On Wed, 2008-06-04 at 00:29 -0600, Carlos Chavez wrote:
> Hi Eric.
> I think so.
>
> cat /var/log/messages | grep denied
> cat /var/log/messages | grep avc
>
> any command show no output and
>
> ausearch -m AVC
>
> show this:
> ----
> time->Tue Jun 3 23:39:03 2008
>
> type=SYSCALL msg=audit(1212557943.344:16): arch=40000003 syscall=11 success=yes exit=0 a0=9872498 a1=9870c50 a2=9870af0 a3=0 items=0 ppid=2878 pid=2879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="NetworkManager" exe="/usr/sbin/NetworkManager" subj=unconfined_u:system_r:NetworkManager_t:s0 key=(null)
>
> type=AVC msg=audit(1212557943.344:16): avc: denied { read write } for pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.data" dev=dm-0 ino=8356254 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
>
> type=AVC msg=audit(1212557943.344:16): avc: denied { read write } for pid=2879 comm="NetworkManager" path="/var/tmp/kdecache-cchavez/kpc/kde-icon-cache.index" dev=dm-0 ino=8356253 scontext=unconfined_u:system_r:NetworkManager_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file
>
> that messages was when a restart the NetworkManager as root on a
> shell.
>
> Cheers.
> Carlos Chávez.
Huh... If you system is new enough to support it, can you try
semodule -DB
and then reboot
after it comes up and fails give us the output of ausearch -m AVC
again...
-Eric
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
