audit messages I do not understand

Brian Millett bmillett at gmail.com
Thu Nov 3 16:52:21 UTC 2005 

Hi, I'm running rawhide, selinux=enforcing & permissive.  I get these
messages in the syslog: (sorry for the line wrap)

audit(1131013510.816:2): avc:  denied  { use } for  pid=409
comm="hwclock" name="hda3" dev=tmpfs ino=594
scontext=system_u:system_r:hwclock_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd

audit(1131035126.658:3): avc:  denied  { read } for  pid=1166
comm="restorecon" name="hda3" dev=tmpfs ino=594
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

audit(1131035127.718:4): avc:  denied  { use } for  pid=1174 comm="fsck"
name="hda3" dev=tmpfs ino=594 scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd

audit(1131035128.574:5): avc:  denied  { read } for  pid=1195
comm="restorecon" name="hda3" dev=tmpfs ino=594
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

audit(1131035128.802:6): avc:  denied  { read } for  pid=1196
comm="restorecon" name="hda3" dev=tmpfs ino=594
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

audit(1131035130.474:7): avc:  denied  { read } for  pid=1250
comm="restorecon" name="hda3" dev=tmpfs ino=594
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

audit(1131035130.878:8): avc:  denied  { read } for  pid=1255
comm="restorecon" name="hda3" dev=tmpfs ino=594
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file

audit(1131035131.106:9): avc:  denied  { use } for  pid=1257
comm="swapon" name="hda3" dev=tmpfs ino=594
scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd


I'm really trying to understand SELinux.  I've seen that something like
this is because the "file" needs to be relabeled.  But the name seems to
be the partition name "hda3" and the dev is the tmpfs.  It is
puzzling.  

What should I look for, or where should I start to trouble shoot this?

Thanks.
-- 
Brian Millett - [ Businessman and Lyta Alexander, "The Gathering"]
"Someday I'm going to find the guy that thought up the idea of renting
telepaths to businessman and I'm going to kill him."
'Funny, I just knew you were going to say that.'

More information about the fedora-test-list mailing list