On Fri, 2004-03-26 at 02:25, Richard Hally wrote: > Here are some avc denied messages that showed up from doing a yum update > while in enforcing mode: > > Mar 26 01:28:15 old1 kernel: audit(1080282495.299:0): avc: denied { > search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538 > scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t > tclass=dir > Mar 26 01:28:15 old1 kernel: audit(1080282495.300:0): avc: denied { > search } for pid=4282 exe=/bin/bash name=1 dev= ino=65538 > scontext=root:sysadm_r:rpm_script_t tcontext=system_u:system_r:init_t > tclass=dir Hmm. Is there a file named "1" in your /? If so, and you do a: ls -ali /1 do you see 65538? If that file exists it's an artifact of an older bug in policy that has been fixed now IIRC. Otherwise, can you do a: find / -inum 65538 (it may take a while, be patient) > Mar 26 01:35:20 old1 kernel: audit(1080282920.844:0): avc: denied { > read } for pid=4397 exe=/sbin/consoletype path=pipe:[18262] dev= > ino=18262 scontext=root:system_r:consoletype_t > tcontext=root:sysadm_r:rpm_t tclass=fifo_file I just sent a patch to dwalsh to fix this one.
Attachment:
signature.asc
Description: This is a digitally signed message part