[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

What severity would this SELinux denial have for the latest kernel?

I updated the kernel after installing the latest mkinitrd package and some errors were reported when pup finished. I also got the attsched SELinux error. The other SELinux error with xdm_var_lib_t was already mentioned in an earlier post.


kernel - 2.6.24-0.133.rc6.git8.fc9.i686
WARNING: Couldn't open directory /tmp/initrd.dY3159/lib/modules/2.6.24-0.133.rc6.git8.fc9: Permission denied FATAL: Could not open /tmp/initrd.dY3159/lib/modules/2.6.24-0.133.rc6.git8.fc9/modules.dep.temp for writing: Permission denied

If life is a stage, I want some better lighting.

SELinux is preventing the depmod(/sbin/depmod) from using potentially mislabeled
files ().
Detailed Description

SELinux has denied depmod(/sbin/depmod) access to potentially mislabeled file(s)
(<Unknown>). This means that SELinux will not allow depmod(/sbin/depmod) to use
these files. It is common for users to edit files in their home directory or tmp
directories and then move (mv) them to system directories. The problem is that
the files end up with the wrong file context which confined applications are not
allowed to access.
Allowing Access

If you want depmod(/sbin/depmod) to access this files, you need to relabel them
using restorecon -v <Unknown>. You might want to relabel the entire directory
using restorecon -R -v <Unknown>.Additional Information        

Source Context                system_u:system_r:depmod_t
Target Context                system_u:object_r:tmp_t
Target Objects                None [ dir ]
Source                        depmod(/sbin/depmod)
Port                          <Unknown>
Host                          HP-JCF7
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.2.5-7.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   home_tmp_bad_labels
Host Name                     HP-JCF7
Platform                      Linux HP-JCF7 #1 SMP Wed Nov 21
                              18:51:08 EST 2007 i686 athlon
Alert Count                   2
First Seen                    Thu 03 Jan 2008 05:47:20 PM EST
Last Seen                     Thu 03 Jan 2008 05:47:20 PM EST
Local ID                      bf1d6609-37f4-42b1-bd2c-75c64deca263
Line Numbers                  

Raw Audit Messages            

host=HP-JCF7 type=AVC msg=audit(1199400440.555:34): avc:  denied  { search } for  pid=5198 comm="depmod" name="tmp" dev=sda6 ino=260097 scontext=system_u:system_r:depmod_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir

host=HP-JCF7 type=SYSCALL msg=audit(1199400440.555:34): arch=40000003 syscall=5 success=no exit=-13 a0=bf866ab0 a1=241 a2=1b6 a3=9c68480 items=0 ppid=2957 pid=5198 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="depmod" exe="/sbin/depmod" subj=system_u:system_r:depmod_t:s0 key=(null)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]