selinux system with configfs and cgroup support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

      I recently build a gentoo hardened selinux system with cgroup and configfs support but on bootup, I am getting these error:

 

Configfs:

 

Feb 15 17:30:37 johnson kernel: type=1400 audit(1329327031.306:10): avc:  denied  { setattr } for  pid=104 comm="mount" name="/" dev="configfs" ino=94 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:configfs_t:s0 tclass=dir

Feb 15 17:45:48 johnson kernel: type=1400 audit(1329327937.356:4): avc:  denied  { write } for  pid=104 comm="mount" name="/" dev="configfs" ino=94 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:configfs_t:s0 tclass=dir

 

 

Cgroups:

 

Feb 14 14:02:36 localhost kernel: type=1400 audit(1329242585.276:8): avc:  denied  { search } for  pid=113 comm="mount" name="/" dev="cgroup" ino=205 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir

Feb 14 14:04:02 localhost kernel: type=1400 audit(1329246233.189:8): avc:  denied  { search } for  pid=113 comm="mount" name="/" dev="cgroup" ino=194 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir

Feb 14 16:48:30 johnson kernel: type=1400 audit(1329238099.103:8): avc:  denied  { search } for  pid=113 comm="mount" name="/" dev="cgroup" ino=197 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir

Feb 14 22:22:56 johnson kernel: type=1400 audit(1329258167.143:8): avc:  denied  { search } for  pid=113 comm="mount" name="/" dev="cgroup" ino=193 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir

Feb 15 00:17:55 johnson kernel: type=1400 audit(1329265064.356:8): avc:  denied  { search } for  pid=113 comm="mount" name="/" dev="cgroup" ino=195 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir

Feb 15 17:45:49 johnson kernel: type=1400 audit(1329327937.426:8): avc:  denied  { search } for  pid=113 comm="mount" name="/" dev="cgroup" ino=198 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir

Feb 15 17:51:39 johnson kernel: type=1400 audit(1329328288.173:8): avc:  denied  { search } for  pid=113 comm="mount" name="/" dev="cgroup" ino=195 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir

Feb 15 18:08:14 johnson kernel: type=1400 audit(1329329282.219:8): avc:  denied  { search } for  pid=113 comm="mount" name="/" dev="cgroup" ino=201 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir

 

Other than that, the system run fine but for the moment, I am running in permissive mode with Multi-Category Security and I'd like to fix these errors before going into enforcing mode but I don't know what to look for in my system to fix these error.

 

Thanks

Alain

 

[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux