Anders Karlsson wrote:
Hi there,
I updated my system on the 26th, and after an involuntary restart this
evening, if I have SELinux enabled, xend will not start. The errors in the
logs are the following.
audit(1180381236.512:338): avc: denied { execute } for pid=7781
comm="python" name="bash" dev=dm-0 ino=1376288
scontext=user_u:system_r:xend_t:s0 tcontext=system_u:object_r:shell_exec_t:s0
tclass=file
audit(1180381236.664:339): avc: denied { execute } for pid=7793
comm="python" name="bash" dev=dm-0 ino=1376288
scontext=user_u:system_r:xend_t:s0 tcontext=system_u:object_r:shell_exec_t:s0
tclass=file
audit(1180381237.276:340): avc: denied { execute } for pid=7797
comm="python" name="bash" dev=dm-0 ino=1376288
scontext=user_u:system_r:xend_t:s0 tcontext=system_u:object_r:shell_exec_t:s0
tclass=file
I have run a "restorecon -R /" to attempt to correct this, but it makes no
difference.
The installed SELinux packages are:
libselinux.x86_64 1.33.4-2.fc6 installed
libselinux.i386 1.33.4-2.fc6 installed
libselinux-python.x86_64 1.33.4-2.fc6 installed
selinux-policy.noarch 2.4.6-69.fc6 installed
selinux-policy-targeted.noarch 2.4.6-69.fc6 installed
I have re-installed these, just in case, and rerun restorecon. Enabling
SELinux still gives the same errors.
I am no expert on SELinux (and I failed the RHS333 exam :-/ ) and I am a bit
stumped on this one. Does anyone have an idea what is wrong and what I can
try to resolve this?
I will update policy to allow this
2.4.6-74.fc6
, For now to make it work you by creating a local policy customization.
# grep xend /var/log/audit/audit.log | audit2allow -M myxen
# semodule -i myxen.pp
Thanks!
/Anders
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
