[ 224.130031] audit: type=1400 audit(1403673275.109:5): avc: denied {
0x800000 } for pid=2112 comm="systemd-udevd" name="cpufreq" dev="dm-0"
ino=3357 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
I'm occasionally seeing messages like the above after booting the Debian
kernel 3.14.7 with BTRFS for the root filesystem. By "like the above" I mean
it refers to a (somewhat random) directory under /lib/modules with a tcontext
of unlabeled_t being accessed by systemd-udevd.
/backup/2014-06-23/lib/modules/3.14-1-amd64/kernel/drivers/cpufreq
/lib/modules/3.14-1-amd64/kernel/drivers/cpufreq
The inum 3357 matches the above two files where /backup/2014-06-23 is a
subvolume that is a snapshot of / . The latter file name has the correct
context while the former is unlabeled_t.
[ 197.649359] audit: type=1400 audit(1403674422.633:4): avc: denied {
0x800000 } for pid=2101 comm="systemd-udevd" name="pci" dev="dm-0" ino=3387
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
As a test I deleted all snapshots and rebooted a couple of times, then I saw
the above message.
Note that I can't rule out the possibility of a BTRFS bug.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
