More avc denies
Tim Waugh
twaugh at redhat.com
Mon May 10 14:31:58 UTC 2004
On Mon, May 10, 2004 at 04:04:04PM +0200, Leonard den Ottolander wrote:
> Had to move in the /etc/security/selinux/policies because they were
> created as .rpmnews.
You had policy-sources installed as well? I think it's expected
behaviour in that case (policy-sources' %post scriptlet generates them
from source).
> Root console login:
> avc: denied { read } for pid=1559 exe=/bin/login
> name=.default_contexts dev=hda2 ino=437194
> scontext=system_u:system_r:local_login_t
> tcontext=root:object_r:staff_home_dir_t tclass=file
Looks like /root/.default_contexts has the wrong file context. Try after
running restorecon on it.
> ssh login and su - :
> avc: denied { read } for pid=3489 exe=/bin/su name=.default_contexts
> dev=hda2 ino=437194 scontext=user_u:user_r:user_su_t
> tcontext=root:object_r:staff_home_dir_t tclass=file
> avc: denied { getattr } for pid=3489 exe=/bin/su
> path=/root/.default_contexts dev=hda2 ino=437194
> scontext=user_u:user_r:user_su_t tcontext=root:object_r:staff_home_dir_t
> tclass=file
See above.
> avc: denied { add_name } for pid=3489 exe=/bin/su name=.xauthrQsUjb
> scontext=user_u:user_r:user_su_t tcontext=root:object_r:staff_home_dir_t
> tclass=dir
> avc: denied { create } for pid=3489 exe=/bin/su name=.xauthrQsUjb
> scontext=user_u:user_r:user_su_t
> tcontext=user_u:object_r:staff_home_dir_t tclass=file
> avc: denied { setattr } for pid=3489 exe=/bin/su name=.xauthrQsUjb
> dev=hda2 ino=437207 scontext=user_u:user_r:user_su_t
> tcontext=user_u:object_r:staff_home_dir_t tclass=file
This is in bugzilla already:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120108
Tim.
*/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040510/e7a6dbaf/attachment.sig>
More information about the fedora-selinux-list
mailing list