Running targeted/enforcing, today's rawhide.
After installing today's packages, system fails to boot.
Hangs just after starting init, after producing a message like
MAKEDEV:mkdir: file exists
System will boot with 'enforcing=0'.
The log shows many avc denials to tmpfs (below).
Did I mess up?
tom
--------------------------------------------------------
May 4 07:33:23 localhost kernel: audit(1115191953.487:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:33:23 localhost kernel: audit(1115191970.159:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:hwclock_t
tcontext=system_u:object_r:tmpfs_t tclass=dir
May 4 07:33:23 localhost kernel: audit(1115217172.838:0): avc:
denied { getattr } for path=/dev/mapper/VolGroup00-LogVol00
dev=tmpfs ino=6442 scontext=system_u:system_r:fsadm_t
tcontext=system_u:object_r:tmpfs_t tclass=blk_file
May 4 07:33:23 localhost kernel: audit(1115217172.839:0): avc:
denied { read write } for name=VolGroup00-LogVol00 dev=tmpfs
ino=6442 scontext=system_u:system_r:fsadm_t
tcontext=system_u:object_r:tmpfs_t tclass=blk_file
May 4 07:33:23 localhost kernel: audit(1115217172.839:0): avc:
denied { ioctl } for path=/dev/mapper/VolGroup00-LogVol00 dev=tmpfs
ino=6442 scontext=system_u:system_r:fsadm_t
tcontext=system_u:object_r:tmpfs_t tclass=blk_file
May 4 07:33:23 localhost kernel: audit(1115217177.481:0): avc:
denied { write } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:tmpfs_t tclass=dir
May 4 07:33:23 localhost kernel: audit(1115217177.481:0): avc:
denied { add_name } for name=log
scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:tmpfs_t tclass=dir
May 4 07:33:23 localhost kernel: audit(1115217177.481:0): avc:
denied { create } for name=log scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:tmpfs_t tclass=sock_file
May 4 07:33:23 localhost kernel: audit(1115217177.481:0): avc:
denied { setattr } for name=log dev=tmpfs ino=6865
scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:tmpfs_t tclass=sock_file
May 4 07:33:23 localhost kernel: audit(1115217178.127:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:klogd_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:33:23 localhost kernel: audit(1115217178.127:0): avc:
denied { write } for name=log dev=tmpfs ino=6865
scontext=system_u:system_r:klogd_t tcontext=system_u:object_r:tmpfs_t
tclass=sock_file
May 4 07:33:23 localhost kernel: audit(1115217198.206:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:cardmgr_t
tcontext=system_u:object_r:tmpfs_t tclass=dir
May 4 07:33:23 localhost kernel: audit(1115217198.206:0): avc:
denied { write } for name=log dev=tmpfs ino=6865
scontext=system_u:system_r:cardmgr_t
tcontext=system_u:object_r:tmpfs_t tclass=sock_file
May 4 07:33:23 localhost kernel: audit(1115217200.530:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:33:23 localhost kernel: audit(1115217200.530:0): avc:
denied { write } for name=log dev=tmpfs ino=6865
scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t
tclass=sock_file
May 4 07:33:23 localhost kernel: audit(1115217200.821:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:33:23 localhost kernel: audit(1115217202.856:0): avc:
denied { read } for name=config dev=dm-0 ino=1275872
scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:selinux_config_t tclass=file
May 4 07:33:23 localhost kernel: audit(1115217202.856:0): avc:
denied { getattr } for path=/etc/selinux/config dev=dm-0 ino=1275872
scontext=system_u:system_r:dhcpc_t
tcontext=system_u:object_r:selinux_config_t tclass=file
May 4 07:33:29 localhost kernel: audit(1115217209.362:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:portmap_t
tcontext=system_u:object_r:tmpfs_t tclass=dir
May 4 07:33:29 localhost kernel: audit(1115217209.580:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:rpcd_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:33:29 localhost kernel: audit(1115217209.581:0): avc:
denied { write } for name=log dev=tmpfs ino=6865
scontext=system_u:system_r:rpcd_t tcontext=system_u:object_r:tmpfs_t
tclass=sock_file
May 4 07:33:31 localhost kernel: audit(1115217211.468:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:howl_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:33:36 localhost kernel: audit(1115217216.843:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:cupsd_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:33:39 localhost kernel: audit(1115217219.784:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:ntpd_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:33:39 localhost kernel: audit(1115217219.784:0): avc:
denied { write } for name=log dev=tmpfs ino=6865
scontext=system_u:system_r:ntpd_t tcontext=system_u:object_r:tmpfs_t
tclass=sock_file
May 4 07:33:41 localhost kernel: audit(1115217221.632:0): avc:
denied { read } for name=fd dev=tmpfs ino=2839
scontext=system_u:system_r:cupsd_t tcontext=system_u:object_r:tmpfs_t
tclass=lnk_file
May 4 07:34:00 localhost kernel: audit(1115217240.363:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:tmpfs_t tclass=dir
May 4 07:34:01 localhost kernel: audit(1115217241.339:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:tmpfs_t tclass=dir
May 4 07:34:02 localhost kernel: audit(1115217242.433:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:34:04 localhost kernel: audit(1115217244.727:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:tmpfs_t tclass=dir
May 4 07:34:04 localhost kernel: audit(1115217244.727:0): avc:
denied { write } for name=log dev=tmpfs ino=6865
scontext=system_u:system_r:updfstab_t
tcontext=system_u:object_r:tmpfs_t tclass=sock_file
May 4 07:34:09 localhost kernel: audit(1115217249.960:0): avc:
denied { read } for name=mapper dev=tmpfs ino=3919
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:34:09 localhost kernel: audit(1115217249.960:0): avc:
denied { getattr } for path=/dev/mapper dev=tmpfs ino=3919
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:34:09 localhost kernel: audit(1115217249.960:0): avc:
denied { getattr } for path=/dev/mapper/VolGroup00-LogVol01
dev=tmpfs ino=6444 scontext=system_u:system_r:hald_t
tcontext=system_u:object_r:tmpfs_t tclass=blk_file
May 4 07:34:10 localhost kernel: audit(1115217250.223:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:getty_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:34:12 localhost kernel: audit(1115217252.745:0): avc:
denied { search } for name=rhgb dev=dm-0 ino=1277513
scontext=system_u:system_r:init_t tcontext=system_u:object_r:mnt_t
tclass=dir
May 4 07:34:39 localhost kernel: audit(1115217279.531:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:hald_t tcontext=system_u:object_r:tmpfs_t
tclass=dir
May 4 07:35:00 localhost dbus: avc: denied { send_msg } for
msgtype=method_call interface=com.redhat.CupsDriverConfig
member=MatchDriver dest=com.redhat.CupsDriverConfig spid=3570
tpid=3058 scontext=user_u:system_r:unconfined_t
tcontext=system_u:system_r:cupsd_config_t tclass=dbus
May 4 07:35:00 localhost kernel: audit(1115217300.770:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:tmpfs_t tclass=dir
May 4 07:35:00 localhost kernel: audit(1115217300.770:0): avc:
denied { write } for name=log dev=tmpfs ino=6865
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:tmpfs_t tclass=sock_file
May 4 07:35:00 localhost kernel: audit(1115217300.771:0): avc:
denied { search } for name=/ dev=tmpfs ino=2832
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:tmpfs_t tclass=dir
May 4 07:35:34 localhost kernel: audit(1115217334.071:0): avc:
denied { write } for name=cache dev=dm-0 ino=2142136
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:var_t tclass=dir
May 4 07:35:34 localhost kernel: audit(1115217334.071:0): avc:
denied { add_name } for name=foomatic
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:var_t tclass=dir
May 4 07:35:34 localhost kernel: audit(1115217334.071:0): avc:
denied { create } for name=foomatic
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:var_t tclass=dir
May 4 07:35:34 localhost kernel: audit(1115217334.071:0): avc:
denied { create } for name=printconf.pickle
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:var_t tclass=file
May 4 07:35:34 localhost kernel: audit(1115217334.071:0): avc:
denied { getattr } for path=/var/cache/foomatic/printconf.pickle
dev=dm-0 ino=2158741 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:var_t tclass=file
May 4 07:35:34 localhost kernel: audit(1115217334.072:0): avc:
denied { write } for path=/var/cache/foomatic/printconf.pickle
dev=dm-0 ino=2158741 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:var_t tclass=file
May 4 07:35:34 localhost dbus: avc: denied { send_msg } for
msgtype=method_return dest=:1.5 spid=3058 tpid=3570
scontext=system_u:system_r:cupsd_config_t
tcontext=user_u:system_r:unconfined_t tclass=dbus
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
