avc denied from /.autorelabel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Included below are the avc denied messages from trying to do an autorelabel while in enforcing mode with the strict policy.
there are also messages about line 64 of rc.sysinit: permission denied.
Looks like sysinit(initrc_t) is trying to write to /selinux/enforce with out being allowed to do so.
Thus setfiles can not read file_contexts.

HTH
Richard Hally

Dec 6 05:53:56 new2 kernel: audit(1102330419.769:0): avc: denied { write } for pid=213 exe=/bin/bash name=enforce dev=selinuxfs ino=4 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:security_t tclass=file
Dec 6 05:53:56 new2 kernel: audit(1102330419.769:0): avc: denied { write } for pid=213 exe=/bin/bash name=enforce dev=selinuxfs ino=4 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:security_t tclass=file
Dec 6 05:53:56 new2 kernel: audit(1102330420.005:0): avc: denied { read } for pid=1279 exe=/usr/sbin/setfiles name=file_contexts dev=dm-0 ino=3998097 scontext=system_u:system_r:initrc_t tcontext=root:object_r:file_context_t tclass=file
Dec 6 05:53:56 new2 kernel: audit(1102330420.026:0): avc: denied { write } for pid=213 exe=/bin/bash name=enforce dev=selinuxfs ino=4 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:security_t tclass=file
Dec 6 05:53:56 new2 kernel: audit(1102330420.026:0): avc: denied { write } for pid=213 exe=/bin/bash name=enforce dev=selinuxfs ino=4 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:security_t tclass=file

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux