On Tue, Jun 1, 2010 at 6:07 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/01/2010 06:01 AM, Frank Murphy wrote:
>> Is following anything to worry about, no alerts once on Desktop.
>> ------------------------------------------------------------------
>> dracut: Loading SELinux policy
>> --snip--
>> SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
>> type=1403 audit(1275384894.833:3): policy loaded auid=4294967295
>> ses=4294967295
>> dracut: Switching root
>> type=1400 audit(1275384895.605:4): avc: denied { read write } for
>> pid=571 comm="hostname" path="/dev/console" dev=devtmpfs ino=5569
>> scontext=system_u:system_r:hostname_t:s0
>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>> type=1400 audit(1275384895.607:5): avc: denied { read write } for
>> pid=571 comm="hostname" path="/dev/console" dev=devtmpfs ino=5569
>> scontext=system_u:system_r:hostname_t:s0
>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>> type=1400 audit(1275384895.682:6): avc: denied { read write } for
>> pid=575 comm="consoletype" path="/dev/null" dev=devtmpfs ino=4055
>> scontext=system_u:system_r:consoletype_t:s0
>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>> type=1400 audit(1275384895.682:7): avc: denied { read write } for
>> pid=574 comm="consoletype" path="/dev/console" dev=devtmpfs ino=5569
>> scontext=system_u:system_r:consoletype_t:s0
>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>> type=1400 audit(1275384895.685:8): avc: denied { read write } for
>> pid=574 comm="consoletype" path="/dev/console" dev=devtmpfs ino=5569
>> scontext=system_u:system_r:consoletype_t:s0
>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>> type=1400 audit(1275384895.685:9): avc: denied { read write } for
>> pid=575 comm="consoletype" path="/dev/null" dev=devtmpfs ino=4055
>> scontext=system_u:system_r:consoletype_t:s0
>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>> type=1400 audit(1275384895.859:10): avc: denied { open } for pid=576
>> comm="mount" name="null" dev=devtmpfs ino=4055
>> scontext=system_u:system_r:mount_t:s0
>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>> type=1400 audit(1275384895.862:11): avc: denied { read write } for
>> pid=578 comm="consoletype" path="/dev/console" dev=devtmpfs ino=5569
>> scontext=system_u:system_r:consoletype_t:s0
>> tcontext=system_u:object_r:device_t:s0 tclass=chr_file
>>
> No bug a bug should be opened. Dracut should be relabeling the /dev
> directory immediately after loading policy, in order to fix the labels
> of all devices created before the load.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkwFBfkACgkQrlYvE4MpobNz8ACghdgSJ4A/H2Yp5wqOFKj816ou
> SdkAnRDitotAI2hlszbfMuNKilT9oUsb
> =OCoE
> -----END PGP SIGNATURE-----
I've opened this BZ on dracut for this:
https://bugzilla.redhat.com/show_bug.cgi?id=598475
tom
--
Tom London
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
