On Wed, 25 Aug 2004 02:46, Tom London <selinux@xxxxxxxxxxx> wrote:
> Newest Rawhide: some funny things at boot up:
>
> Aug 24 08:43:24 fedora kernel: audit(1093336939.824:0): avc: denied {
> use } for pid=546 exe=/sbin/minilogd path=/init dev=rootfs ino=14
> scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:kernel_t
> tclass=fd
I'm getting the same, it seemed to have started at kernel 2.6.8-1.525. Kernel
2.6.8-1.524 didn't have that on my targeted test machine.
> Aug 24 08:43:24 fedora kernel: audit(1093336939.943:0): avc: denied {
> read } for pid=551 exe=/bin/mount name=fstab dev=hda2 ino=4654138
> scontext=system_u:system_r:mount_t tcontext=system_u:object_r:tmp_t
> tclass=file
That is really broken. There should be no way for the fstab file to get the
label tmp_t. In fact no file should have the label tmp_t. How was the fstab
file created?
> The minilog avc is 'old', but the ones from mount are new. In addition,
> looks
> like /etc/fstab is created with the wrong label. Here's the output from
> 'setfiles'
> after boot:
> setfiles: relabeling /etc/fstab from system_u:object_r:tmp_t to
> system_u:object_r:etc_t
>
> For minilog, is this a case of a file descriptor leaking across the exec?
Looks like it. Kernel bug.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
