kernel install issue: /sbin/depmod - avc's supplied

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm presuming this is a know issue, but just in case....

kernel installs (via 'yum update') when running in strict/enforcing fail. Now that I have kernel-2.6.6-1.421 installed and running, I have avc's
from /var/log/messages. Here are just a few:

Jun 4 14:03:16 dell kernel: audit(1086382996.206:0): avc: denied { read } for pid=3643 exe=/sbin/depmod name=toshiba.ko dev=hdb3 ino=1056054 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=file
Jun 4 14:03:16 dell kernel: audit(1086382996.206:0): avc: denied { read } for pid=3643 exe=/sbin/depmod name=ppdev.ko dev=hdb3 ino=1056048 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=file
Jun 4 14:03:16 dell kernel: audit(1086382996.207:0): avc: denied { read } for pid=3643 exe=/sbin/depmod name=edd.ko dev=hdb3 ino=1069944 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=file
Jun 4 14:03:16 dell kernel: audit(1086382996.207:0): avc: denied { getattr } for pid=3643 exe=/sbin/depmod path=/lib/modules/2.6.6-1.422/build/sound/oss/dmasound/Makefile dev=hdb3 ino=1036012 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=file
Jun 4 14:03:16 dell kernel: audit(1086382996.208:0): avc: denied { getattr } for pid=3643 exe=/sbin/depmod path=/lib/modules/2.6.6-1.422/build/sound/oss/dmasound/Kconfig dev=hdb3 ino=1036011 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=file
Jun 4 14:03:16 dell kernel: audit(1086382996.208:0): avc: denied { getattr } for pid=3643 exe=/sbin/depmod path=/lib/modules/2.6.6-1.422/build/sound/oss/Makefile dev=hdb3 ino=1036006 scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=file

The contexts in the rpm appear correct (i.e., most are system_u:object_r:modules_object_t, or similar), but the files in /lib/modules/2.6.6-1.422/.... are all labeled system_u:object_r:lib_t.

Anyway, /sbin/depmod is having a hell of a time.

Thanks to Stephen, the workaround of going into permissive mode prior to 'yum update' seems to work, but the file contexts need fixing.

I checked bugzilla for yum but didn't find anything. Has this been filed/fixed?

tom
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux