On Wed, 2007-11-07 at 19:39 -0800, Lisa R. wrote:
> Hello.
>
> I have new to this, have a new system and I have fixed most of the denial errors on boot. However, I am stuck on three.
>
> Can anyone help?
>
> Nov 6 22:00:27 selinux kernel: audit(1194404427.969:3): avc: denied { search } for pid=2814 comm="dmidecode" name="/\
> " dev=sysfs ino=1 scontext=system_u:system_r:dmidecode_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir
> Nov 6 22:00:28 selinux kernel: audit(1194404428.085:4): avc: denied { read write } for pid=2816 comm="hal-storage-cle" name=".hal-mtab-lock" dev=hda1 ino=2359302 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file
> Nov 6 22:00:28 selinux kernel: audit(1194404428.089:5): avc: denied { lock } for pid=2816 comm="hal-storage-cle" name=".hal-mtab-lock" dev=hda1 ino=2359302 scontext=system_u:system_r:hald_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file
The name= field in the first message is a bit puzzling, but allowing
dmidecode to search /sys is likely harmless.
The other two would seem to be a lack of proper typing
on /media/.hal-mtab-lock. What happens if you restorecon
-v /media/.hal-mtab-lock?
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
