[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: two problems with fedora core 5



On Wed, 2006-05-24 at 18:06 -0700, Antonio Olivares wrote:
> I get some of these too, but they do not impede or
> hurt anything major, so I do not complain.  If they
> hurted something, then I would ask.  
> 
> audit(1148514227.623:6): avc:  granted  { execmem }
> for  pid=1638 comm="kudzu"
> scontext=system_u:system_r:kudzu_t:s0
> tcontext=system_u:system_r:kudzu_t:s0 tclass=process
> audit(1148514227.623:7): avc:  granted  { execmem }
> for  pid=1638 comm="kudzu"
> scontext=system_u:system_r:kudzu_t:s0
> tcontext=system_u:system_r:kudzu_t:s0 tclass=process

You should update your selinux-policy packages. The "avc:  granted"
messages that fill up log files were removed from policy some time ago.

> audit(1148514227.707:8): avc:  denied  { read } for 
> pid=1629 comm="readahead" name="display" dev=ramfs
> ino=4403 scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:object_r:ramfs_t:s0 tclass=file
> audit(1148514227.707:9): avc:  denied  { read } for 
> pid=1629 comm="readahead" name="rhgb-console"
> dev=ramfs ino=4477
> scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:object_r:ramfs_t:s0 tclass=fifo_file
> ip_tables: (C) 2000-2006 Netfilter Core Team
> Netfilter messages via NETLINK v0.30.
> ip_conntrack version 2.4 (4095 buckets, 32760 max) -
> 232 bytes per conntrack
> audit(1148514230.112:10): avc:  denied  { read } for 
> pid=1629 comm="readahead" name="display" dev=ramfs
> ino=4403 scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:object_r:ramfs_t:s0 tclass=file
> audit(1148514230.112:11): avc:  denied  { read } for 
> pid=1629 comm="readahead" name="rhgb-console"
> dev=ramfs ino=4477
> scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:object_r:ramfs_t:s0 tclass=fifo_file
> SELinux: initialized (dev rpc_pipefs, type
> rpc_pipefs), uses genfs_contexts
> SELinux: initialized (dev autofs, type autofs), uses
> genfs_contexts
> 
> If you lost some functionality as a result of that avc
> message, then you are right on in asking for help.

This is good advice.

Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]