Rename to policy.16 and now I got bigger problems
Russell Coker
russell at coker.com.au
Mon Apr 12 11:01:55 UTC 2004
On Tue, 6 Apr 2004 08:00, jim tate <mickeyboa at sbcglobal.net> wrote:
> pr 5 16:27:23 mickeyboy kernel: audit(1081200443.557:0): avc: denied {
> getattr } for pid=2247 exe=/usr/sbin/utempter path=/etc/passwd dev=hda2
> ino=3181518 scontext=root:sysadm_r:utempter_t
> tcontext=system_u:object_r:file_t tclass=file
/etc/passwd is not labeled (file_t), looks like you added an account or
changed a password while running with selinux=0.
> Apr 5 16:27:23 mickeyboy kernel: audit(1081200443.558:0): avc: denied {
> read write } for pid=2247 exe=/usr/sbin/utempter name=utmp dev=hda2
> ino=3883013 scontext=root:sysadm_r:utempter_t
> tcontext=system_u:object_r:var_run_t tclass=file
Your utmp file should have the type initrc_var_run_t not var_run_t. It looks
like the file was re-created by a process running in the wrong domain while
in permissive mode (such creation would not be allowed in enforcing mode).
> Apr 5 16:27:25 mickeyboy kernel:
> audit(1081200445.809:0): avc: denied { unix_read unix_write } for
> pid=1987 exe=/usr/X11R6/bin/XFree86 key=0
> scontext=system_u:system_r:kernel_t tcontext=root:sysadm_r:sysadm_t
Your X server is running as kernel_t, this indicates that probably most of
your processes started by init have the wrong context. Maybe /sbin/init is
not labeled correctly.
The solution to these problems is to relabel the file systems and reboot.
Sorry for the delay in answering.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-test-list
mailing list