On Wed, Feb 4, 2009 at 10:46 AM, Antonio Olivares
<olivares14031@xxxxxxxxx> wrote:
>
>
>
> --- On Wed, 2/4/09, Dominick Grift <domg472@xxxxxxxxx> wrote:
>
>> From: Dominick Grift <domg472@xxxxxxxxx>
>> Subject: Re: on machine with CPU -> 100%, lots of avc's
>> To: olivares14031@xxxxxxxxx
>> Cc: fedora-selinux-list@xxxxxxxxxx, fedora-test-list@xxxxxxxxxx
>> Date: Wednesday, February 4, 2009, 9:33 AM
>> Op woensdag 04-02-2009 om 08:39 uur [tijdzone -0800],
>> schreef Antonio
>> Olivares:
>>
>> > setroubleshooter does not kick in and I find these via
>> dmesg.
>> > Thanks for help/advice provided.
>>
>> Do you not have auditd enabled? Usually the avc denials are
>> in /var/log/audit/audit.log
>>
>> The avc denials are (most likely) due to missing policy.
>> You can pipe
>> them into the input stream of audit2why to confirm this.
>>
>> > --
>
>
> I wonder what is wrong auditd is not running :(, it is enabled via services, but it is not working:
>
> [olivares@localhost ~]$ su -
> Password:
> [root@localhost ~]# chkconfig auditd --list
> auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> [root@localhost ~]# service auditd status
> auditd is stopped
> [root@localhost ~]#
>
>
> Thanks,
>
> Antonio
>
Running "audit2allow -al" on a system booted with "enforcing=0" yields:
[root@tlondon ~]# audit2allow -al
#============= devicekit_power_t ==============
allow devicekit_power_t NetworkManager_t:dir search;
allow devicekit_power_t NetworkManager_t:file { read getattr open };
allow devicekit_power_t audisp_t:dir search;
allow devicekit_power_t audisp_t:file { read getattr open };
allow devicekit_power_t auditd_t:dir search;
allow devicekit_power_t auditd_t:file { read getattr open };
allow devicekit_power_t avahi_t:dir search;
allow devicekit_power_t avahi_t:file { read getattr open };
allow devicekit_power_t crond_t:dir search;
allow devicekit_power_t crond_t:file { read getattr open };
allow devicekit_power_t cupsd_t:dir search;
allow devicekit_power_t cupsd_t:file { read getattr open };
allow devicekit_power_t dhcpc_t:dir search;
allow devicekit_power_t dhcpc_t:file { read getattr open };
allow devicekit_power_t hald_t:dir search;
allow devicekit_power_t hald_t:file { read getattr open };
allow devicekit_power_t kernel_t:dir search;
allow devicekit_power_t kernel_t:file { read getattr open };
allow devicekit_power_t kerneloops_t:dir search;
allow devicekit_power_t kerneloops_t:file { read getattr open };
allow devicekit_power_t nscd_t:dir search;
allow devicekit_power_t nscd_t:file { read getattr open };
allow devicekit_power_t ntpd_t:dir search;
allow devicekit_power_t ntpd_t:file { read getattr open };
allow devicekit_power_t proc_t:file { write read getattr open };
allow devicekit_power_t rpcbind_t:dir search;
allow devicekit_power_t rpcbind_t:file { read getattr open };
allow devicekit_power_t rpm_t:dir search;
allow devicekit_power_t rpm_t:file { read getattr open };
allow devicekit_power_t sendmail_t:dir search;
allow devicekit_power_t sendmail_t:file { read getattr open };
allow devicekit_power_t unconfined_dbusd_t:dir search;
allow devicekit_power_t unconfined_dbusd_t:file { read getattr open };
allow devicekit_power_t xdm_t:dir search;
allow devicekit_power_t xdm_t:file { read getattr open };
allow devicekit_power_t xserver_t:dir search;
allow devicekit_power_t xserver_t:file { read getattr open };
#============= devicekit_t ==============
allow devicekit_t udev_tbl_t:file { read getattr open };
[root@tlondon ~]#
tom
[BTW, SELinux/permissive mode appears to have no impact on the Xorg
issue. Still at >90%....]
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
