Dnia 03/14/2006 05:49 PM, Użytkownik Daniel J Walsh napisał:
Try
ftp://people.redhat.com/dwalsh/SELinux/FC4/selinux-policy-targeted-1.27.1-2.26.noarch.rpm
These AVC messages are gone but it still does not work. You can revert
these changes.
Aghh, silly me. I've noticed now that auditd is turned
on _after_ swap space is being enabled. In /var/log/dmesg I've found
this:
Adding 538136k swap on /dev/hda7. Priority:-1 extents:1 across:538136k
audit(1142356803.783:2): avc: denied { read } for pid=1412
comm="swapon" name="swapfile" dev=hda5 ino=881811
scontext=system_u:system_r:fsadm_t tcontext=root:object_r:swapfile_t
tclass=file
SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses
genfs_contexts
I've also noticed this on shutdown (I had to manually retype it from
screen):
Turning off swap: audit(1142357488.022:25): avc: denied { read write}
for pid=3408 comm="swapoff" name="swapfile" dev=hda5 ino=881811
scontext=system_u:system_r:fsadm_t tcontext=root:object_t:swapfile_t
tclass=file
audit(some numbers): arch=40000003 syscall=115 success=no exit=-13
a0=952e390 a1=952e39c a2=bfb1f3cc a3=fbfb1feee items=1 pid=3407
audit=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="swapoff" exe="/sbin/swapoff"
audit(some numbers): cwd=/"
audit(some numbers): item=0 name="/var/swapfile" flags=101 inode=881811
dev=03:05 mode=0100600 ouid=0 ogid=0 rdev=00:00
swapoff: /var/swapfile: Permission denied
[ FAILED ]
Hope that helps.
--
^_*
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
