Issue with selinux and swapfiles in FC5?
Fabio Comolli
fabio.comolli at gmail.com
Thu Feb 16 17:12:37 UTC 2006
Hi.
> On 2/16/06, Daniel J Walsh <dwalsh at redhat.com> wrote:
> > Fabio Mollify wrote:
>
> Who in the hell is Fabio Mollify???????
>
forgot the :-)
>
> > > Hi. I found this line in my logs:
> > >
> > > audit(1140033999.212:6): avc: denied { write } for pid=2171
> > > comm="swapon" name="swapfile" dev=sda2 ino=67052
> > > scontext=system_u:system_r:fsadm_t:s0
> > > tcontext=system_u:object_r:default_t:s0 tclass=file
> > >
> > > I'm just experimenting with selinux, so I set it up in permissive mode
> > > and the swap was activated.
> > >
> > > Is there a way to get rid of it? (or can it be considered harmless?)
> > >
> > > Thanks in advance.
> > > Fabio
> > >
> > >
> > chcon -t swapfile_t swapfile
> >
> > should fix the problem. (swapfile_t needs to be made a customizable
> > type. Also needs a man page)
> >
Unfortunately it didn't work:
root at kepler ~]# ls -Z /swapfile
-rw-r--r-- root root system_u:object_r:swapfile_t /swapfile
but the warning in dmesg is still there:
audit(1140109455.801:6): avc: denied { read } for pid=2165
comm="swapon" name="swapfile" dev=sda2 ino=67052
scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:object_r:swapfile_t:s0 tclass=file
audit(1140109455.810:7): avc: denied { write } for pid=2165
comm="swapon" name="swapfile" dev=sda2 ino=67052
scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:object_r:swapfile_t:s0 tclass=file
Should I try: chcon -t fsadm_t /swapfile ?
Thanks again,
Fabio
More information about the fedora-test-list
mailing list