On Thu, 2004-08-05 at 11:13, Tom London wrote:
> Running strict/enforcing, and running
> Rawhide (selinux-policy-strict-1.15.11-1 and kernel-2.6.7-1.509),
> some new AVCs logged. [Sorry if I'm 'amid updates']
<snip>
> Aug 5 06:58:02 fedora kernel: audit(1091689038.197:0): avc: denied {
> read write } for pid=1 exe=/sbin/init path=/dev/console dev=rootfs
> ino=5 scontext=system_u:system_r:init_t
> tcontext=system_u:object_r:unlabeled_t tclass=chr_file
<snip>
> Aug 5 06:58:02 fedora kernel: audit(1091689038.318:0): avc: denied {
> read } for pid=1 exe=/sbin/init path=/init dev=rootfs ino=14
> scontext=system_u:system_r:init_t tcontext=system_u:object_r:unlabeled_t
> tclass=file
This requires a change to the SELinux kernel code to address properly;
need to be able to assign security contexts to inodes unpacked from
initramfs into the rootfs.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
