Tom London wrote:
Running latest rawhide, targeted/enforcing. See the following when running xen enabled kernel, xenguest-install, ... type=AVC msg=audit(1157437064.863:54): avc: denied { search } for pid=3123 comm="python" name="root" dev=dm-0 ino=2883585 scontext=system_u:system_r:xend_t:s0 tcontext=root:object_r:user_home_dir_t:s0 tclass=dir type=SYSCALL msg=audit(1157437064.863:54): arch=40000003 syscall=33 success=no exit=-13 a0=8ed9a00 a1=4 a2=474c48e4 a3=b711fa4c items=0 ppid=2789 pid=3123 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python" subj=system_u:system_r:xend_t:s0 key=(null) type=ANOM_PROMISCUOUS msg=audit(1157437099.990:55): dev=vif7.0 prom=256 old_prom=0 auid=4294967295 type=SYSCALL msg=audit(1157437099.990:55): arch=40000003 syscall=54 success=yes exit=0 a0=3 a1=89a2 a2=bf9ab5e0 a3=1 items=0 ppid=5236 pid=5319 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="brctl" exe="/usr/sbin/brctl" subj=system_u:system_r:udev_t:s0-s0:c0.c255 key=(null) type=AVC msg=audit(1157437100.910:56): avc: denied { name_bind } for pid=5238 comm="xen-vncfb" src=5900 scontext=system_u:system_r:xend_t:s0 tcontext=system_u:object_r:vnc_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1157437100.910:56): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bfdc5d00 a2=5 a3=bfdc5d2c items=0 ppid=2792 pid=5238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="xen-vncfb" exe="/usr/lib/xen/bin/xen-vncfb" subj=system_u:system_r:xend_t:s0 key=(null) Xen an interesting case here, or should I defer reporting such....
No we want all errors, thanks.
tom
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list