Re: Experiences with selinux enabled targetted on Fedora Core 3

Colin Walters <walters@xxxxxxxxxx> · Mon, 21 Feb 2005 19:09:29 -0500

On Mon, 2005-02-21 at 16:05 -0800, Richard E Miles wrote:

>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir

Is your root filesystem labeled?

>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.010:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009536.011:0): avc:  denied  { search } for  pid=3541 exe=/sbin/portmap name=/ dev=hda2 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir
>SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses genfs_contexts
><snip>
>IPv6 over IPv4 tunneling driver
>divert: not allocating divert_blk for non-ethernet device sit0
>audit(1109009547.625:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.625:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.625:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.626:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.627:0): avc:  denied  { search } for  pid=4176 exe=/usr/sbin/ntpdate name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.763:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.764:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.765:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.766:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>audit(1109009547.766:0): avc:  denied  { search } for  pid=4180 exe=/usr/sbin/ntpd name=/ dev=hda2 ino=2 scontext=user_u:system_r:ntpd_t tcontext=system_u:object_r:file_t tclass=dir
>
>Obviously something is amiss. I do not know how to correct these messages for
>the services. Does anyone know how the fix this delemma? If not should I
>bugzilla it?
>
>-- 
>Richard E Miles
>Federal Way WA. USA
>registered linux user 46097
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list@xxxxxxxxxx
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list