Dominick Grift wrote: > On 03/04/2010 06:47 PM, Temlakos wrote: > > >> Well, before I use audit2allow, I'll first want to know how to turn that >> off. Anyway, here's the output, after I un-hid the alerts: >> >> > > I do not see any AVC denials that i think are related. > > Does the app work in permissive mode. If it does, than that confirmes > that this is a issue of SELinux > > If the app does not work in permissive mode, than this suggests that > this issue is not related to SELinux. > > If it is related to SELinux: > > 1. semodule -DB to unload hidden denials. > 2. Run the app to reproduce the issue. > 3. see /var/log/audit/audit.log for clues. > > (The AVC denials that you have enclosed, to me do not show anything that > i think are related) > > Well, they must be related--because when I put SELinux into Permissive mode for the current session, the installation went through. Now I have it back on Enforcing mode, and TweetDeck still runs exactly as it should. So the installation created an issue, but the application, once installed, creates none. Anyway--in case I have to use that installer again, as I think I might, I'd like to have somebody go over those alerts--because they /have/ to be related, somehow. Here they are again: > [root@temlakosbeta temlakos]# semodule -DB > [root@temlakosbeta temlakos]# ausearch -m avc -ts today > ---- > time->Thu Mar 4 12:39:11 2010 > type=SYSCALL msg=audit(1267724351.038:22518): arch=40000003 syscall=5 > success=no exit=-13 a0=1387d20 a1=98800 a2=c93ff4 a3=1387d20 items=0 > ppid=1 pid=1545 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dbus-daemon" > exe="/bin/dbus-daemon" > subj=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 key=(null) > type=AVC msg=audit(1267724351.038:22518): avc: denied { search } > for pid=1545 comm="dbus-daemon" name="root" dev=dm-0 ino=106497 > scontext=system_u:system_r:xdm_dbusd_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:admin_home_t:s0 tclass=dir > ---- > time->Thu Mar 4 12:39:11 2010 > type=SYSCALL msg=audit(1267724351.050:22520): arch=40000003 syscall=11 > success=yes exit=0 a0=12c2778 a1=746ae28 a2=0 a3=0 items=0 ppid=5873 > pid=5879 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 > fsgid=0 tty=pts1 ses=1 comm="setfiles" exe="/sbin/setfiles" > subj=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 key=(null) > type=AVC msg=audit(1267724351.050:22520): avc: denied { noatsecure } > for pid=5879 comm="setfiles" > scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 > tclass=process > type=AVC msg=audit(1267724351.050:22520): avc: denied { siginh } > for pid=5879 comm="setfiles" > scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 > tclass=process > type=AVC msg=audit(1267724351.050:22520): avc: denied { rlimitinh } > for pid=5879 comm="setfiles" > scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 > tcontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 > tclass=process > ---- > time->Thu Mar 4 12:39:11 2010 > type=SYSCALL msg=audit(1267724351.052:22521): arch=40000003 syscall=11 > success=yes exit=0 a0=9f05c30 a1=9f055a8 a2=9f05008 a3=9f081e8 items=0 > ppid=5877 pid=5878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" > exe="/usr/bin/python" > subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null) > type=AVC msg=audit(1267724351.052:22521): avc: denied { noatsecure } > for pid=5878 comm="setroubleshootd" > scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process > type=AVC msg=audit(1267724351.052:22521): avc: denied { siginh } > for pid=5878 comm="setroubleshootd" > scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process > type=AVC msg=audit(1267724351.052:22521): avc: denied { rlimitinh } > for pid=5878 comm="setroubleshootd" > scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 > tcontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tclass=process > ---- > time->Thu Mar 4 12:39:11 2010 > type=SYSCALL msg=audit(1267724351.227:22522): arch=40000003 syscall=33 > success=no exit=-13 a0=9868e90 a1=2 a2=60f900 a3=9809c00 items=0 > ppid=5877 pid=5878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" > exe="/usr/bin/python" > subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null) > type=AVC msg=audit(1267724351.227:22522): avc: denied { write } for > pid=5878 comm="setroubleshootd" name="rpm" dev=dm-0 ino=32769 > scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir > ---- > time->Thu Mar 4 12:39:11 2010 > type=SYSCALL msg=audit(1267724351.229:22523): arch=40000003 syscall=33 > success=no exit=-13 a0=9898478 a1=2 a2=60f900 a3=9854390 items=0 > ppid=5877 pid=5878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="setroubleshootd" > exe="/usr/bin/python" > subj=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 key=(null) > type=AVC msg=audit(1267724351.229:22523): avc: denied { write } for > pid=5878 comm="setroubleshootd" name="rpm" dev=dm-0 ino=32769 > scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:rpm_var_lib_t:s0 tclass=dir > [root@temlakosbeta temlakos]# Temlakos -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux