Daniel J Walsh wrote:
Thanks Dan! you and the other people working on SELinux are making great progress. It looks like really will happen :)Richard Hally wrote:
when booting to runlevel 5 in enforcing mode with the latest policy there were only a few AVC denied messages. they are copied below.
[root@localhost root]# rpm -q policy policy-sources
policy-1.9.2-10
policy-sources-1.9.2-10
[root@localhost root]#
Hope this helps, Richard Hally
There is a bug in the init scripts that leaves /initrd mounted. If you umount this directory most of these messages will disappear.
The screensaver ones should be fixed by -12 policy
Not sure why gnome is trying to manipulate the registry.xml file.
--------------------messages-----------------------------
Apr 5 22:37:25 localhost crond: crond startup succeeded
Apr 5 22:37:25 localhost kernel: audit(1081219045.889:0): avc: denied { read
} for pid=1647 exe=/usr/sbin/crond name=mailman dev=hdc3 ino=539689 scontext=system_u:system_r:crond_t tcontext=system_u:object_r:file_t tclass=file
Apr 5 22:37:27 localhost xfs: xfs startup succeeded
Apr 5 22:38:04 localhost gdm(pam_unix)[1814]: session opened for user richard by (uid=0)
Apr 5 22:38:19 localhost kernel: audit(1081219099.459:0): avc: denied { setattr } for pid=1886 exe=/usr/libexec/gnome-settings-daemon name=registry.xml dev=hdc3 ino=3009195 scontext=richard:staff_r:staff_t tcontext=system_u:object_r:var_t tclass=file
Apr 5 22:38:20 localhost kernel: audit(1081219100.136:0): avc: denied { getattr } for pid=1901 exe=/usr/X11R6/bin/xscreensaver path=/home/richard/.xscreensaver dev=hdc3 ino=2469233 scontext=richard:staff_r:staff_screensaver_t tcontext=richard:object_r:staff_home_t tclass=file
Apr 5 22:38:29 localhost kernel: audit(1081219109.860:0): avc: denied { getattr } for pid=1955 exe=/usr/libexec/gnome-vfs-daemon path=/initrd dev=ram0 ino=2 scontext=richard:staff_r:staff_t tcontext=system_u:object_r:file_t tclass=dir
Apr 5 22:38:30 localhost kernel: audit(1081219110.466:0): avc: denied { getattr } for pid=1966 exe=/usr/bin/nautilus path=/initrd dev=ram0 ino=2 scontext=richard:staff_r:staff_t tcontext=system_u:object_r:file_t tclass=dir
Apr 5 22:38:30 localhost kernel: audit(1081219110.653:0): avc: denied { getattr } for pid=1967 exe=/usr/bin/nautilus path=/initrd dev=ram0 ino=2 scontext=richard:staff_r:staff_t tcontext=system_u:object_r:file_t tclass=dir
Apr 5 22:38:37 localhost kernel: audit(1081219117.803:0): avc: denied { setattr } for pid=1976 exe=/usr/libexec/mixer_applet2 name=registry.xml dev=hdc3 ino=3009195 scontext=richard:staff_r:staff_t tcontext=system_u:object_r:var_t tclas:
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Richard Hally
