Bug 133145
| Summary: | avc denied for tmpfs during boot | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | John Reiser <jreiser> | ||||
| Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 3 | CC: | wtogami | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | i386 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2004-10-15 17:11:01 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 130887, 133652 | ||||||
| Attachments: |
|
||||||
Created attachment 104090 [details]
grep "avc:" /var/log/messages # plus all selinux-related lines, to show context
I see 12 lines with avc: complaints.
THis is caused because the tmpfs xattr patch was pulled from the kernel. Please use the previous kernel (FC3-T2 kernel) until we have this sorted out. Dan kernel-2.6.8-1.541 is supposed to have tmpfs + xattrs. The next working tmpfs + xattrs kernel was 598+. Reiser mentions "permissive" mode. Are the xattrs being set properly in permissive mode? I see no complaints when booting to targeted, permissive mode using: kernel-2.6.8-1.541 selinux-policy-targeted-1.17.24-2 initscripts-7.85-1 The /var/log/messages at boot has: Oct 9 16:44:38 localhost kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs [I stopped running up2date on Oct.4 because my reading of fedora-test-list convinced me that FC3test2 had entered a phase of instability that was more than I wanted to handle.] Fixed with latest kernel (603) and policy-1.17.29-1. Yeah, we can mark this as fixed. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040809 Epiphany/1.3.8 Description of problem: During boot to multiuser runlevel 5, there are various messages "avc: denied" with tmpfs_t being the common element. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.18-3 How reproducible: Always Steps to Reproduce: 1. Boot to runlevel 5 using kernel-2.6.8-1.541, initscripts-7.82-1, and selinux-policy-targeted-1.17.18-3 in permissive mode. 2. 3. Actual Results: 12 lines in /var/log/messages with "avc: denied", all featuring tmpfs_t. Expected Results: No complaints. Additional info: Selected lines will be attached (all lines from /var/log/messages relating to selinux, in order.)