Rawhide mls avcs on boot

Stephen Smalley sds at tycho.nsa.gov
Thu Mar 6 18:16:30 UTC 2008


On Thu, 2008-03-06 at 12:09 -0600, Joe Nall wrote:
> rawhide mls (selinux-policy-3.3.1-11) has a number of these avcs in / 
> var/log/messages on boot
> 
> Mar  6 10:00:01 xw4100 kernel: type=1400 audit(1204819180.560:5):  
> avc:  denied  { unmount } for  pid=1 comm="init"  
> scontext=system_u:system_r:kernel_t:s15:c0.c1023  
> tcontext=system_u:object_r:tmpfs_t:s0 tclass=filesystem
> Mar  6 10:00:01 xw4100 kernel: type=1400 audit(1204819180.560:6):  
> avc:  denied  { unmount } for  pid=1 comm="init"  
> scontext=system_u:system_r:kernel_t:s15:c0.c1023  
> tcontext=system_u:object_r:proc_t:s0 tclass=filesystem
> Mar  6 10:00:01 xw4100 kernel: type=1400 audit(1204819180.561:7):  
> avc:  denied  { unmount } for  pid=1 comm="init"  
> scontext=system_u:system_r:kernel_t:s15:c0.c1023  
> tcontext=system_u:object_r:sysfs_t:s0 tclass=filesystem
> 
> is adding
> 
> allow kernel_t proc_t:filesystem unmount;
> allow kernel_t sysfs_t:filesystem unmount;
> allow kernel_t tmpfs_t:filesystem unmount;
> 
> to kernel.te the correct fix for this?

fs_unmount_all_fs(kernel_t)

-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list