On Wed, Sep 3, 2008 at 2:14 PM, Antonio Olivares
<olivares14031@xxxxxxxxx> wrote:
>
>
>
> --- On Wed, 9/3/08, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
>
>> From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
>> Subject: Re: many avcs at startup, readahead and several others
>> To: olivares14031@xxxxxxxxx, "For testers of Fedora Core development releases" <fedora-test-list@xxxxxxxxxx>
>> Cc: "Tom London" <selinux@xxxxxxxxx>, fedora-selinux-list@xxxxxxxxxx
>> Date: Wednesday, September 3, 2008, 10:14 AM
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Antonio Olivares wrote:
>> >
>> >
>> > --- On Tue, 9/2/08, Tom London
>> <selinux@xxxxxxxxx> wrote:
>> >
>> >> I'm running
>> selinux-policy-targeted-3.5.5-3.fc10.noarch
>> >> and
>> >> selinux-policy-3.5.5-3.fc10.noarch.
>> >>
>> >> and on my system ~/.pulse is:
>> >> [tbl@tlondon ~]$ ls -ld .pulse
>> >> drwx------ 2 tbl tbl 4096 2008-09-02 19:48 .pulse
>> >> [tbl@tlondon ~]$ ls -ldZ .pulse
>> >> drwx------ tbl tbl
>> system_u:object_r:gnome_home_t:s0
>> >> .pulse
>> >> [tbl@tlondon ~]$
>> >>
>> >> On yours, it seems to be user_home_t.
>> >>
>> >> type=1400 audit(1220391480.206:24): avc: denied
>> { setattr
>> >> } for
>> >> pid=3267 comm="npviewer.bin"
>> >> name=".pulse" dev=dm-0 ino=7176200
>> >>
>> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
>> >> tcontext=unconfined_u:object_r:user_home_t:s0
>> tclass=dir
>> >>
>> >> You running the same policy? Did you update from
>> F9?
>> >
>> > [olivares@localhost ~]$ cat .selinux-policy.txt
>> > selinux-policy-targeted-3.5.5-3.fc10.noarch
>> > selinux-policy-3.5.5-3.fc10.noarch
>> > [olivares@localhost ~]$ ls -ld .pulse
>> > drwx------ 2 olivares olivares 4096 2008-09-03 07:00
>> .pulse
>> > [olivares@localhost ~]$ ls -ldZ .pulse
>> > drwx------ olivares olivares
>> system_u:object_r:gnome_home_t .pulse
>> > [olivares@localhost ~]$
>> >
>> > I did a
>> > # touch ./autorelabel; reboot
>> >
>> > and the denied avcs still appear :(. Wonder what is
>> happening?
>> >> tom
>> >> --
>> >> Tom London
>> >
>> >
>> >
>> >
>> Which avc's still appear?
>
>
> After applying today's updates,
>
> [olivares@localhost ~]$ dmesg | grep 'avc'
> type=1400 audit(1220475941.234:4): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220475941.235:5): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220475941.235:6): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220475942.150:7): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475942.150:8): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475942.155:9): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475942.651:10): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475968.477:11): avc: denied { write } for pid=1475 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> type=1400 audit(1220475969.949:12): avc: denied { write } for pid=1697 comm="ip" path="/0" dev=devpts ino=2 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> type=1400 audit(1220476005.919:13): avc: denied { search } for pid=1958 comm="pcscd" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_r:pcscd_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir
> type=1400 audit(1220476026.870:14): avc: denied { search } for pid=2368 comm="python" name="hp" dev=dm-0 ino=28345940 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir
> type=1400 audit(1220476026.972:15): avc: denied { execute } for pid=2417 comm="gdm" name="rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220476026.973:16): avc: denied { getattr } for pid=2417 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220476026.973:17): avc: denied { getattr } for pid=2417 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220476028.580:18): avc: denied { search } for pid=2449 comm="python" name="hp" dev=dm-0 ino=28345940 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir
> [olivares@localhost ~]$
> [olivares@localhost ~]$ uname -a
> Linux localhost 2.6.27-0.297.rc5.git2.fc10.i686 #1 SMP Tue Sep 2 11:19:36 EDT 2008 i686 athlon i386 GNU/Linux
>
>
>
OK, so running "restorecon" on your home directory got rid of the
pulse related AVCs.
Are you booting/running in enforcing or permissive mode?
tom
--
Tom London
--
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe:
https://www.redhat.com/mailman/listinfo/fedora-test-list
