Re: selinux denies dmesg

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2008-10-16 at 15:27 -0700, Antonio Olivares wrote:
> Dear fellow selinux experts,
> 
> After recovering from a kernel panic to check up on the filesystem, I run dmesg and I encounter some avc's
> 
> [olivares@riohigh ~]$ dmesg | grep avc
> type=1400 audit(1224195506.669:4): avc:  denied  { sys_resource } for  pid=1534 comm="dmesg" capability=24 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:dmesg_t:s0 tclass=capability
> type=1400 audit(1224195506.669:5): avc:  denied  { sys_resource } for  pid=1534 comm="dmesg" capability=24 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:dmesg_t:s0 tclass=capability
> type=1400 audit(1224195506.669:6): avc:  denied  { sys_resource } for  pid=1534 comm="dmesg" capability=24 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:dmesg_t:s0 tclass=capability
> type=1400 audit(1224195506.669:7): avc:  denied  { sys_resource } for  pid=1534 comm="dmesg" capability=24 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:dmesg_t:s0 tclass=capability
> type=1400 audit(1224195506.670:8): avc:  denied  { sys_resource } for  pid=1534 comm="dmesg" capability=24 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:dmesg_t:s0 tclass=capability
> type=1400 audit(1224195506.670:9): avc:  denied  { sys_resource } for  pid=1534 comm="dmesg" capability=24 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:dmesg_t:s0 tclass=capability
> type=1400 audit(1224195506.670:10): avc:  denied  { sys_resource } for  pid=1534 comm="dmesg" capability=24 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:dmesg_t:s0 tclass=capability
> type=1400 audit(1224195506.670:11): avc:  denied  { sys_resource } for  pid=1534 comm="dmesg" capability=24 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:dmesg_t:s0 tclass=capability
> type=1400 audit(1224195506.670:12): avc:  denied  { sys_resource } for  pid=1534 comm="dmesg" capability=24 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:dmesg_t:s0 tclass=capability
> type=1400 audit(1224195506.670:13): avc:  denied  { sys_resource } for  pid=1534 comm="dmesg" capability=24 scontext=system_u:system_r:dmesg_t:s0 tcontext=system_u:system_r:dmesg_t:s0 tclass=capability
> 
> 
> I have just updated to a newer kernel 2.6.27-13 and new selinux policy updates :)
> 
> [olivares@riohigh ~]$ rpm -qa selinux*
> selinux-policy-3.5.12-2.fc10.noarch
> selinux-policy-targeted-3.5.12-2.fc10.noarch
> [olivares@riohigh ~]$ 
> 
> 
> What do I do?

Enable syscall auditing and find out what syscall triggered the
CAP_SYS_RESOURCE check.

-- 
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux