Re: AVC message problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 24 Oct 2005, Daniel J Walsh wrote:

> Tom Diehl wrote:
> > Hi all,
> >
> > Since upgrading to EL4-U2 I am getting the following avc messages in my logs:
> >
> > Oct 23 14:46:21 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for  scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus
> >
> > Can someone tell me how to go about fixing this, short of turning off selinux?
> >
> > (pocono pts13) # rpm -qa | grep selinux
> > libselinux-1.19.1-7
> > libselinux-1.19.1-7
> > selinux-policy-targeted-1.17.30-2.110
> > libselinux-devel-1.19.1-7
> > (pocono pts13) # rpm -qa dbus
> > dbus-0.22-12.EL.5
> > (pocono pts13) # uname -r
> > 2.6.9-22.ELsmp
> > (pocono pts13) #
> >
> > I get hundreds of these a day. I have tried relabeling but no change.
> >
> > The system arch is x86_64
> >
> Could you try

Yep

> 
> ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3/selinux-policy-targeted-*
> 
> We are moving to deliver an errata release of this policy.

I did the following:

(pocono pts18) # rpm -Fvh selinux-policy-targeted-1.17.30-2.117.noarch.rpm
Preparing...                ########################################### [100%]
   1:selinux-policy-targeted########################################### [100%]
(pocono pts18) #

And I got the following in the logs:

Oct 24 10:59:21 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for  scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus
Oct 24 10:59:31 pocono last message repeated 2 times
Oct 24 10:59:35 pocono kernel: security:  3 users, 4 roles, 354 types, 25 bools
Oct 24 10:59:35 pocono kernel: security:  55 classes, 21778 rules
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81 loginuid=-1 message=avc:  received policyload notice (seqno=1)
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81 loginuid=-1 message=avc:  4 AV entries and 4/512 buckets used, longest chain length 1
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=4252 uid=508 loginuid=-1 message=avc:  received policyload notice (seqno=1)
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=4252 uid=508 loginuid=-1 message=avc:  1 AV entries and 1/512 buckets used, longest chain length 1

So far no more avc messages. They were showing up every 5-15 seconds
before. It has been approx 5 minutes with no avc messages. 

Is there anything else I should be looking at?

Is there a bug for this?

Thank You for the help.

Regards,

Tom Diehl		tdiehl@xxxxxxxxxxxx		Spamtrap address mtd123@xxxxxxxxxxxx

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux