Re: fstab, mount, minilog ...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 25 Aug 2004 02:46, Tom London <selinux@xxxxxxxxxxx> wrote:
> Newest Rawhide: some funny things at boot up:
>
> Aug 24 08:43:24 fedora kernel: audit(1093336939.824:0): avc:  denied  {
> use } for  pid=546 exe=/sbin/minilogd path=/init dev=rootfs ino=14
> scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:kernel_t
> tclass=fd

I'm getting the same, it seemed to have started at kernel 2.6.8-1.525.  Kernel 
2.6.8-1.524 didn't have that on my targeted test machine.

> Aug 24 08:43:24 fedora kernel: audit(1093336939.943:0): avc:  denied  {
> read } for  pid=551 exe=/bin/mount name=fstab dev=hda2 ino=4654138
> scontext=system_u:system_r:mount_t tcontext=system_u:object_r:tmp_t
> tclass=file

That is really broken.  There should be no way for the fstab file to get the 
label tmp_t.  In fact no file should have the label tmp_t.  How was the fstab 
file created?

> The minilog avc is 'old', but the ones from mount are new. In addition,
> looks
> like /etc/fstab is created with the wrong label.  Here's the output from
> 'setfiles'
> after boot:
> setfiles:  relabeling /etc/fstab from system_u:object_r:tmp_t to
> system_u:object_r:etc_t
>
> For minilog, is this a case of a file descriptor leaking across the exec?

Looks like it.  Kernel bug.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux