[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
problems with /dev/slamr0, mknod/insmod
- From: Antonio Olivares <olivares14031 yahoo com>
- To: fedora-selinux-list redhat com
- Subject: problems with /dev/slamr0, mknod/insmod
- Date: Thu, 15 Nov 2007 18:01:13 -0800 (PST)
Dear all,
On a fedora 8 machine with clean install, deleted Fedora 6 and started fresh, I get a warning about insmod as I did with Fedora 7, on Fedora 7 the problem went away, but on Fedora 8, setroubleshoot will warm me more than it did before so I kindly ask for guidance as to how to generate policy to allow the /dev/slamr0 to run without problems with selinux.
avc: denied { setattr } for comm=chgrp dev=tmpfs egid=0 euid=0 exe=/bin/chgrp
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=slamr0 pid=1890
scontext=system_u:system_r:insmod_t:s0 sgid=0 subj=system_u:system_r:insmod_t:s0
suid=0 tclass=chr_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0
I'll attach the selinux-alert that I got and ask for guidance to resolve this issue.
TIA,
Antonio
____________________________________________________________________________________
Get easy, one-click access to your favorites.
Make Yahoo! your homepage.
http://www.yahoo.com/r/hs Summary
SELinux is preventing /bin/chgrp (insmod_t) "setattr" access to device
<Unknown>.
Detailed Description
SELinux has denied the /bin/chgrp (insmod_t) "setattr" access to device
<Unknown>. <Unknown> is mislabeled, this device has the default label of the
/dev directory, which should not happen. All Character and/or Block Devices
should have a label. You can attempt to change the label of the file using
restorecon -v <Unknown>. If this device remains labeled device_t, then this
is a bug in SELinux policy. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against the selinux-policy
package. If you look at the other similar devices labels, ls -lZ
/dev/SIMILAR, and find a type that would work for <Unknown>, you can use
chcon -t SIMILAR_TYPE <Unknown>, If this fixes the problem, you can make
this permanent by executing semanage fcontext -a -t SIMILAR_TYPE <Unknown>
If the restorecon changes the context, this indicates that the application
that created the device, created it without using SELinux APIs. If you can
figure out which application created the device, please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this application.
Allowing Access
Attempt restorecon -v <Unknown> or chcon -t SIMILAR_TYPE <Unknown>
Additional Information
Source Context system_u:system_r:insmod_t:s0
Target Context system_u:object_r:device_t:s0
Target Objects None [ chr_file ]
Affected RPM Packages coreutils-6.9-9.fc8 [application]
Policy RPM selinux-policy-3.0.8-44.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.device
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.23.1-42.fc8 #1 SMP
Tue Oct 30 13:55:12 EDT 2007 i686 athlon
Alert Count 4
First Seen Sat 10 Nov 2007 09:04:49 AM CST
Last Seen Wed 14 Nov 2007 08:32:05 PM CST
Local ID a79654cc-dc0f-4b55-aea2-ae54353561a2
Line Numbers
Raw Audit Messages
avc: denied { setattr } for comm=chgrp dev=tmpfs egid=0 euid=0 exe=/bin/chgrp
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=slamr0 pid=1890
scontext=system_u:system_r:insmod_t:s0 sgid=0 subj=system_u:system_r:insmod_t:s0
suid=0 tclass=chr_file tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]