[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: F8 updates kill setroubleshootd?
- From: Paul Howarth <paul city-fan org>
- To: Fedora SELinux support list <fedora-selinux-list redhat com>
- Subject: Re: F8 updates kill setroubleshootd?
- Date: Fri, 29 Feb 2008 11:09:33 +0000
Paul Howarth wrote:
Having installed the latest bunch of Fedora 8 updates this morning,
which included selinux-policy and setroubleshoot, I'm getting these
denials:
type=AVC msg=audit(1204275163.032:209): avc: denied { connectto } for
pid=26345 comm="setroubleshootd" path="/var/run/audispd_events"
scontext=unconfined_u:system_r:setroubleshootd_t:s0
tcontext=system_u:system_r:auditd_t:s0 tclass=unix_stream_socket
type=AVC msg=audit(1204275171.133:210): avc: denied { read } for
pid=26379 comm="setroubleshootd" name=".rpmmacros" dev=0:15 ino=6331637
scontext=unconfined_u:system_r:setroubleshootd_t:s0
tcontext=system_u:object_r:nfs_t:s0 tclass=file
The first one looks like a policy issue but I can't fathom why
setroubleshootd would be trying access ~/.rpmmacros for the second one.
Following a reboot, the socket /var/run/audispd_events changed from
auditd_t to audisp_var_run_t and there are no more AVCs for this. I
tried a restorecon before the reboot but that didn't do anything, which
is strange given that policy does indeed specify context:
# semanage fcontext -l | grep audisp
/sbin/audispd regular file
system_u:object_r:audisp_exec_t:s0
/sbin/audisp-prelude regular file
system_u:object_r:audisp_prelude_exec_t:s0
/var/run/audispd_events socket
system_u:object_r:audisp_var_run_t:s0
Perhaps that was finger trouble?
Paul.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]