denied avc's on rawhide
Antonio Olivares
olivares14031 at yahoo.com
Tue Dec 9 00:44:15 UTC 2008
Dear fellow testers and selinux experts,
After updating to latest updates, I get several selinux denials, but setroubleshoot does not display, them. I get to see them when the system starts and that is it :(
[olivares at localhost ~]$ rpm -qa selinux*
[olivares at localhost ~]$ rpm -qa selinux
[olivares at localhost ~]$ rpm -qa selinux-policy*
selinux-policy-3.6.1-6.fc11.noarch
selinux-policy-targeted-3.6.1-6.fc11.noarch
[olivares at localhost ~]$ dmesg | grep 'avc'
type=1400 audit(1228782900.945:4): avc: denied { sys_tty_config } for pid=709 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
type=1400 audit(1228782901.610:5): avc: denied { sys_tty_config } for pid=716 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
type=1400 audit(1228782924.617:6): avc: denied { sys_tty_config } for pid=1471 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
type=1400 audit(1228782926.009:7): avc: denied { write } for pid=1497 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
type=1400 audit(1228782928.136:8): avc: denied { sys_tty_config } for pid=1672 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
type=1400 audit(1228782964.027:9): avc: denied { sys_tty_config } for pid=1688 comm="consoletype" capability=26 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:system_r:consoletype_t:s0 tclass=capability
type=1400 audit(1228782991.682:10): avc: denied { search } for pid=2415 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
type=1400 audit(1228782992.039:11): avc: denied { search } for pid=2445 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
type=1400 audit(1228782993.853:12): avc: denied { search } for pid=2482 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
type=1400 audit(1228782995.570:13): avc: denied { search } for pid=2574 comm="python" name=".local" dev=dm-0 ino=1507729 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir
type=1400 audit(1228783019.890:14): avc: denied { search } for pid=2845 comm="polkit-read-aut" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir
[olivares at localhost ~]$
Regards,
Antonio
More information about the fedora-test-list
mailing list