On Wed, 2005-07-13 at 15:23 +0100, Ruth Ivimey-Cook wrote: > Thanks. I wondered if it was in initramfs, but it's hard to check. Is there > anything I can do to shut it up? Looks like there is already a dontaudit rule in init.te for file descriptors inherited from the rootfs, but that dontaudit rule only deals with the file checks, not the descriptor use check. So I'd add: dontaudit init_t kernel_t:fd use; But I also see that init_t is unconfined in targeted policy (unlike strict), so that would mean that /sbin/init is being allowed to inherit the descriptor, so it is then passed along to all of its children. Which means you'd have to essentially dontaudit it for all domains to suppress, e.g. dontaudit domain kernel_t:fd use; Regardless, it should be bracketed with some ifdef, e.g. hide_broken_symptoms, because this does reflect a base kernel bug (not a bug in SELinux, but descriptor leakage by the base kernel) that needs to be fixed. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
