On Mon, 2007-12-17 at 22:14 -0500, Eamon Walsh wrote:
> Attached are some denials that modprobe is encountering while loading
> Xorg DRI kernel modules while X server is starting up. tty7 is the
> terminal where the X server is being launched (Ctrl-Alt-F7). I'm aware
> that the Xorg.0.log file is supposed to be labeled xserver_log_t, but my
> guess is that would be denied as well. Think this may be log messages
> except for the renicing stuff.
>
> This is xselinux branch of refpolicy running in enforcing mode.
Based on the other kernel messages, I'm guessing that the insmod
succeeded despite the tty and capability denials? If so I suppose we
can dontaudit it.
> plain text document attachment (audit_x.txt)
> Dec 17 21:25:34 moss-charon kernel: audit(1197944734.892:71): avc: denied { read write } for pid=2220 comm="modprobe" name="tty7" dev=tmpfs ino=240 scontext=system_u:system_r:insmod_t:s0-s0:c0.c255 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
> Dec 17 21:25:34 moss-charon kernel: audit(1197944734.893:72): avc: denied { write } for pid=2220 comm="modprobe" path="/usr/local/var/log/Xorg.0.log" dev=dm-0 ino=5701638 scontext=system_u:system_r:insmod_t:s0-s0:c0.c255 tcontext=system_u:object_r:usr_t:s0 tclass=file
> Dec 17 21:25:34 moss-charon kernel: audit(1197944734.893:73): avc: denied { read write } for pid=2220 comm="modprobe" path="/dev/tty7" dev=tmpfs ino=240 scontext=system_u:system_r:insmod_t:s0-s0:c0.c255 tcontext=system_u:object_r:tty_device_t:s0 tclass=chr_file
> Dec 17 21:25:34 moss-charon kernel: audit(1197944734.926:74): avc: denied { sys_nice } for pid=2220 comm="modprobe" capability=23 scontext=system_u:system_r:insmod_t:s0-s0:c0.c255 tcontext=system_u:system_r:insmod_t:s0-s0:c0.c255 tclass=capability
> Dec 17 21:25:34 moss-charon kernel: [drm] Initialized drm 1.1.0 20060810
> Dec 17 21:25:34 moss-charon kernel: audit(1197944734.932:75): avc: denied { sys_nice } for pid=2220 comm="modprobe" capability=23 scontext=system_u:system_r:insmod_t:s0-s0:c0.c255 tcontext=system_u:system_r:insmod_t:s0-s0:c0.c255 tclass=capability
> Dec 17 21:25:34 moss-charon kernel: ACPI: PCI Interrupt 0000:00:02.0[A] -> GSI 16 (level, low) -> IRQ 16
> Dec 17 21:25:34 moss-charon kernel: [drm] Initialized i915 1.11.0 20071122 on minor 0
> Dec 17 21:25:34 moss-charon kernel: mtrr: type mismatch for c0000000,10000000 old: write-back new: write-combining
> Dec 17 21:25:40 moss-charon kernel: mtrr: type mismatch for c0000000,10000000 old: write-back new: write-combining
>
--
Chris PeBenito
<pebenito@xxxxxxxxxx>
Developer,
Hardened Gentoo Linux
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
Attachment:
signature.asc
Description: This is a digitally signed message part
