[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Post FC6 upgrade SELinux problem



After upgrading from FC5 to FC6, my first clue was that X-Windows
wouldn't come up because it could not find the 'fixed' font. This
meant the xfs server wasn't working. Sure enough, dmesg showed:

audit(1167922474.426:78): avc:  denied  { read } for  pid=2399
comm="xfs" name="fonts.dir" dev=hda5 ino=3260727
scontext=system_u:system_r:xfs_t:s0
tcontext=system_u:object_r:usr_t:s0 tclass=file

Looking through dmesg, I discovered many other "avc:  denied" messages:

audit(1167922423.998:4): avc:  denied  { audit_write } for  pid=376
comm="hwclock" capability=29 scontext=system_u:system_r:hwclock_t:s0
tcontext=system_u:system_r:hwclock_t:s0 tclass=capability

audit(1167922427.986:5): avc:  denied  { getattr } for  pid=1369
comm="pam_console_app" name="adsp1" dev=tmpfs ino=5904
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:device_t:s0 tclass=chr_file

audit(1167922462.739:7): avc:  denied  { search } for  pid=2083
comm="auditd" name="bin" dev=hda5 ino=1042531
scontext=system_u:system_r:auditd_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=dir

audit(1167922463.659:12): avc:  denied  { write } for  pid=2132
comm="dbus-daemon" name=".setrans-unix" dev=hda5 ino=423906
scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:object_r:
var_run_t:s0 tclass=sock_file

audit(1167922464.088:15): avc:  denied  { setuid } for  pid=2154
comm="mount" capability=7 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:system_r:mount_t:s0 tclass=capability

audit(1167922464.089:16): avc:  denied  { setgid } for  pid=2154
comm="mount" capability=6 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:system_r:mount_t:s0 tclass=capability

audit(1167922464.531:23): avc:  denied  { search } for  pid=2193
comm="automount" name="1" dev=proc ino=65538
scontext=system_u:system_r:automount_t:s0
tcontext=system_u:system_r:init_t:s0 tclass=dir

audit(1167922470.796:75): avc:  denied  { search } for  pid=2249
comm="ntpd" name="net" dev=proc ino=-268435432
scontext=system_u:system_r:ntpd_t:s0
tcontext=system_u:object_r:proc_net_t:s0 tclass=dir

audit(1167922474.229:76): avc:  denied  { write } for  pid=2396
comm="restorecon" name=".setrans-unix" dev=hda5 ino=423906
scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file

audit(1167922474.426:78): avc:  denied  { read } for  pid=2399
comm="xfs" name="fonts.dir" dev=hda5 ino=3260727
scontext=system_u:system_r:xfs_t:s0
tcontext=system_u:object_r:usr_t:s0 tclass=file

....and many, many more. Clearly, my SELinux policies were seriously
broken during the upgrade. So, how to recover? If I could get
X-Windows up, would the new SELinux GUI be the way to go? Do I need to
reinstall an SELinux package(s)? If so, which one(s)?

Suggestions, pointers much appreciated!

TIA,

Kirk


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]