changed selinux to permissive get new avcs

Antonio Olivares olivares14031 at yahoo.com
Sun Apr 2 01:56:27 UTC 2006 

Dear all,
   As I had some previous trouble with selinux, and
have gotten little to no advice, I read through the
fedora wiki, and fedora selinux-faq and previous
knowlege/advice from fedora-list

I did a ./touchrelabel and reboot.

I could still not connect to internet with latest FC4
kernel (2.6.16-1.2069_FC4).  I have changed selinux
mode to permissive mode and I get new avc's.  

SELinux: initialized (dev binfmt_misc, type
binfmt_misc), uses genfs_contexts
ip_tables: (C) 2000-2006 Netfilter Core Team
Netfilter messages via NETLINK v0.30.
ip_conntrack version 2.4 (3071 buckets, 24568 max) -
232 bytes per conntrack
audit(1143945599.518:2): avc:  denied  { sendto } for 
pid=1620 comm="rpc.statd"
scontext=system_u:system_r:rpcd_t
tcontext=system_u:object_r:unlabeled_t
tclass=association
audit(1143945599.518:3): avc:  denied  { recvfrom }
for  pid=1620 comm="rpc.statd"
scontext=system_u:system_r:portmap_t
tcontext=system_u:object_r:unlabeled_t
tclass=association
audit(1143945599.518:4): avc:  denied  { sendto } for 
pid=1602 comm="portmap"
scontext=system_u:system_r:portmap_t
tcontext=system_u:object_r:unlabeled_t
tclass=association
audit(1143945599.518:5): avc:  denied  { recvfrom }
for  pid=1602 comm="portmap"
scontext=system_u:system_r:rpcd_t
tcontext=system_u:object_r:unlabeled_t
tclass=association
SELinux: initialized (dev rpc_pipefs, type
rpc_pipefs), uses genfs_contexts



I will post inline complete dmesg to get better
advice.

[root at localhost ~]# dmesg
Linux version 2.6.16-1.2069_FC4
(bhcompile at hs20-bc1-7.build.redhat.com) (gcc version
4.0.2 20051125 (Red Hat 4.0.2-8)) #1 Tue Mar 28
12:19:10 EST 2006
BIOS-provided physical RAM map:
 BIOS-e820: 0000000000000000 - 000000000009fc00
(usable)
 BIOS-e820: 000000000009fc00 - 00000000000a0000
(reserved)
 BIOS-e820: 00000000000f0000 - 0000000000100000
(reserved)
 BIOS-e820: 0000000000100000 - 0000000017ff0000
(usable)
 BIOS-e820: 0000000017ff0000 - 0000000017ff3000 (ACPI
NVS)
 BIOS-e820: 0000000017ff3000 - 0000000018000000 (ACPI
data)
 BIOS-e820: 00000000ffff0000 - 0000000100000000
(reserved)
0MB HIGHMEM available.
383MB LOWMEM available.
Using x86 segment limits to approximate NX protection
On node 0 totalpages: 98288
  DMA zone: 4096 pages, LIFO batch:0
  DMA32 zone: 0 pages, LIFO batch:0
  Normal zone: 94192 pages, LIFO batch:31
  HighMem zone: 0 pages, LIFO batch:0
DMI 2.2 present.
ACPI: RSDP (v000 AWARD                                
) @ 0x000f6280
ACPI: RSDT (v001 AWARD  AWRDACPI 0x42302e31 AWRD
0x00000000) @ 0x17ff3000
ACPI: FADT (v001 AWARD  AWRDACPI 0x42302e31 AWRD
0x00000000) @ 0x17ff3040
ACPI: DSDT (v001 AWARD  AWRDACPI 0x00001000 MSFT
0x0100000c) @ 0x00000000
ACPI: PM-Timer IO Port: 0x508
Allocating PCI resources starting at 20000000 (gap:
18000000:e7ff0000)
Built 1 zonelists
Kernel command line: ro root=/dev/VolGroup00/LogVol00
rhgb quiet
Local APIC disabled by BIOS -- you can enable it with
"lapic"
mapped APIC to ffffd000 (01304000)
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Initializing CPU#0
CPU 0 irqstacks, hard=c040a000 soft=c040b000
PID hash table entries: 2048 (order: 11, 32768 bytes)
Detected 1466.863 MHz processor.
Using pmtmr for high-res timesource
Console: colour VGA+ 80x25
Dentry cache hash table entries: 65536 (order: 6,
262144 bytes)
Inode-cache hash table entries: 32768 (order: 5,
131072 bytes)
Memory: 383964k/393152k available (2131k kernel code,
8656k reserved, 754k data, 200k init, 0k highmem)
Checking if this processor honours the WP bit even in
supervisor mode... Ok.
Calibrating delay using timer specific routine..
2937.06 BogoMIPS (lpj=5874126)
Security Framework v1.0.0 initialized
SELinux:  Initializing.
SELinux:  Starting in permissive mode
selinux_register_security:  Registering secondary
module capability
Capability LSM initialized as secondary
Mount-cache hash table entries: 512
CPU: After generic identify, caps: 0383f9ff c1c3f9ff
00000000 00000000 00000000 00000000 00000000
CPU: After vendor identify, caps: 0383f9ff c1c3f9ff
00000000 00000000 00000000 00000000 00000000
CPU: L1 I Cache: 64K (64 bytes/line), D cache 64K (64
bytes/line)
CPU: L2 Cache: 256K (64 bytes/line)
CPU: After all inits, caps: 0383f1ff c1c3f9ff 00000000
00000020 00000000 00000000 00000000
Intel machine check architecture supported.
Intel machine check reporting enabled on CPU#0.
CPU: AMD Athlon(tm) XP 1700+ stepping 02
Checking 'hlt' instruction... OK.
ACPI: setting ELCR to 0200 (from 0c20)
checking if image is initramfs... it is
Freeing initrd memory: 1645k freed
NET: Registered protocol family 16
ACPI: bus type pci registered
PCI: PCI BIOS revision 2.10 entry at 0xfb330, last
bus=1
PCI: Using configuration type 1
ACPI: Subsystem revision 20060127
ACPI: Interpreter enabled
ACPI: Using PIC for interrupt routing
ACPI: PCI Root Bridge [PCI0] (0000:00)
PCI: Probing PCI hardware (bus 00)
ACPI: Assume root bridge [\_SB_.PCI0] bus is 0
Boot video device is 0000:00:09.0
PCI quirk: region 0500-053f claimed by ali7101 ACPI
PCI quirk: region 0400-041f claimed by ali7101 SMB
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
ACPI: PCI Interrupt Link [LNK1] (IRQs 1 3 4 5 6 7 10
11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNK2] (IRQs 1 3 4 5 6 7 *10
11 12 14 15)
ACPI: PCI Interrupt Link [LNK3] (IRQs 1 3 4 5 6 7 10
11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNK4] (IRQs 1 3 4 5 6 7 10
*11 12 14 15)
ACPI: PCI Interrupt Link [LNK5] (IRQs 1 3 4 5 6 7 10
*11 12 14 15)
ACPI: PCI Interrupt Link [LNK6] (IRQs 1 3 4 5 6 7 10
11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNK7] (IRQs 1 3 4 5 6 7 10
11 12 14 15) *0, disabled.
ACPI: PCI Interrupt Link [LNK8] (IRQs 1 3 4 *5 6 7 10
11 12 14 15)
ACPI: PCI Interrupt Link [LNK9] (IRQs 1 3 4 5 6 7 10
*11 12 14 15)
Linux Plug and Play Support v0.97 (c) Adam Belay
pnp: PnP ACPI init
pnp: PnP ACPI: found 13 devices
usbcore: registered new driver usbfs
usbcore: registered new driver hub
PCI: Using ACPI for IRQ routing
PCI: If a device doesn't work, try "pci=routeirq".  If
it helps, post a report
PCI: Bridge: 0000:00:01.0
  IO window: disabled.
  MEM window: disabled.
  PREFETCH window: disabled.
PCI: Setting latency timer of device 0000:00:01.0 to
64
apm: BIOS version 1.2 Flags 0x07 (Driver version
1.16ac)
apm: overridden by ACPI.
audit: initializing netlink socket (disabled)
audit(1143923979.008:1): initialized
Total HugeTLB memory allocated, 0
VFS: Disk quotas dquot_6.5.1
Dquot-cache hash table entries: 1024 (order 0, 4096
bytes)
SELinux:  Registering netfilter hooks
Initializing Cryptographic API
ksign: Installing public key data
Loading keyring
- Added public key 6D8AC7E0298FAC35
- User ID: Red Hat, Inc. (Kernel Module GPG key)
io scheduler noop registered
io scheduler anticipatory registered
io scheduler deadline registered
io scheduler cfq registered (default)
Limiting direct PCI/PCI transfers.
Activating ISA DMA hang workarounds.
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
ACPI: Fan [FAN] (on)
ACPI: Processor [CPU0] (supports 2 throttling states)
ACPI: Thermal Zone [THRM] (56 C)
isapnp: Scanning for PnP cards...
isapnp: No Plug & Play device found
Real Time Clock Driver v1.12ac
Linux agpgart interface v0.101 (c) Dave Jones
agpgart: Detected ALi M1647 chipset
agpgart: AGP aperture is 128M @ 0xd0000000
PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at
0x60,0x64 irq 1,12
serio: i8042 AUX port at 0x60,0x64 irq 12
serio: i8042 KBD port at 0x60,0x64 irq 1
Serial: 8250/16550 driver $Revision: 1.90 $ 2 ports,
IRQ sharing enabled
serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
serial8250: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
00:08: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
00:09: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A
ACPI: PCI Interrupt Link [LNK2] enabled at IRQ 10
PCI: setting IRQ 10 as level-triggered
ACPI: PCI Interrupt 0000:00:0d.0[A] -> Link [LNK2] ->
GSI 10 (level, low) -> IRQ 10
Couldn't register serial port 0000:00:0d.0: -28
RAMDISK driver initialized: 16 RAM disks of 16384K
size 1024 blocksize
Uniform Multi-Platform E-IDE driver Revision:
7.00alpha2
ide: Assuming 33MHz system bus speed for PIO modes;
override with idebus=xx
ALI15X3: IDE controller at PCI slot 0000:00:04.0
ACPI: PCI Interrupt 0000:00:04.0[A]: no GSI
ALI15X3: chipset revision 196
ALI15X3: not 100% native mode: will probe irqs later
    ide0: BM-DMA at 0xd400-0xd407, BIOS settings:
hda:DMA, hdb:pio
    ide1: BM-DMA at 0xd408-0xd40f, BIOS settings:
hdc:DMA, hdd:DMA
Probing IDE interface ide0...
hda: ST340016A, ATA DISK drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Probing IDE interface ide1...
hdc: IDE DVD-ROM 16X, ATAPI CD/DVD-ROM drive
hdd: RW-241040, ATAPI CD/DVD-ROM drive
ide1 at 0x170-0x177,0x376 on irq 15
hda: max request size: 128KiB
hda: 78165360 sectors (40020 MB) w/2048KiB Cache,
CHS=65535/16/63, UDMA(100)
hda: cache flushes not supported
 hda: hda1 hda2
hdc: ATAPI 48X DVD-ROM drive, 512kB Cache, UDMA(33)
Uniform CD-ROM driver Revision: 3.20
hdd: ATAPI 40X CD-ROM CD-R/RW drive, 2048kB Cache,
UDMA(33)
ide-floppy driver 0.99.newide
usbcore: registered new driver libusual
usbcore: registered new driver hiddev
usbcore: registered new driver usbhid
drivers/usb/input/hid-core.c: v2.6:USB HID core driver
mice: PS/2 mouse device common for all mice
md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27
md: bitmap version 4.39
NET: Registered protocol family 2
input: AT Translated Set 2 keyboard as
/class/input/input0
IP route cache hash table entries: 4096 (order: 2,
16384 bytes)
TCP established hash table entries: 16384 (order: 6,
262144 bytes)
TCP bind hash table entries: 16384 (order: 6, 327680
bytes)
TCP: Hash tables configured (established 16384 bind
16384)
TCP reno registered
TCP bic registered
Initializing IPsec netlink socket
NET: Registered protocol family 1
NET: Registered protocol family 17
Using IPI Shortcut mode
ACPI wakeup devices:
PCI0 USB0 USB1
ACPI: (supports S0 S1 S4 S5)
Freeing unused kernel memory: 200k freed
Write protecting the kernel read-only data: 346k
device-mapper: 4.5.0-ioctl (2005-10-04) initialised:
dm-devel at redhat.com
kjournald starting.  Commit interval 5 seconds
EXT3-fs: mounted filesystem with ordered data mode.
input: ImPS/2 Generic Wheel Mouse as
/class/input/input1
security:  3 users, 6 roles, 764 types, 87 bools
security:  55 classes, 182383 rules
SELinux:  Completing initialization.
SELinux:  Setting up existing superblocks.
SELinux: initialized (dev dm-0, type ext3), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses
transition SIDs
SELinux: initialized (dev debugfs, type debugfs), uses
genfs_contexts
SELinux: initialized (dev selinuxfs, type selinuxfs),
uses genfs_contexts
SELinux: initialized (dev mqueue, type mqueue), not
configured for labeling
SELinux: initialized (dev hugetlbfs, type hugetlbfs),
not configured for labeling
SELinux: initialized (dev devpts, type devpts), uses
transition SIDs
SELinux: initialized (dev eventpollfs, type
eventpollfs), uses genfs_contexts
SELinux: initialized (dev inotifyfs, type inotifyfs),
not configured for labeling
SELinux: initialized (dev tmpfs, type tmpfs), uses
transition SIDs
SELinux: initialized (dev futexfs, type futexfs), uses
genfs_contexts
SELinux: initialized (dev pipefs, type pipefs), uses
task SIDs
SELinux: initialized (dev sockfs, type sockfs), uses
task SIDs
SELinux: initialized (dev proc, type proc), uses
genfs_contexts
SELinux: initialized (dev bdev, type bdev), uses
genfs_contexts
SELinux: initialized (dev rootfs, type rootfs), uses
genfs_contexts
SELinux: initialized (dev sysfs, type sysfs), uses
genfs_contexts
SELinux: initialized (dev usbfs, type usbfs), uses
genfs_contexts
Floppy drive(s): fd0 is 1.44M
FDC 0 is a post-1991 82077
ACPI: PCI Interrupt Link [LNK4] enabled at IRQ 11
PCI: setting IRQ 11 as level-triggered
ACPI: PCI Interrupt 0000:00:0b.0[A] -> Link [LNK4] ->
GSI 11 (level, low) -> IRQ 11
3c59x: Donald Becker and others.
www.scyld.com/network/vortex.html
0000:00:0b.0: 3Com PCI 3c905 Boomerang 100baseTx at
0001dc00. Vers LK1.1.19
ACPI: PCI Interrupt Link [LNK8] enabled at IRQ 5
PCI: setting IRQ 5 as level-triggered
ACPI: PCI Interrupt 0000:00:03.0[A] -> Link [LNK8] ->
GSI 5 (level, low) -> IRQ 5
AC'97 1 does not respond - RESET
AC'97 1 access is not valid [0xffffffff], removing
mixer.
ali mixer 1 creating error.
slamr: module license 'Smart Link Ltd.' taints kernel.
slamr: SmartLink AMRMO modem.
slamr: device 163c:3052 is grabbed by another driver
ohci_hcd: 2005 April 22 USB 1.1 'Open' Host Controller
(OHCI) Driver (PCI)
ACPI: PCI Interrupt Link [LNK9] enabled at IRQ 11
ACPI: PCI Interrupt 0000:00:02.0[A] -> Link [LNK9] ->
GSI 11 (level, low) -> IRQ 11
ohci_hcd 0000:00:02.0: OHCI Host Controller
ohci_hcd 0000:00:02.0: new USB bus registered,
assigned bus number 1
ohci_hcd 0000:00:02.0: irq 11, io mem 0xe2001000
usb usb1: configuration #1 chosen from 1 choice
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 4 ports detected
ACPI: PCI Interrupt Link [LNK5] enabled at IRQ 11
ACPI: PCI Interrupt 0000:00:06.0[A] -> Link [LNK5] ->
GSI 11 (level, low) -> IRQ 11
ohci_hcd 0000:00:06.0: OHCI Host Controller
ohci_hcd 0000:00:06.0: new USB bus registered,
assigned bus number 2
ohci_hcd 0000:00:06.0: irq 11, io mem 0xe2003000
usb usb2: configuration #1 chosen from 1 choice
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 4 ports detected
usb 1-2: new full speed USB device using ohci_hcd and
address 2
usb 1-2: configuration #1 chosen from 1 choice
hub 1-2:1.0: USB hub found
hub 1-2:1.0: 4 ports detected
ACPI: Power Button (FF) [PWRF]
ACPI: Sleep Button (FF) [SLPF]
ACPI: Power Button (CM) [PWRB]
ACPI: Sleep Button (CM) [SLPB]
ibm_acpi: ec object not found
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
EXT3 FS on dm-0, internal journal
kjournald starting.  Commit interval 5 seconds
EXT3 FS on hda1, internal journal
EXT3-fs: mounted filesystem with ordered data mode.
SELinux: initialized (dev hda1, type ext3), uses xattr
SELinux: initialized (dev tmpfs, type tmpfs), uses
transition SIDs
Adding 786424k swap on /dev/VolGroup00/LogVol01. 
Priority:-1 extents:1 across:786424k
SELinux: initialized (dev binfmt_misc, type
binfmt_misc), uses genfs_contexts
ip_tables: (C) 2000-2006 Netfilter Core Team
Netfilter messages via NETLINK v0.30.
ip_conntrack version 2.4 (3071 buckets, 24568 max) -
232 bytes per conntrack
audit(1143945599.518:2): avc:  denied  { sendto } for 
pid=1620 comm="rpc.statd"
scontext=system_u:system_r:rpcd_t
tcontext=system_u:object_r:unlabeled_t
tclass=association
audit(1143945599.518:3): avc:  denied  { recvfrom }
for  pid=1620 comm="rpc.statd"
scontext=system_u:system_r:portmap_t
tcontext=system_u:object_r:unlabeled_t
tclass=association
audit(1143945599.518:4): avc:  denied  { sendto } for 
pid=1602 comm="portmap"
scontext=system_u:system_r:portmap_t
tcontext=system_u:object_r:unlabeled_t
tclass=association
audit(1143945599.518:5): avc:  denied  { recvfrom }
for  pid=1602 comm="portmap"
scontext=system_u:system_r:rpcd_t
tcontext=system_u:object_r:unlabeled_t
tclass=association
SELinux: initialized (dev rpc_pipefs, type
rpc_pipefs), uses genfs_contexts
Bluetooth: Core ver 2.8
NET: Registered protocol family 31
Bluetooth: HCI device and connection manager
initialized
Bluetooth: HCI socket layer initialized
Bluetooth: L2CAP ver 2.8
Bluetooth: L2CAP socket layer initialized
Bluetooth: RFCOMM socket layer initialized
Bluetooth: RFCOMM TTY layer initialized
Bluetooth: RFCOMM ver 1.7
SELinux: initialized (dev autofs, type autofs), uses
genfs_contexts
SELinux: initialized (dev autofs, type autofs), uses
genfs_contexts
parport: PnPBIOS parport detected.
parport0: PC-style at 0x378, irq 7 [PCSPP,EPP]
lp0: using parport0 (interrupt-driven).
lp0: console ready
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
IPv6 over IPv4 tunneling driver
device 163c:3052 is grabbed by driver serial: try to
release
ACPI: PCI interrupt for device 0000:00:0d.0 disabled
slamr: SmartLink AMRMO modem.
slamr: probe 163c:3052 SL1900 card...
ACPI: PCI Interrupt 0000:00:0d.0[A] -> Link [LNK2] ->
GSI 10 (level, low) -> IRQ 10
slamr: slamr0 is SL1900 card.

Thank you for your time and help,

Antonio

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the fedora-selinux-list mailing list