--- On Wed, 9/3/08, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
> Subject: Re: many avcs at startup, readahead and several others
> To: olivares14031@xxxxxxxxx, "For testers of Fedora Core development releases" <fedora-test-list@xxxxxxxxxx>
> Cc: "Tom London" <selinux@xxxxxxxxx>, fedora-selinux-list@xxxxxxxxxx
> Date: Wednesday, September 3, 2008, 10:14 AM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Antonio Olivares wrote:
> >
> >
> > --- On Tue, 9/2/08, Tom London
> <selinux@xxxxxxxxx> wrote:
> >
> >> I'm running
> selinux-policy-targeted-3.5.5-3.fc10.noarch
> >> and
> >> selinux-policy-3.5.5-3.fc10.noarch.
> >>
> >> and on my system ~/.pulse is:
> >> [tbl@tlondon ~]$ ls -ld .pulse
> >> drwx------ 2 tbl tbl 4096 2008-09-02 19:48 .pulse
> >> [tbl@tlondon ~]$ ls -ldZ .pulse
> >> drwx------ tbl tbl
> system_u:object_r:gnome_home_t:s0
> >> .pulse
> >> [tbl@tlondon ~]$
> >>
> >> On yours, it seems to be user_home_t.
> >>
> >> type=1400 audit(1220391480.206:24): avc: denied
> { setattr
> >> } for
> >> pid=3267 comm="npviewer.bin"
> >> name=".pulse" dev=dm-0 ino=7176200
> >>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> >> tcontext=unconfined_u:object_r:user_home_t:s0
> tclass=dir
> >>
> >> You running the same policy? Did you update from
> F9?
> >
> > [olivares@localhost ~]$ cat .selinux-policy.txt
> > selinux-policy-targeted-3.5.5-3.fc10.noarch
> > selinux-policy-3.5.5-3.fc10.noarch
> > [olivares@localhost ~]$ ls -ld .pulse
> > drwx------ 2 olivares olivares 4096 2008-09-03 07:00
> .pulse
> > [olivares@localhost ~]$ ls -ldZ .pulse
> > drwx------ olivares olivares
> system_u:object_r:gnome_home_t .pulse
> > [olivares@localhost ~]$
> >
> > I did a
> > # touch ./autorelabel; reboot
> >
> > and the denied avcs still appear :(. Wonder what is
> happening?
> >> tom
> >> --
> >> Tom London
> >
> >
> >
> >
> Which avc's still appear?
After applying today's updates,
[olivares@localhost ~]$ dmesg | grep 'avc'
type=1400 audit(1220475941.234:4): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
type=1400 audit(1220475941.235:5): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
type=1400 audit(1220475941.235:6): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
type=1400 audit(1220475942.150:7): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220475942.150:8): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220475942.155:9): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220475942.651:10): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220475968.477:11): avc: denied { write } for pid=1475 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
type=1400 audit(1220475969.949:12): avc: denied { write } for pid=1697 comm="ip" path="/0" dev=devpts ino=2 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
type=1400 audit(1220476005.919:13): avc: denied { search } for pid=1958 comm="pcscd" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_r:pcscd_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir
type=1400 audit(1220476026.870:14): avc: denied { search } for pid=2368 comm="python" name="hp" dev=dm-0 ino=28345940 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir
type=1400 audit(1220476026.972:15): avc: denied { execute } for pid=2417 comm="gdm" name="rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
type=1400 audit(1220476026.973:16): avc: denied { getattr } for pid=2417 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
type=1400 audit(1220476026.973:17): avc: denied { getattr } for pid=2417 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
type=1400 audit(1220476028.580:18): avc: denied { search } for pid=2449 comm="python" name="hp" dev=dm-0 ino=28345940 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir
[olivares@localhost ~]$
[olivares@localhost ~]$ uname -a
Linux localhost 2.6.27-0.297.rc5.git2.fc10.i686 #1 SMP Tue Sep 2 11:19:36 EDT 2008 i686 athlon i386 GNU/Linux
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
