Kernel install errors w/ strict/enforcing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following started about a week ago
(running rawhide and off of Dan's tree:
kernel-2.6.7-1.499, selinux-policy-strict-1.15.10-1, ...)

'yum install' for the kernel (.499 and .501) produces the following:
failed to stat ./build/include/asm: 13 above message repeated 9 times.


The install appears to be correct.

Here are the avc's from the log:
Jul 31 10:37:35 fedora kernel: audit(1091295455.845:0): avc: denied { getattr } for pid=4689 exe=/sbin/nash path=/lib/modules/2.6.7-1.501/build/include/asm dev=hda2 ino=3637290 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:modules_object_t tclass=lnk_file
Jul 31 10:37:38 fedora kernel: audit(1091295458.230:0): avc: denied { getattr } for pid=4695 exe=/sbin/nash path=/lib/modules/2.6.7-1.501/build/include/asm dev=hda2 ino=3637290 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:modules_object_t tclass=lnk_file
Jul 31 10:37:39 fedora kernel: audit(1091295459.276:0): avc: denied { getattr } for pid=4701 exe=/sbin/nash path=/lib/modules/2.6.7-1.501/build/include/asm dev=hda2 ino=3637290 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:modules_object_t tclass=lnk_file
Jul 31 10:37:39 fedora kernel: audit(1091295459.468:0): avc: denied { transition } for pid=4703 exe=/bin/bash path=/sbin/dmsetup dev=hda2 ino=2310342 scontext=root:sysadm_r:bootloader_t tcontext=root:system_r:lvm_t tclass=process
Jul 31 10:37:40 fedora kernel: audit(1091295460.731:0): avc: denied { getattr } for pid=4735 exe=/sbin/nash path=/lib/modules/2.6.7-1.501/build/include/asm dev=hda2 ino=3637290 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:modules_object_t tclass=lnk_file
Jul 31 10:37:41 fedora kernel: audit(1091295461.268:0): avc: denied { getattr } for pid=4739 exe=/sbin/nash path=/lib/modules/2.6.7-1.501/build/include/asm dev=hda2 ino=3637290 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:modules_object_t tclass=lnk_file
Jul 31 10:37:41 fedora kernel: audit(1091295461.764:0): avc: denied { getattr } for pid=4744 exe=/sbin/nash path=/lib/modules/2.6.7-1.501/build/include/asm dev=hda2 ino=3637290 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:modules_object_t tclass=lnk_file
Jul 31 10:37:42 fedora kernel: audit(1091295462.569:0): avc: denied { getattr } for pid=4751 exe=/sbin/nash path=/lib/modules/2.6.7-1.501/build/include/asm dev=hda2 ino=3637290 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:modules_object_t tclass=lnk_file
Jul 31 10:37:43 fedora kernel: audit(1091295463.091:0): avc: denied { getattr } for pid=4756 exe=/sbin/nash path=/lib/modules/2.6.7-1.501/build/include/asm dev=hda2 ino=3637290 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:modules_object_t tclass=lnk_file
Jul 31 10:37:43 fedora kernel: audit(1091295463.633:0): avc: denied { getattr } for pid=4761 exe=/sbin/nash path=/lib/modules/2.6.7-1.501/build/include/asm dev=hda2 ino=3637290 scontext=root:sysadm_r:bootloader_t tcontext=system_u:object_r:modules_object_t tclass=lnk_file


'audit2allow' on the above yields:
   allow bootloader_t lvm_t:process { transition };
   allow bootloader_t modules_object_t:lnk_file { getattr };

Do we need to make this (or some other) change?

thanks
  tom


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux