denied avc's on rawhide
Daniel J Walsh
dwalsh at redhat.com
Tue Dec 9 20:42:26 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> Dear fellow testers and selinux experts,
>
> After updating to latest updates, I get several selinux denials, but setroubleshoot does not display, them. I get to see them when the system starts and that is it :(
>
> [olivares at localhost ~]$ rpm -qa selinux*
> [olivares at localhost ~]$ rpm -qa selinux
> [olivares at localhost ~]$ rpm -qa selinux-policy*
> selinux-policy-3.6.1-6.fc11.noarch
> selinux-policy-targeted-3.6.1-6.fc11.noarch
> [olivares at localhost ~]$ dmesg | grep 'avc'
> type=1400 audit(1228782900.945:4): avc: denied { sys_tty_config } for pid=709 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
> type=1400 audit(1228782901.610:5): avc: denied { sys_tty_config } for pid=716 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
> type=1400 audit(1228782924.617:6): avc: denied { sys_tty_config } for pid=1471 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
> type=1400 audit(1228782926.009:7): avc: denied { write } for pid=1497 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> type=1400 audit(1228782928.136:8): avc: denied { sys_tty_config } for pid=1672 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
> type=1400 audit(1228782964.027:9): avc: denied { sys_tty_config } for pid=1688 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
> type=1400 audit(1228782991.682:10): avc: denied { search } for pid=2415 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
> type=1400 audit(1228782992.039:11): avc: denied { search } for pid=2445 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
> type=1400 audit(1228782993.853:12): avc: denied { search } for pid=2482 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
> type=1400 audit(1228782995.570:13): avc: denied { search } for pid=2574 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
> type=1400 audit(1228783019.890:14): avc: denied { search } for pid=2845 comm="polkit-read-aut" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir
> [olivares at localhost ~]$
>
>
> Regards,
>
> Antonio
>
>
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
If you update to selinux-policy-3.6.1-8.fc11.noarch
These should be fixed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk+2DIACgkQrlYvE4MpobN1TwCdF5LmqDAhnTEkvYVDYeahBzAW
ddsAoLmrjp/0XyRA/5kiNLPqDxJ0xega
=euz2
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list