How to fix acv denied errors
Ian Leonard
ian at smallworld.cx
Tue Oct 2 10:12:38 UTC 2007
Hi,
I am new to SELinux so I may have got this wrong but....
I am using a custom FC6 distribution that I built and installed using
Kickstart. After installation I have two errors in the log file:
audit(1191322730.172:5): avc: denied { mounton } for pid=1606
comm="mount" name="log" dev=hda1 ino=1035266
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=dir
Oct 2 11:59: kernel: audit(1191322771.771:34): avc: denied { getattr
} for pid=1424 comm="rhgb" name=".X0-lock" dev=hda1 ino=485340
scontext=system_u:system_r:rhgb_t:s0 tcontext=system_u:object_r:tmp_t:s0
tclass=file
To take the second one, it seems that the .X0-lock needs to be allowed
to run from the rhgb_t context. To fix this I have edited,
/etc/selinux/targeted/src/contexts/files/file_contexts (I am running in
targeted mode). I added the rhgb_t context to the /tmp.*.
Now it seems I have to run 'make load'. However there is no sign of a
makefile anywhere (and this is true of my standard FC6 distro).
Where am I going wrong. TIA.
--
Ian Leonard
Please ignore spelling and punctuation - I did.
More information about the fedora-selinux-list
mailing list