On Fri, 2005-12-02 at 12:36 -0800, Tom London wrote: > Additional confirmation: > > update to latest policy (selinux-policy-targeted-2.0.7-2) yielded many > avc and transition errors on boot. > > Rebooted in permissive and relabeled. > > rebooting in enforcing 'works', but lots of avcs: > [root@tlondon ~]# ausearch -m avc,selinux_err -ts 12/02/2005 | audit2allow -l > allow cupsd_t unlabeled_t:dir search; > allow dhcpc_t system_dbusd_var_run_t:dir search; > allow hald_t agp_device_t:chr_file getattr; > allow hald_t clock_device_t:chr_file getattr; > allow hald_t memory_device_t:chr_file getattr; > allow hald_t ptmx_t:chr_file getattr; > allow hald_t random_device_t:chr_file getattr; > allow hald_t sound_device_t:chr_file getattr; > allow hald_t tmpfs_t:chr_file getattr; > allow hald_t tty_device_t:chr_file getattr; > allow hald_t unlabeled_t:dir search; > allow hald_t urandom_device_t:chr_file getattr; > allow hald_t zero_device_t:chr_file getattr; > allow kernel_t lib_t:file execmod; > allow kernel_t texrel_shlib_t:file relabelto; > allow kernel_t user_home_dir_t:dir relabelto; > allow kernel_t user_home_t:dir relabelto; > allow kernel_t user_home_t:file relabelto; > allow kernel_t user_home_t:lnk_file relabelto; > allow kernel_t user_home_t:sock_file relabelto; > allow ntpd_t self:capability sys_resource; > allow privoxy_t unlabeled_t:file getattr; > allow system_dbusd_t unlabeled_t:dir read; > allow unlabeled_t fs_t:filesystem associate; Strange, I don't see this either. I don't have the latest hald though (seems to be a dependency problem there). I'm running kernel-smp-2.6.14-1.1735_FC5 for what that's worth. Only audit messages during startup are (after audit2allow): allow hald_t tty_device_t:chr_file ioctl; allow updfstab_t tmpfs_t:dir getattr; What is unlabeled on your system (unlabeled_t denials)? -- Stephen Smalley National Security Agency -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
