gconfd-2 selinux messages
Thomas Molina
tmolina at cablespeed.com
Sun Apr 11 16:29:38 UTC 2004
I have a fully up to date test 2 installation running in permissive mode.
I would like to know if there is a set of policies I could create to deal
with the following messages:
Apr 11 11:42:39 dad gconfd (root-2650): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only config
source at position 0
Apr 11 11:42:39 dad gconfd (root-2650): Resolved address
"xml:readwrite:/root/.gconf" to a writable config source at position 1
Apr 11 11:42:39 dad gconfd (root-2650): Resolved address
"xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only config source
at position 2
Apr 11 11:43:00 dad kernel: audit(1081698180.436:0): avc: denied {
create } for pid=1914 exe=/usr/libexec/gconfd-2 name=saved_state.tmp
scontext=user_u:user_r:user_t tcontext=user_u:object_r:file_t tclass=file
Apr 11 11:43:00 dad kernel: audit(1081698180.436:0): avc: denied { write
} for pid=1914 exe=/usr/libexec/gconfd-2
path=/home/tmolina/.gconfd/saved_state.tmp dev=hdd1 ino=17154
scontext=user_u:user_r:user_t tcontext=user_u:object_r:file_t tclass=file
Apr 11 11:43:00 dad kernel: audit(1081698180.436:0): avc: denied {
getattr } for pid=1914 exe=/usr/libexec/gconfd-2
path=/home/tmolina/.gconfd/saved_state dev=hdd1 ino=17134
scontext=user_u:user_r:user_t tcontext=user_u:object_r:file_t
tclass=fileApr 11 11:43:00 dad kernel: audit(1081698180.436:0): avc:
denied { rename } for pid=1914 exe=/usr/libexec/gconfd-2
name=saved_state dev=hdd1 ino=17134 scontext=user_u:user_r:user_t
tcontext=user_u:object_r:file_t tclass=file
Apr 11 11:43:00 dad kernel: audit(1081698180.437:0): avc: denied {
unlink } for pid=1914 exe=/usr/libexec/gconfd-2 name=saved_state.orig
dev=hdd1 ino=17134 scontext=user_u:user_r:user_t
tcontext=user_u:object_r:file_t tclass=file
More information about the fedora-test-list
mailing list