[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: denied avcs Rawhide how to troubleshoot

From: Stephen Smalley <sds tycho nsa gov>
To: Antonio Olivares <olivares14031 yahoo com>
Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Subject: Re: denied avcs Rawhide how to troubleshoot
Date: Tue, 10 Apr 2007 09:41:22 -0400

On Tue, 2007-04-10 at 06:23 -0700, Antonio Olivares wrote:
> Dear list,
> 
> I am running rawhide and I get these denied avcs
> 
> [olivares localhost ~]$ cat /etc/fedora-release 
> Fedora release 6.92 (Rawhide)
> [olivares localhost ~]$ 
> 
> There is a tool semanage, but I do not know how to use it.  Is there any reference to this new tool.  
> How do I fix this using chcon -?  or other tools to troubleshoot this.
> 
> audit(1176209974.281:4): avc:  denied  { create } for  pid=991 comm="create_floppy_d" name="fd0u1440" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:default_t:s0 tclass=blk_file

In this case, it appears that udev is creating a device node without
properly setting its security context.

I can confirm the same behavior on a rawhide system here.
/sbin/restorecon -nv /dev/fd0u1440 reports that it has default_t but
should have removable_device_t according to policy.

Possibly a bug in the latest version of udev?

-- 
Stephen Smalley
National Security Agency

References:
- denied avcs Rawhide how to troubleshoot
  - From: Antonio Olivares

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]