avc denied from kernel 427 update

Richard Hally rhallyx at mindspring.com
Sun Jun 13 06:29:05 UTC 2004 

Below a few of the over 100 warning and error messages from doing yum 
update today.(6/12/04)  Of the ones that didn't scroll off, they are all 
about the 427/build directory tree.
This is in enforcing mode using the most recent strict policy that 
existed before todays update to
selinux-policy-strict-sources-1.13.4-5. The avc denied messages are 
further below.
HTH
Richard Hally

-----------------------------------------------------------------------------------------------------
from yum update:
...
WARNING: Couldn't stat /lib/modules/2.6.6-1.427/build/.config: 
Permission denied
WARNING: Couldn't stat /lib/modules/2.6.6-1.427/build/init/Makefile: 
Permission denied
WARNING: Couldn't stat /lib/modules/2.6.6-1.427/build/init/Kconfig: 
Permission denied
FATAL: Could not open /lib/modules/2.6.6-1.427/modules.dep.temp for 
writing: Permission denied
/bin/bash: /root/.bashrc: Permission denied
No dep file found for kernel 2.6.6-1.427
mkinitrd failed
 
-------------------------------------------------------------------
And here are some of the avc denied messages
 
Jun 12 19:27:20 new2 kernel: audit(1087082831.128:0): avc:  denied  { 
getattr }
for  pid=5774 exe=/sbin/depmod 
path=/lib/modules/2.6.6-1.427/build/net/ipv4/Kconfig dev=hda2 ino=543312 
scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=file
Jun 12 19:27:20 new2 kernel: audit(1087082831.142:0): avc:  denied  { 
getattr }
for  pid=5774 exe=/sbin/depmod 
path=/lib/modules/2.6.6-1.427/build/.config dev=hda2 ino=525543 
scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t
tclass=file
Jun 12 19:27:20 new2 kernel: audit(1087082831.142:0): avc:  denied  { 
getattr }
for  pid=5774 exe=/sbin/depmod 
path=/lib/modules/2.6.6-1.427/build/init/Makefile dev=hda2 ino=525592 
scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:lib_t tclass=file
Jun 12 19:27:20 new2 kernel: audit(1087082831.142:0): avc:  denied  { 
getattr }
for  pid=5774 exe=/sbin/depmod 
path=/lib/modules/2.6.6-1.427/build/init/Kconfig
dev=hda2 ino=525591 scontext=root:sysadm_r:depmod_t 
tcontext=system_u:object_r:lib_t tclass=file
Jun 12 19:27:20 new2 kernel: audit(1087082831.142:0): avc:  denied  { 
write } for  pid=5774 exe=/sbin/depmod name=2.6.6-1.427 dev=hda2 
ino=525541 scontext=root:sysadm_r:depmod_t 
tcontext=system_u:object_r:lib_t tclass=dir

More information about the fedora-selinux-list mailing list