On Sat, 2004-12-18 at 21:39 -0500, Jim Cornette wrote: > I am trying to run some samba related programs and found that the > winbindd program causes some avc errors. I did a > touch /.autorelabel > and noticed that the errors were still present with this daemon. I did > not configure anything for this program. Attached is the avc errors for > today. I disabled the daemon and have no errors now. Do you have the latest policy? winbind policy was added, and it appears to allow all the denials you have below. I'm looking at 1.17.30-2.50. I know there was no winbind in 2.43 (iirc). - Karsten > > Thanks, > > Jim > plain text document attachment (winbindd.errors) > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.233:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.234:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.235:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.236:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.236:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.237:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.290:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.290:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.291:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.356:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd_idmap.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.357:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.357:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.358:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.359:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.455:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=netsamlogon_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file > Dec 18 14:16:54 cornette-fc3-lt kernel: audit(1103397414.324:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file > Dec 18 14:16:54 cornette-fc3-lt kernel: audit(1103397414.324:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:var_run_t tclass=dir > Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:49:07 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 > Dec 18 15:54:00 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 > Dec 18 15:54:12 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 > Dec 18 15:59:09 cornette-fc3-lt kernel: audit(1103403334.306:0): avc: granted { setenforce } for pid=212 exe=/bin/bash scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security > Dec 18 15:59:09 cornette-fc3-lt kernel: audit(1103403523.164:0): avc: granted { setenforce } for pid=212 exe=/bin/bash scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.176:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.177:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.178:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.179:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.179:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.218:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.218:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.219:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.299:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd_idmap.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.300:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.301:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.412:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=netsamlogon_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file > Dec 18 15:59:34 cornette-fc3-lt kernel: audit(1103403574.278:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file > Dec 18 15:59:34 cornette-fc3-lt kernel: audit(1103403574.278:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.585:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:var_run_t tclass=dir > Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.585:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.586:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file > Dec 18 16:11:18 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 > Dec 18 16:13:54 cornette-fc3-lt dbus: avc: 0 AV entries and 0/512 buckets used, longest chain length 0 > Dec 18 16:31:46 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-selinux-list -- Karsten Wade, RHCE, Sr. Tech Writer a lemon is just a melon in disguise http://people.redhat.com/kwade/ gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41