Re: udevsend....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sorry, I sent this off too quickly.

Here are additional avc's generated by udev....

Aug 24 09:12:27 fedora kernel: audit(1093338680.407:0): avc: denied { getattr
} for pid=315 exe=/sbin/udevsend path=/etc/selinux/config dev=hda2 ino=4509759
scontext=system_u:system_r:udev_t tcontext=system_u:object_r:selinux_config_t tclass=file
Aug 24 09:12:31 fedora kernel: audit(1093363902.870:0): avc: denied { search } for pid=1079 exe=/sbin/udev name=contexts dev=hda2 ino=4509745 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:default_context_t tclass=dir
Aug 24 09:12:31 fedora kernel: audit(1093363902.877:0): avc: denied { search } for pid=1079 exe=/sbin/udev name=files dev=hda2 ino=4509746 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:file_context_t tclass=dir
Aug 24 09:12:31 fedora kernel: audit(1093363902.894:0): avc: denied { read } for pid=1079 exe=/sbin/udev name=file_contexts dev=hda2 ino=4505700 scontext=system_u:system_r:udev_t tcontext=root:object_r:file_context_t tclass=file
Aug 24 09:12:31 fedora kernel: audit(1093363902.894:0): avc: denied { getattr
} for pid=1079 exe=/sbin/udev path=/etc/selinux/strict/contexts/files/file_contexts dev=hda2 ino=4505700 scontext=system_u:system_r:udev_t tcontext=root:object_r:file_context_t tclass=file
Aug 24 09:12:31 fedora kernel: audit(1093363919.802:0): avc: denied { write }
for pid=1200 exe=/sbin/udev name=fscreate dev=proc ino=78643222 scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t tclass=file
Aug 24 09:12:31 fedora kernel: audit(1093363919.802:0): avc: denied { setfscreate } for pid=1200 exe=/sbin/udev scontext=system_u:system_r:udev_t tcontext=system_u:system_r:udev_t tclass=process
Aug 24 09:12:31 fedora kernel: audit(1093363919.941:0): avc: denied { search } for pid=1202 exe=/bin/bash name=console dev=hda2 ino=4456494 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:pam_var_console_t tclass=dir
Aug 24 09:12:32 fedora kernel: audit(1093363947.209:0): avc: denied { getattr
} for pid=2131 exe=/sbin/udev path=/etc/selinux/config dev=hda2 ino=4509759 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:selinux_config_t tclass=file

Seems to want:
allow udev_t default_context_t:dir { search };
allow udev_t file_context_t:dir { search };
allow udev_t file_context_t:file { getattr read };
allow udev_t pam_var_console_t:dir { search };
allow udev_t selinux_config_t:file { getattr };
allow udev_t udev_t:file { write };
allow udev_t udev_t:process { setfscreate }

Help.... this one is beyond me......
  tom

Tom London wrote:

The newest Rawhide udev seems to add 'udevsend' that seems to want
allow udev_t selinux_config_t:dir { search };
allow udev_t selinux_config_t:file { read };

I'm guessing that udevsend replaces the script /etc/dev.d/default/selinux.dev.

tom

Here are the avcs....

Aug 24 08:45:13 fedora kernel: audit(1093362313.380:0): avc: denied { search } for pid=3905 exe=/sbin/udevsend name=selinux dev=hda2 ino=4509743 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:selinux_config_t tclass=dir
Aug 24 08:45:13 fedora kernel: audit(1093362313.380:0): avc: denied { read } for pid=3905 exe=/sbin/udevsend name=config dev=hda2 ino=4509759 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:selinux_config_t tclass=file
Aug 24 08:45:13 fedora kernel: audit(1093362313.380:0): avc: denied { getattr
} for pid=3905 exe=/sbin/udevsend path=/etc/selinux/config dev=hda2 ino=4509759 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:selinux_config_t tclass=file


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux