Permission denied when building kernel
Matthew East
matthew.east at iue.it
Thu May 27 08:39:24 UTC 2004
I cannot build and install a kernel with selinux enabled. Here is what
happens towards the end of the modules_install stage:
if [ -r System.map ]; then /sbin/depmod -ae -F System.map -b
/var/tmp/kernel-2.6.6-root -r 2.6.6; fi
WARNING: Couldn't open directory
/var/tmp/kernel-2.6.6-root/lib/modules/2.6.6: Permission denied
FATAL: Could not open
/var/tmp/kernel-2.6.6-root/lib/modules/2.6.6/modules.dep.temp for
writing: Permission denied
make[1]: *** [_modinst_post] Error 1
error: Bad exit status from /var/tmp/rpm-tmp.11877 (%install)
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.11877 (%install)
make: *** [rpm] Error 1
Here are the error messages:
[root at localhost linux-2.6.6]# dmesg |tail
{snip}
audit(1085609097.359:0): avc: denied { search } for pid=17414
exe=/sbin/depmod name=tmp dev=hda2 ino=196228
scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:tmp_t
tclass=dir
audit(1085609097.359:0): avc: denied { search } for pid=17414
exe=/sbin/depmod name=tmp dev=hda2 ino=196228
scontext=root:sysadm_r:depmod_t tcontext=system_u:object_r:tmp_t
tclass=dir
I hope that someone can help me with this!! Maybe I am going about the
compiling the wrong way, but it works fine with selinux disabled.
Many thanks in advance, Matt
p.s. Just for the record, or in case they are useful, here are the error
messages I get when booting my new kernel which was compiled with
selinux set to permissive.
Freeing unused kernel memory: 160k freed
security: 5 users, 7 roles, 1244 types, 1 bools
security: 30 classes, 303377 rules
SELinux: Completing initialization.
SELinux: Setting up existing superblocks.
SELinux: initialized (dev , type selinuxfs), uses genfs_contexts
SELinux: initialized (dev hda2, type ext3), uses xattr
audit(1085619351.268:0): avc: denied { ioctl } for pid=164
exe=/bin/bash path=/dev/null dev=hda2 ino=283937
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
audit(1085619351.271:0): avc: denied { getattr } for pid=176
exe=/bin/bash path=/etc/hotplug dev=hda2 ino=49185
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
audit(1085619351.271:0): avc: denied { read } for pid=164
exe=/bin/bash path=pipe:[842] dev= ino=842
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=fifo_file
audit(1085619351.272:0): avc: denied { ioctl } for pid=165
exe=/bin/bash path=/dev/null dev=hda2 ino=283937
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
audit(1085619351.274:0): avc: denied { search } for pid=177
exe=/bin/bash name=hotplug dev=hda2 ino=49185
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
audit(1085619351.274:0): avc: denied { read } for pid=165
exe=/bin/bash path=pipe:[843] dev= ino=843
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=fifo_file
audit(1085619351.274:0): avc: denied { ioctl } for pid=167
exe=/bin/bash path=/dev/null dev=hda2 ino=283937
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
audit(1085619351.277:0): avc: denied { search } for pid=178
exe=/bin/bash name=hotplug dev=hda2 ino=49185
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
audit(1085619351.277:0): avc: denied { read } for pid=167
exe=/bin/bash path=pipe:[844] dev= ino=844
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=fifo_file
audit(1085619351.277:0): avc: denied { ioctl } for pid=166
exe=/bin/bash path=/dev/null dev=hda2 ino=283937
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
audit(1085619351.280:0): avc: denied { search } for pid=179
exe=/bin/bash name=hotplug dev=hda2 ino=49185
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
audit(1085619351.280:0): avc: denied { read } for pid=166
exe=/bin/bash path=pipe:[845] dev= ino=845
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=fifo_file
audit(1085619351.290:0): avc: denied { getattr } for pid=177
exe=/bin/env path=/etc/ld.so.cache dev=hda2 ino=50220
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=file
audit(1085619351.290:0): avc: denied { read } for pid=177
exe=/bin/env name=libc-2.3.3.so dev=hda2 ino=131669
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=file
audit(1085619351.290:0): avc: denied { getattr } for pid=177
exe=/bin/env path=/lib/tls dev=hda2 ino=130821
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
audit(1085619351.290:0): avc: denied { read } for pid=176
exe=/bin/bash path=/lib/ld-2.3.3.so dev=hda2 ino=130827
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=file
audit(1085619351.290:0): avc: denied { getattr } for pid=176
exe=/bin/bash path=/dev/null dev=hda2 ino=283937
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
audit(1085619351.291:0): avc: denied { write } for pid=176
exe=/bin/bash path=/dev/null dev=hda2 ino=283937
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
audit(1085619351.292:0): avc: denied { search } for pid=164
exe=/bin/bash name=hotplug dev=hda2 ino=49185
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
audit(1085619351.292:0): avc: denied { read } for pid=179
exe=/bin/bash path=/lib/ld-2.3.3.so dev=hda2 ino=130827
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=file
audit(1085619351.293:0): avc: denied { getattr } for pid=179
exe=/bin/bash path=/dev/null dev=hda2 ino=283937
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
audit(1085619351.293:0): avc: denied { write } for pid=179
exe=/bin/bash path=/dev/null dev=hda2 ino=283937
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
audit(1085619351.294:0): avc: denied { search } for pid=166
exe=/bin/bash name=hotplug dev=hda2 ino=49185
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
audit(1085619351.294:0): avc: denied { read } for pid=178
exe=/bin/bash path=/lib/ld-2.3.3.so dev=hda2 ino=130827
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=file
audit(1085619351.294:0): avc: denied { getattr } for pid=178
exe=/bin/bash path=/dev/null dev=hda2 ino=283937
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
audit(1085619351.295:0): avc: denied { write } for pid=178
exe=/bin/bash path=/dev/null dev=hda2 ino=283937
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=chr_file
audit(1085619351.296:0): avc: denied { search } for pid=167
exe=/bin/bash name=hotplug dev=hda2 ino=49185
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=dir
audit(1085619351.699:0): avc: denied { getattr } for pid=177
exe=/bin/env path=pipe:[843] dev= ino=843
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=fifo_file
audit(1085619351.700:0): avc: denied { write } for pid=177
exe=/bin/env path=pipe:[843] dev= ino=843
scontext=system_u:system_r:kernel_t
tcontext=system_u:object_r:unlabeled_t tclass=fifo_file
SELinux: initialized (dev ram0, type ext2), uses xattr
SELinux: initialized (dev , type mqueue), not configured for labeling
SELinux: initialized (dev , type hugetlbfs), not configured for labeling
SELinux: initialized (dev , type devpts), uses transition SIDs
SELinux: initialized (dev , type eventpollfs), uses genfs_contexts
SELinux: initialized (dev , type pipefs), uses task SIDs
SELinux: initialized (dev , type tmpfs), uses transition SIDs
SELinux: initialized (dev , type futexfs), uses genfs_contexts
SELinux: initialized (dev , type sockfs), uses task SIDs
SELinux: initialized (dev , type proc), uses genfs_contexts
SELinux: initialized (dev , type bdev), uses genfs_contexts
SELinux: initialized (dev , type rootfs), uses genfs_contexts
SELinux: initialized (dev , type sysfs), uses genfs_contexts
More information about the fedora-selinux-list
mailing list