alot of selinux messages after todays rawhide update
Stephen Smalley
sds at tycho.nsa.gov
Fri Oct 21 11:56:34 UTC 2005
On Thu, 2005-10-20 at 16:19 -0500, Jason Dravet wrote:
> After updating my system to todays rawhide I see alot selinux related
> messages. I am running selinux-policy-targeted-1.27.1-21. I see these
> messages during boot and shutdown. I did a touch /autorelabel and reboot to
> see if things got better but they remained the same. The first and third
> messages (hwclock and fsck) have me concerned the most. Here are the
> messages:
>
> Oct 20 15:52:47 pcjason kernel: audit(1129823524.869:2): avc: denied { use
> } for pid=417 comm="hwclock" name="VolGroup00-LogVol01" dev=tmpfs ino=760
> scontext=system_u:system_r:hwclock_t:s0
> tcontext=system_u:system_r:kernel_t:s0 tclass=fd
>
> Oct 20 15:52:50 pcjason kernel: audit(1129841541.911:3): avc: denied {
> read } for pid=1164 comm="restorecon" name="VolGroup00-LogVol01" dev=tmpfs
> ino=760 scontext=system_u:system_r:restorecon_t:s0
> tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
This means that the kernel (or early userspace prior to initial policy
load) is leaking a descriptor to that device to all descendants.
SELinux is then correctly denying access to the descriptor and device
and closing it on each domain transition. Someone needs to track down
the offending entity that is leaking the descriptor and fix it. In the
absence of SELinux, this kind of bug would likely never be noticed
(unless some program tried using the inherited descriptor for some
reason).
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list