[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Odd messages during bootup from gdm



Gene Heskett wrote:
Paul Howarth wrote:
Gene Heskett wrote:
2 Q's:
1.  Was that the right thing to do, and

No. The "allow" commands are not shell commands.
See: http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow

bookmarked for study when I get in tonight, thanks

2. Is this permanent

No, since it wouldn't have actually done anything. Loading a module using "semodule" as described in the link above is permanent though.

Before doing any of this, I would bear in mind a few things:

1. The AVC messages you're getting appear to be for several different processes, suggesting that there are several different issues here.

yes, there are several more "stanza's" of this in the logs.
2. Are any of these issues symptoms of an actual problem, other than annoying messages coming up on the screen?

It has since day one sprinkled messages throughout the logs about the dvdd/cd writer being confused.

ISTR something about this on the list not too long ago. Thought it might be a hardware problem actually.

 > NDI if this is related, and it did work
for making dvd's under XP, and has read anything I put in it except audio disks, those the players go thru all the motions of playing, but no sound actually comes out.

3. The best solution might not be to "allow" these actions at all - some may be due to file contexts being wrong, others might be harmless and better off "dontaudit"ed instead,

Have you at any time booted with SELinux disabled and have not since done a full relabel? I'm guessing that you have.
right, as  a test once

What's the output of:

$ ls -lZd /etc/localtime /var

I would expect:
 -rw-r--r--  root     root     system_u:object_r:locale_t /etc/localtime
drwxr-xr-x  root     root     system_u:object_r:var_t          /var

[root diablo ~]# ls -lZd /etc/localtime /var
-rw-r--r-- root root root:object_r:etc_t /etc/localtime
drwxr-xr-x  root     root     system_u:object_r:var_t          /var

You seem to have these as etc_t and file_t respectively.

I was right about one of them then :-)

I'd suggest relabelling the system before trying anything else. This will take a long time so schedule it at an appropriate time.

Set SELinux to permissive mode, reboot, and in the grub menu add "autorelabel" to the end of the "kernel" line.

After rebooting you can change SELinux back to enforcing mode if that's the setting you had before.

That will probably fix most of the AVC issues you're seeing.

Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]