Russell Coker wrote:
On Wed, 9 Jun 2004 07:37, Richard Hally <rhally@xxxxxxxxxxxxxx> wrote:
Below are the error messages from running 'yum update' today while in enforcing mode. Perhaps this will be helpful to someone.
What AVC messages did you get?
Here are the avc messages that I think were from the update:
Jun 8 14:49:07 new2 kernel: audit(1086720547.359:0): avc: denied { read } for pid=5967 exe=/usr/sbin/load_policy name=policy.17 dev=hda2 ino=913086 scontext=root:sysadm_r:load_policy_t tcontext=root:object_r:etc_t tclass=file
Jun 8 14:49:43 new2 kernel: audit(1086720583.805:0): avc: denied { read } for pid=6032 exe=/usr/sbin/load_policy name=policy.17 dev=hda2 ino=913086 scontext=root:sysadm_r:load_policy_t tcontext=root:object_r:etc_t tclass=file
Jun 8 14:50:42 new2 kernel: audit(1086720642.556:0): avc: denied { read } for pid=6040 exe=/usr/sbin/groupadd name=config dev=hda2 ino=914871 scontext=root:sysadm_r:groupadd_t tcontext=system_u:object_r:selinux_config_t tclass=file
Jun 8 14:50:42 new2 kernel: audit(1086720642.857:0): avc: denied { read } for pid=6041 exe=/usr/sbin/groupadd name=config dev=hda2 ino=914871 scontext=root:sysadm_r:groupadd_t tcontext=system_u:object_r:selinux_config_t tclass=file
Jun 8 14:50:42 new2 kernel: audit(1086720642.860:0): avc: denied { read } for pid=6042 exe=/usr/sbin/groupadd name=config dev=hda2 ino=914871 scontext=root:sysadm_r:groupadd_t tcontext=system_u:object_r:selinux_config_t tclass=file
Jun 8 14:50:43 new2 kernel: audit(1086720643.071:0): avc: denied { read } for pid=6043 exe=/usr/sbin/useradd name=config dev=hda2 ino=914871 scontext=root:sysadm_r:useradd_t tcontext=system_u:object_r:selinux_config_t tclass=file
Jun 8 14:53:13 new2 kernel: audit(1086720793.835:0): avc: denied { read } for pid=6446 exe=/usr/sbin/userdel name=config dev=hda2 ino=914871 scontext=root:sysadm_r:useradd_t tcontext=system_u:object_r:selinux_config_t tclass=file
Jun 8 14:53:14 new2 kernel: audit(1086720794.145:0): avc: denied { read } for pid=6447 exe=/usr/sbin/useradd name=config dev=hda2 ino=914871 scontext=root:sysadm_r:useradd_t tcontext=system_u:object_r:selinux_config_t tclass=file
Jun 8 14:54:22 new2 kernel: audit(1086720862.714:0): avc: denied { read } for pid=6504 exe=/usr/sbin/useradd name=config dev=hda2 ino=914871 scontext=root:sysadm_r:useradd_t tcontext=system_u:object_r:selinux_config_t tclass=file
-----------------------------------------------------------------------------
And a ton of these(that are probably not related to the policy update:)
Jun 8 14:58:49 new2 kernel: audit(1086721129.020:0): avc: denied { read } for pid=6718 exe=/sbin/ldconfig name=libgaim-remote.so.0.0.0 dev=hda2 ino=52056 scontext=root:sysadm_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file
Jun 8 14:59:17 new2 kernel: audit(1086721157.931:0): avc: denied { getattr }
for pid=6722 exe=/sbin/ldconfig path=/usr/lib/libgaim-remote.so.0.0.0 dev=hda2
ino=52056 scontext=root:sysadm_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file
Jun 8 14:59:30 new2 kernel: audit(1086721170.335:0): avc: denied { read } for pid=6722 exe=/sbin/ldconfig name=libgaim-remote.so.0.0.0 dev=hda2 ino=52056 scontext=root:sysadm_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file
Jun 8 15:00:13 new2 kernel: audit(1086721213.603:0): avc: denied { getattr }
for pid=6760 exe=/sbin/ldconfig path=/usr/lib/libgaim-remote.so.0.0.0 dev=hda2
ino=52056 scontext=root:sysadm_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file
Jun 8 15:00:28 new2 kernel: audit(1086721228.071:0): avc: denied { read } for pid=6760 exe=/sbin/ldconfig name=libgaim-remote.so.0.0.0 dev=hda2 ino=52056 scontext=root:sysadm_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file
Jun 8 15:02:05 new2 kernel: audit(1086721325.781:0): avc: denied { getattr }
for pid=6762 exe=/sbin/ldconfig path=/usr/lib/libgaim-remote.so.0.0.0 dev=hda2
ino=52056 scontext=root:sysadm_r:ldconfig_t tcontext=root:object_r:lib_t tclass=file
:
THT Richard Hally
