rhgb and /usr

Tom London <selinux@xxxxxxxxx> · Sat, 21 May 2005 14:03:25 -0700

Running strict/enforcing, today's rawhide.

Booting, get these avc from rhgb:
May 21 13:06:45 fedora smartd[2314]: Device: /dev/hda, opened
May 21 13:06:45 fedora kernel: SELinux: initialized (dev ramfs, type
ramfs), uses genfs_contexts
May 21 13:06:45 fedora kernel: audit(1116680781.182:0): avc:  denied 
{ read } for  name=index.theme dev=hda2 ino=4523023
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:usr_t
tclass=file
May 21 13:06:45 fedora kernel: audit(1116680781.513:0): avc:  denied 
{ getattr } for  path="/usr/share/themes/Clearlooks/gtk-2.0/gtkrc"
dev=hda2 ino=4592143 scontext=system_u:system_r:rhgb_t
tcontext=system_u:object_r:usr_t tclass=file
May 21 13:06:45 fedora kernel: audit(1116680781.687:0): avc:  denied 
{ read } for  name=large-computer.png dev=hda2 ino=4126600
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:usr_t
tclass=file
May 21 13:06:45 fedora kernel: audit(1116680781.869:0): avc:  denied 
{ getattr } for  path="/usr/share/vte/termcap/xterm" dev=hda2
ino=4459308 scontext=system_u:system_r:rhgb_t
tcontext=system_u:object_r:usr_t tclass=file
May 21 13:06:45 fedora kernel: audit(1116680784.842:0): avc:  denied 
{ read } for  name=index.theme dev=hda2 ino=4523023
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:usr_t
tclass=file
May 21 13:06:45 fedora kernel: audit(1116680784.842:0): avc:  denied 
{ read } for  name=index.theme dev=hda2 ino=4523023
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:usr_t
tclass=file
May 21 13:06:45 fedora kernel: audit(1116680784.962:0): avc:  denied 
{ read } for  name=index.theme dev=hda2 ino=4523023
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:usr_t
tclass=file
May 21 13:06:45 fedora kernel: audit(1116680784.964:0): avc:  denied 
{ read } for  name=system-logo.png dev=hda2 ino=4112422
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:usr_t
tclass=file
May 21 13:06:45 fedora kernel: audit(1116680784.973:0): avc:  denied 
{ read } for  name=throbber-anim.png dev=hda2 ino=4114138
scontext=system_u:system_r:rhgb_t tcontext=system_u:object_r:usr_t
tclass=file

What's right here, dontaudit or allow?  (System appears to boot just fine.)

tom

-- 
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list