Re: alot of selinux messages after todays rawhide update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Stephen Smalley <sds@xxxxxxxxxxxxx>
To: Jason Dravet <dravet@xxxxxxxxxxx>
CC: James Morris <jmorris@xxxxxxxxx>, fedora-selinux-list@xxxxxxxxxx
Subject: Re: alot of selinux messages after todays rawhide update
Date: Fri, 21 Oct 2005 07:56:34 -0400

On Thu, 2005-10-20 at 16:19 -0500, Jason Dravet wrote:
> After updating my system to todays rawhide I see alot selinux related
> messages.  I am running selinux-policy-targeted-1.27.1-21.  I see these
> messages during boot and shutdown. I did a touch /autorelabel and reboot to > see if things got better but they remained the same. The first and third 
> messages (hwclock and fsck) have me concerned the most.  Here are the
> messages:
>
> Oct 20 15:52:47 pcjason kernel: audit(1129823524.869:2): avc: denied { use > } for pid=417 comm="hwclock" name="VolGroup00-LogVol01" dev=tmpfs ino=760 
> scontext=system_u:system_r:hwclock_t:s0
> tcontext=system_u:system_r:kernel_t:s0 tclass=fd
>
> Oct 20 15:52:50 pcjason kernel: audit(1129841541.911:3): avc:  denied  {
> read } for pid=1164 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs 
> ino=760 scontext=system_u:system_r:restorecon_t:s0
> tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

This means that the kernel (or early userspace prior to initial policy
load) is leaking a descriptor to that device to all descendants.
SELinux is then correctly denying access to the descriptor and device
and closing it on each domain transition.  Someone needs to track down
the offending entity that is leaking the descriptor and fix it.  In the
absence of SELinux, this kind of bug would likely never be noticed
(unless some program tried using the inherited descriptor for some
reason).

--
Stephen Smalley
National Security Agency
Thank you for the information. It was informative. How do you suggest one track down the offending process? Please keep in mind I am not a kernel programmer, but I would like to help if I can. Should I open a bugzilla entry? If so what package should these messages be reported too? 

Thanks,
Jason Dravet


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux