Dear all, On a fedora 8 machine with clean install, deleted Fedora 6 and started fresh, I get a warning about insmod as I did with Fedora 7, on Fedora 7 the problem went away, but on Fedora 8, setroubleshoot will warm me more than it did before so I kindly ask for guidance as to how to generate policy to allow the /dev/slamr0 to run without problems with selinux. avc: denied { setattr } for comm=chgrp dev=tmpfs egid=0 euid=0 exe=/bin/chgrp exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=slamr0 pid=1890 scontext=system_u:system_r:insmod_t:s0 sgid=0 subj=system_u:system_r:insmod_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0 I'll attach the selinux-alert that I got and ask for guidance to resolve this issue. TIA, Antonio ____________________________________________________________________________________ Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs
Summary SELinux is preventing /bin/chgrp (insmod_t) "setattr" access to device <Unknown>. Detailed Description SELinux has denied the /bin/chgrp (insmod_t) "setattr" access to device <Unknown>. <Unknown> is mislabeled, this device has the default label of the /dev directory, which should not happen. All Character and/or Block Devices should have a label. You can attempt to change the label of the file using restorecon -v <Unknown>. If this device remains labeled device_t, then this is a bug in SELinux policy. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against the selinux-policy package. If you look at the other similar devices labels, ls -lZ /dev/SIMILAR, and find a type that would work for <Unknown>, you can use chcon -t SIMILAR_TYPE <Unknown>, If this fixes the problem, you can make this permanent by executing semanage fcontext -a -t SIMILAR_TYPE <Unknown> If the restorecon changes the context, this indicates that the application that created the device, created it without using SELinux APIs. If you can figure out which application created the device, please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this application. Allowing Access Attempt restorecon -v <Unknown> or chcon -t SIMILAR_TYPE <Unknown> Additional Information Source Context system_u:system_r:insmod_t:s0 Target Context system_u:object_r:device_t:s0 Target Objects None [ chr_file ] Affected RPM Packages coreutils-6.9-9.fc8 [application] Policy RPM selinux-policy-3.0.8-44.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.device Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.23.1-42.fc8 #1 SMP Tue Oct 30 13:55:12 EDT 2007 i686 athlon Alert Count 4 First Seen Sat 10 Nov 2007 09:04:49 AM CST Last Seen Wed 14 Nov 2007 08:32:05 PM CST Local ID a79654cc-dc0f-4b55-aea2-ae54353561a2 Line Numbers Raw Audit Messages avc: denied { setattr } for comm=chgrp dev=tmpfs egid=0 euid=0 exe=/bin/chgrp exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=slamr0 pid=1890 scontext=system_u:system_r:insmod_t:s0 sgid=0 subj=system_u:system_r:insmod_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list