More avc denies

Tim Waugh twaugh at redhat.com
Mon May 10 14:31:58 UTC 2004


On Mon, May 10, 2004 at 04:04:04PM +0200, Leonard den Ottolander wrote:

> Had to move in the /etc/security/selinux/policies because they were
> created as .rpmnews.

You had policy-sources installed as well?  I think it's expected
behaviour in that case (policy-sources' %post scriptlet generates them
from source).

> Root console login:
> avc:  denied  { read } for  pid=1559 exe=/bin/login
> name=.default_contexts dev=hda2 ino=437194
> scontext=system_u:system_r:local_login_t
> tcontext=root:object_r:staff_home_dir_t tclass=file

Looks like /root/.default_contexts has the wrong file context.  Try after
running restorecon on it.

> ssh login and su - :
> avc:  denied  { read } for  pid=3489 exe=/bin/su name=.default_contexts
> dev=hda2 ino=437194 scontext=user_u:user_r:user_su_t
> tcontext=root:object_r:staff_home_dir_t tclass=file
> avc:  denied  { getattr } for  pid=3489 exe=/bin/su
> path=/root/.default_contexts dev=hda2 ino=437194
> scontext=user_u:user_r:user_su_t tcontext=root:object_r:staff_home_dir_t
> tclass=file

See above.

> avc:  denied  { add_name } for  pid=3489 exe=/bin/su name=.xauthrQsUjb
> scontext=user_u:user_r:user_su_t tcontext=root:object_r:staff_home_dir_t
> tclass=dir
> avc:  denied  { create } for  pid=3489 exe=/bin/su name=.xauthrQsUjb
> scontext=user_u:user_r:user_su_t
> tcontext=user_u:object_r:staff_home_dir_t tclass=file
> avc:  denied  { setattr } for  pid=3489 exe=/bin/su name=.xauthrQsUjb
> dev=hda2 ino=437207 scontext=user_u:user_r:user_su_t
> tcontext=user_u:object_r:staff_home_dir_t tclass=file

This is in bugzilla already:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120108

Tim.
*/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040510/e7a6dbaf/attachment.sig>


More information about the fedora-selinux-list mailing list