On Sat, 2004-06-12 at 07:38, Russell Coker wrote: > With the latest kernel I am getting some strange AVC messages I didn't get > with 2.6.5-1.358. > > audit(1087039822.666:0): avc: denied { getattr } for pid=5262 > exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t > tcontext=system_u:object_r:root_t tclass=chr_file > audit(1087039822.684:0): avc: denied { getattr } for pid=5262 > exe=/usr/sbin/pppd path=/ dev=hda1 ino=16381 scontext=rjc:system_r:pppd_t > tcontext=system_u:object_r:root_t tclass=chr_file > > There is no device node 16381 on the file system. Running the same command > repeatedly gives similar messages with different inode numbers, so I guess > it's some sort of temporary file. The machine is in enforcing mode and > nothing that might want to create a root_t chr_file has permission to do > so... Have you rebooted with a policy that includes the devnull initial SID and context? -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency