jfrieben@xxxxxxxxxxx wrote:
There are many AVC entries in both files "/var/log/messages" and
"/var/log/audit/audit.log". However, they do not seem to be related to the
use of DRM. In particular, there is no additional entry upon call of
"glxinfo" related to the SELinux framework, whereas there is some output to
"/var/log/dmesg". If "SELinux" had intercepted some unauthorized
access/action, it should at least have reported this somewhat more verbosely
instead of simply crashing the X server in the case of "glxgears" - right?
Here comes the snippet from "/var/log/messages" with AVC related stuff from
the system boot procedure:
"Jul 28 19:38:04 riemann kernel: audit(1122572272.500:3): avc: denied {
read write } for pid=1879 comm="runlevel" name="utmp" dev=dm-0 ino=196617
scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:init_var_run_t
tclass=file
Jul 28 19:38:04 riemann kernel: audit(1122572272.500:4): avc: denied {
read }for pid=1879 comm="runlevel" name="utmp" dev=dm-0 ino=196617
scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:init_var_run_t
tclass=file
Jul 28 19:38:04 riemann kernel: audit(1122572272.500:5): avc: denied {
read write } for pid=1879 comm="runlevel" name="utmp" dev=dm-0 ino=196617
scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:init_var_run_t
tclass=file
Jul 28 19:38:04 riemann kernel: audit(1122572272.500:6): avc: denied {
read }for pid=1879 comm="runlevel" name="utmp" dev=dm-0 ino=196617
scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:init_var_run_t
tclass=file
Jul 28 19:38:04 riemann kernel: SELinux: initialized (dev rpc_pipefs, type
rpc_pipefs), uses genfs_contexts".
This looks like you have some kind of labeleing problem. utmp is labled
init_var_run_t, it should be initrc_var_run_t
You may want to relabel.
Have you tried to boot with enforcing=0?
Dan
--
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-devel-list
