarch
Depending on your definition of Rawhide...
A couple are mislabeled files resolv.conf and Xorg.0.log.old
I think the sigchld ones are caused by kernel_t not transitioning to init_t.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk45Za4ACgkQrlYvE4MpobMPVgCfW4XARfU/RVStIy6Ju78GU5Wv
8A4AoMYS6aso1AiFSeUFkiXle7fYyK6G
=UdQq
-----END PGP SIGNATURE-----
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
