Rawhide mls avcs on boot

Joe Nall <joe@xxxxxxxx> · Thu, 6 Mar 2008 12:09:38 -0600

rawhide mls (selinux-policy-3.3.1-11) has a number of these avcs in / 
var/log/messages on boot

Mar  6 10:00:01 xw4100 kernel: type=1400 audit(1204819180.560:5):  
avc:  denied  { unmount } for  pid=1 comm="init"  
scontext=system_u:system_r:kernel_t:s15:c0.c1023  
tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem
Mar  6 10:00:01 xw4100 kernel: type=1400 audit(1204819180.560:6):  
avc:  denied  { unmount } for  pid=1 comm="init"  
scontext=system_u:system_r:kernel_t:s15:c0.c1023  
tcontext=system_u:object_r:proc_t:s0 tclass=filesystem
Mar  6 10:00:01 xw4100 kernel: type=1400 audit(1204819180.561:7):  
avc:  denied  { unmount } for  pid=1 comm="init"  
scontext=system_u:system_r:kernel_t:s15:c0.c1023  
tcontext=system_u:object_r:sysfs_t:s0 tclass=filesystem

is adding

allow kernel_t proc_t:filesystem unmount;
allow kernel_t sysfs_t:filesystem unmount;
allow kernel_t tmpfs_t:filesystem unmount;

to kernel.te the correct fix for this?

joe

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list