Felipe Alfaro Solana wrote:
Hello,
I'm running Fedora Core RawHhide and I'm seeing lots of SELinux AVCs
during boot, related to my swap stored in a LVM volume:
audit(1130670344.636:4): avc: denied { read } for pid=919
comm="restorecon" name="VolGroup00-Swap" dev=tmpfs ino=653
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1130670345.668:5): avc: denied { use } for pid=932
comm="fsck" name="VolGroup00-Swap" dev=tmpfs ino=653
scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
audit(1130670345.952:6): avc: denied { read } for pid=940
comm="restorecon" name="VolGroup00-Swap" dev=tmpfs ino=653
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1130670346.092:7): avc: denied { read } for pid=941
comm="restorecon" name="VolGroup00-Swap" dev=tmpfs ino=653
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
Attached to this message you will find "dmesg" which stores the dmesg
kernel ring which results after booting into runlevel 5.
Any ideas?
Thanks!
The fd:use and blk_file read is caused by a kernel bug. Basically the
kernel is leaking open file descriptors to subprocesses and SELinux is
preventing access to these leaked file descriptors. This is a good
thing, since these processes could gain would be able to manipulate
these file descriptors. SELinux is great at detecting and preventing
this type of problem. This has been reported to bugsilla. Reviewing
you dmesg file also reveals that you have blkid.tab labeled incorrectly.
restorecon /etc/blkid.tab*
will fix this.
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
