problems with /dev/slamr0, mknod/insmod

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear all,

On  a fedora 8 machine with clean install, deleted Fedora 6 and started fresh, I get a warning about insmod as I did with Fedora 7, on Fedora 7 the problem went away, but on Fedora 8, setroubleshoot will warm me more than it did before so I kindly ask for guidance as to how to generate policy to allow the /dev/slamr0 to run without problems with selinux.

avc: denied { setattr } for comm=chgrp dev=tmpfs egid=0 euid=0 exe=/bin/chgrp
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=slamr0 pid=1890
scontext=system_u:system_r:insmod_t:s0 sgid=0 subj=system_u:system_r:insmod_t:s0
suid=0 tclass=chr_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0


I'll attach the selinux-alert that I got and ask for guidance to resolve this issue. 

TIA,

Antonio 




      ____________________________________________________________________________________
Get easy, one-click access to your favorites. 
Make Yahoo! your homepage.
http://www.yahoo.com/r/hs 
Summary
    SELinux is preventing /bin/chgrp (insmod_t) "setattr" access to device
    <Unknown>.

Detailed Description
    SELinux has denied the /bin/chgrp (insmod_t) "setattr" access to device
    <Unknown>. <Unknown> is mislabeled, this device has the default label of the
    /dev directory, which should not happen.  All Character and/or Block Devices
    should have a label. You can attempt to change the label of the file using
    restorecon -v <Unknown>. If this device remains labeled device_t, then this
    is a bug in SELinux policy. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against the selinux-policy
    package. If you look at the other similar devices labels, ls -lZ
    /dev/SIMILAR, and find a type that would work for <Unknown>, you can use
    chcon -t SIMILAR_TYPE <Unknown>, If this fixes the problem, you can make
    this permanent by executing semanage fcontext -a -t SIMILAR_TYPE <Unknown>
    If the restorecon changes the context, this indicates that the application
    that created the device, created it without using SELinux APIs.  If you can
    figure out which application created the device, please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this application.

Allowing Access
    Attempt restorecon -v <Unknown> or chcon -t SIMILAR_TYPE <Unknown>

Additional Information        

Source Context                system_u:system_r:insmod_t:s0
Target Context                system_u:object_r:device_t:s0
Target Objects                None [ chr_file ]
Affected RPM Packages         coreutils-6.9-9.fc8 [application]
Policy RPM                    selinux-policy-3.0.8-44.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.device
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.23.1-42.fc8 #1 SMP
                              Tue Oct 30 13:55:12 EDT 2007 i686 athlon
Alert Count                   4
First Seen                    Sat 10 Nov 2007 09:04:49 AM CST
Last Seen                     Wed 14 Nov 2007 08:32:05 PM CST
Local ID                      a79654cc-dc0f-4b55-aea2-ae54353561a2
Line Numbers                  

Raw Audit Messages            

avc: denied { setattr } for comm=chgrp dev=tmpfs egid=0 euid=0 exe=/bin/chgrp
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=slamr0 pid=1890
scontext=system_u:system_r:insmod_t:s0 sgid=0 subj=system_u:system_r:insmod_t:s0
suid=0 tclass=chr_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux