On Fri, 2004-03-26 at 02:25, Richard Hally wrote:
> Here are some avc denied messages that showed up from doing a yum update
> while in enforcing mode:
>
> Mar 26 01:28:15 old1 kernel: audit(1080282495.299:0): avc: denied {
> search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538
> scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t
> tclass=dir
> Mar 26 01:28:15 old1 kernel: audit(1080282495.300:0): avc: denied {
> search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538
> scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t
> tclass=dir
Hmm. Is there a file named "1" in your /? If so, and you do a:
ls -ali /1
do you see 65538? If that file exists it's an artifact of an older bug
in policy that has been fixed now IIRC.
Otherwise, can you do a:
find / -inum 65538
(it may take a while, be patient)
> Mar 26 01:35:20 old1 kernel: audit(1080282920.844:0): avc: denied {
> read } for pid=4397 exe=/sbin/consoletype path=pipe:[18262] dev=
> ino=18262 scontext=root:system_r:consoletype_t
> tcontext=root:sysadm_r:rpm_t tclass=fifo_file
I just sent a patch to dwalsh to fix this one.
Attachment:
signature.asc
Description: This is a digitally signed message part
