Re: mknod problem still present denied avc's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Antonio Olivares wrote:

dmesg returns

audit(1181681041.681:4): avc:  denied  { add_name } for  pid=739 comm="mknod" name="slamr0" scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=dir

After I did this again

[olivares@localhost ~]$ su -
Password: [root@localhost ~]# grep insmod /var/log/audit/audit.log | audit2allow -M myinsmod 
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i myinsmod.pp

[root@localhost ~]# semodule -i myinsmod.pp
[root@localhost ~]# 
Selinux troubleshooter returned this:
avc: denied { write } for comm="mknod" dev=tmpfs egid=0 euid=0 exe="/bin/mknod" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="/" pid=2766 scontext=user_u:system_r:insmod_t:s0 sgid=0 subj=user_u:system_r:insmod_t:s0 suid=0 tclass=dir tcontext=system_u:object_r:device_t:s0 tty=pts0 uid=0
Yes you allowed add_name to the directory now it is complaing about the write. It is best to put the machine in permissive mode, Run the app to completion, then generate the policy and 
retest in enforcing mode.

setenforce 0
run test
grep insmod /var/log/audit/audit.log | audit2allow -M myinsmod
semodule -i myinsmod.pp
setenforce 1
run test

Policy RPM:  selinux-policy-2.6.4-8.fc7

Affected RPM Packages:  coreutils-6.9-2.fc7 [application]Policy RPM:  selinux-policy-2.6.4-12.fc7


How can I effectively fix this?

This is my /etc/modprobe.conf

[root@localhost Download]# cat /etc/modprobe.conf
alias eth0 8139too
alias scsi_hostadapter sata_via
alias scsi_hostadapter1 pata_via
alias snd-card-0 snd-via82xx
options snd-card-0 index=0 options snd-via82xx index=0 install slamr modprobe --ignore-install ungrab-winmodem ; modprobe --ignore-install slamr; test -e /dev/slamr0 || (/bin/mknod -m 660 /dev/slamr0 c 242 0 2>/dev/null && chgrp dialout /dev/slamr0) 
[root@localhost Download]#

Thanks,
Antonio
____________________________________________________________________________________ Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC 

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux