AVCs denied from latest FC4 kernel startup

[Matthew Saltzman]

On Sun, 5 Feb 2006, Bob Kashani wrote:

> On Sat, 2006-02-04 at 23:35 -0500, Matthew Saltzman wrote:
>> After installing kernel-2.6.15-1.1830_FC4 (or any of the 2.6.15 kernels),
>> I get the following on startup.  Startup appears to complete normally and
>> the system seems functional (at least for what I've tried so far).
>>
>> audit(1139113698.796:2): avc:  denied  { search } for  pid=578
>> comm="hotplug" name="proc" dev=dm-0 ino=851969
>> scontext=system_u:system_r:hotplug_t
>> tcontext=system_u:object_r:unlabeled_t tclass=dir
>
> Matt, what's the context of /etc/hotplug and /sbin/hotplug? I have this:
>
> drwxr-xr-x  root     root
> system_u:object_r:hotplug_etc_t  /etc/hotplug
> drwxr-xr-x  root     root
> system_u:object_r:etc_t          /etc/hotplug.d
> -rwxr-xr-x  root     root
> system_u:object_r:hotplug_exec_t /sbin/hotplug
>
> Try /sbin/restorecon -R /etc/hotplug* /sbin/hotplug

$ ls -dZ /etc/hotplug.* /sbin/hotplug
drwxr-xr-x  root     root     system_u:object_r:etc_t          /etc/hotplug.d
drwxr-xr-x  root     root     system_u:object_r:hotplug_etc_t  /etc/hotplug
-rwxr-xr-x  root     root     system_u:object_r:hotplug_exec_t /sbin/hotplug

After the restorecon, mine are the same as yours.  The startup messages 
are nto affected.

BTW, I get the same startup messages in 2.6.14 FC4 kernels if I boot in 
non-quiet mode.

I filed a bug against the kernel as requested by Stephen Smalley.

>
> Bob
>
>

-- 
 		Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs