On Wed, 2004-08-25 at 04:28, Russell Coker wrote:
> On Wed, 25 Aug 2004 02:46, Tom London <selinux@xxxxxxxxxxx> wrote:
> > Newest Rawhide: some funny things at boot up:
> >
> > Aug 24 08:43:24 fedora kernel: audit(1093336939.824:0): avc: denied {
> > use } for pid=546 exe=/sbin/minilogd path=/init dev=rootfs ino=14
> > scontext=system_u:system_r:syslogd_t tcontext=system_u:system_r:kernel_t
> > tclass=fd
>
> I'm getting the same, it seemed to have started at kernel 2.6.8-1.525. Kernel
> 2.6.8-1.524 didn't have that on my targeted test machine.
Kernel is leaking descriptors to the rootfs; I reported this a while
ago. SELinux should be closing and re-opening them to /dev/null on the
denial, so they won't be accessible to userspace.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
