Bug 161219
| Summary: | During installation process Selinux deny some Anaconda activity | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Fabio <qnxuserit> |
| Component: | anaconda | Assignee: | Anaconda Maintenance Team <anaconda-maint-list> |
| Status: | CLOSED NOTABUG | QA Contact: | Mike McLean <mikem> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-06-21 22:05:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
We have to run in SELinux permissive mode so that we can install things and get file contexts correct. Well, how can I run SELinux in permissive mode? Do you mean I have to boot with "linux selinux=0"? I booted from cd with "enter", I see a lots of "denied", I think SElinux is enabled by default booting from cd... During a second installation on the same machine I tryed to disable selinux at the security-step of the installation process (disabled the firewall too...) but I've the same problem. This time at boot I've seen some error like dirs which don't exists, fonts.dir not found etc. I think some scripts inside some rpm failed because of selinux. Bye Fabio Anaconda sets things up so it's not enforcing. That means that the messages are just informational and don't actually deny anything. |
Description of problem: Installing FC4 on a test-machine I have seen the post-install phase very slow, it was taking too much time. So I used CTRL-ALT-F1, F2, F3 ecc. ecc. to check if there was some activity and I noticed a lot of selinux's deny. Here is /var/log/anaconda.syslog: <..cut..> <6>security: 3 users, 6 roles, 764 types, 87 bools <6>security: 55 classes, 180131 rules <6>SELinux: Completing initialization. <6>SELinux: Setting up existing superblocks. <6>SELinux: initialized (dev loop0, type cramfs), uses genfs_contexts <6>SELinux: initialized (dev hdc, type iso9660), uses genfs_contexts <6>SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts <6>SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts <6>SELinux: initialized (dev ramfs, type ramfs), uses genfs_contexts <6>SELinux: initialized (dev ramfs, type ramfs), uses genfs_contexts <6>SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs <6>SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts <6>SELinux: initialized (dev mqueue, type mqueue), not configured for labeling <6>SELinux: initialized (dev hugetlbfs, type hugetlbfs), not configured for labeling <6>SELinux: initialized (dev devpts, type devpts), uses transition SIDs <6>SELinux: initialized (dev eventpollfs, type eventpollfs), uses genfs_contexts <6>SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs <6>SELinux: initialized (dev futexfs, type futexfs), uses genfs_contexts <6>SELinux: initialized (dev pipefs, type pipefs), uses task SIDs <6>SELinux: initialized (dev sockfs, type sockfs), uses task SIDs <6>SELinux: initialized (dev proc, type proc), uses genfs_contexts <6>SELinux: initialized (dev bdev, type bdev), uses genfs_contexts <6>SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts <6>SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts <4>audit(1119347401.463:2): avc: denied { transition } for pid=428 comm="loader" name=bash dev=loop0 ino=16811716 scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:anaconda_t tclass=process <6>md: raid0 personality registered as nr 2 <6>md: raid1 personality registered as nr 3 <6>raid5: automatically using best checksumming function: pIII_sse <4> pIII_sse : 1580.000 MB/sec <4>raid5: using function: pIII_sse (1580.000 MB/sec) <6>md: raid5 personality registered as nr 4 <4>raid6: int32x1 238 MB/s <4>raid6: int32x2 253 MB/s <4>raid6: int32x4 214 MB/s <4>raid6: int32x8 199 MB/s <4>raid6: mmxx1 714 MB/s <4>raid6: mmxx2 882 MB/s <4>raid6: sse1x1 636 MB/s <4>raid6: sse1x2 871 MB/s <4>raid6: using algorithm sse1x2 (871 MB/s) <6>md: raid6 personality registered as nr 8 <6>JFS: nTxBlock = 1990, nTxLock = 15925 <6>SGI XFS with ACLs, security attributes, large block numbers, no debug enabled <6>SGI XFS Quota Management subsystem <6>device-mapper: 4.4.0-ioctl (2005-01-12) initialised: dm-devel <6>parport0: PC-style at 0x378 (0x778) [PCSPP,TRISTATE] <6>parport0: irq 7 detected <4>audit(1119347413.577:3): avc: denied { associate } for pid=497 comm="anaconda" name=rpm scontext=system_u:object_r:root_t tcontext=system_u:object_r:root_t tclass=filesystem <6>kjournald starting. Commit interval 5 seconds <6>EXT3 FS on hda1, internal journal <6>EXT3-fs: mounted filesystem with ordered data mode. <6>SELinux: initialized (dev hda1, type ext3), uses xattr <6>Adding 1052216k swap on /tmp/hda7. Priority:-1 extents:1 <6>kjournald starting. Commit interval 5 seconds <6>EXT3 FS on hda5, internal journal <6>EXT3-fs: mounted filesystem with ordered data mode. <6>SELinux: initialized (dev hda5, type ext3), uses xattr <6>kjournald starting. Commit interval 5 seconds <6>EXT3 FS on hda1, internal journal <6>EXT3-fs: mounted filesystem with ordered data mode. <6>SELinux: initialized (dev hda1, type ext3), uses xattr <6>kjournald starting. Commit interval 5 seconds <6>EXT3 FS on hda9, internal journal <6>EXT3-fs: mounted filesystem with ordered data mode. <6>SELinux: initialized (dev hda9, type ext3), uses xattr <6>kjournald starting. Commit interval 5 seconds <6>EXT3 FS on hda8, internal journal <6>EXT3-fs: mounted filesystem with ordered data mode. <6>SELinux: initialized (dev hda8, type ext3), uses xattr <6>kjournald starting. Commit interval 5 seconds <6>EXT3 FS on hda6, internal journal <6>EXT3-fs: mounted filesystem with ordered data mode. <6>SELinux: initialized (dev hda6, type ext3), uses xattr <4>audit(1119348538.685:4): avc: denied { use } for pid=975 comm="restorecon" name=[19779] dev=pipefs ino=19779 scontext=system_u:system_r:restorecon_t tcontext=system_u:system_r:anaconda_t tclass=fd <4>audit(1119348538.685:5): avc: denied { read } for pid=975 comm="restorecon" name=[19779] dev=pipefs ino=19779 scontext=system_u:system_r:restorecon_t tcontext=system_u:system_r:anaconda_t tclass=fifo_file <4>audit(1119348540.044:6): avc: granted { load_policy } for pid=978 comm="load_policy" scontext=system_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security <6>security: 3 users, 6 roles, 764 types, 87 bools <6>security: 55 classes, 180131 rules <4>audit(1119348608.475:7): avc: denied { use } for pid=1118 comm="restorecon" name=[28365] dev=pipefs ino=28365 scontext=system_u:system_r:restorecon_t tcontext=system_u:system_r:anaconda_t tclass=fd <4>audit(1119348608.475:8): avc: denied { read } for pid=1118 comm="restorecon" name=[28365] dev=pipefs ino=28365 scontext=system_u:system_r:restorecon_t tcontext=system_u:system_r:anaconda_t tclass=fifo_file <4>audit(1119349189.519:9): avc: denied { associate } for pid=510 comm="anaconda" name=source scontext=system_u:object_r:root_t tcontext=system_u:object_r:root_t tclass=filesystem <7>ISO 9660 Extensions: Microsoft Joliet Level 3 <4>Unable to load NLS charset utf8 <4>Unable to load NLS charset utf8 <7>ISO 9660 Extensions: RRIP_1991A <6>SELinux: initialized (dev hdc, type iso9660), uses genfs_contexts <7>ISO 9660 Extensions: Microsoft Joliet Level 3 <4>Unable to load NLS charset utf8 <4>Unable to load NLS charset utf8 <7>ISO 9660 Extensions: RRIP_1991A <6>SELinux: initialized (dev hdc, type iso9660), uses genfs_contexts <7>ISO 9660 Extensions: Microsoft Joliet Level 3 <4>Unable to load NLS charset utf8 <4>Unable to load NLS charset utf8 <7>ISO 9660 Extensions: RRIP_1991A <6>SELinux: initialized (dev hdc, type iso9660), uses genfs_contexts <7>ISO 9660 Extensions: Microsoft Joliet Level 3 <4>Unable to load NLS charset utf8 <4>Unable to load NLS charset utf8 <7>ISO 9660 Extensions: RRIP_1991A <6>SELinux: initialized (dev hdc, type iso9660), uses genfs_contexts <4>audit(1119353294.578:10): avc: denied { getattr } for pid=8236 comm="restorecon" name=zero dev=hda6 ino=163869 scontext=system_u:system_r:restorecon_t tcontext=system_u:object_r:named_conf_t tclass=chr_file <4>audit(1119353295.206:11): avc: denied { relabelfrom } for pid=8236 comm="restorecon" name=zero dev=hda6 ino=163869 scontext=system_u:system_r:restorecon_t tcontext=system_u:object_r:named_conf_t tclass=chr_file <4>audit(1119354024.448:12): avc: denied { associate } for pid=510 comm="anaconda" name=source scontext=system_u:object_r:root_t tcontext=system_u:object_r:root_t tclass=filesystem <7>ISO 9660 Extensions: Microsoft Joliet Level 3 <4>Unable to load NLS charset utf8 <4>Unable to load NLS charset utf8 <7>ISO 9660 Extensions: RRIP_1991A <6>SELinux: initialized (dev hdc, type iso9660), uses genfs_contexts <7>ISO 9660 Extensions: Microsoft Joliet Level 3 <4>Unable to load NLS charset utf8 <4>Unable to load NLS charset utf8 <7>ISO 9660 Extensions: RRIP_1991A <6>SELinux: initialized (dev hdc, type iso9660), uses genfs_contexts <6>e100: eth0: e100_watchdog: link up, 100Mbps, full-duplex <4>audit(1119355973.379:13): avc: denied { use } for pid=13799 comm="kudzu" name=tty1 dev=tmpfs ino=482 scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kernel_t tclass=fd <4>audit(1119355973.379:14): avc: denied { read write } for pid=13799 comm="kudzu" name=tty1 dev=tmpfs ino=482 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t tclass=chr_file <4>audit(1119355973.379:15): avc: denied { read } for pid=13799 comm="kudzu" name=biosdev dev=ramfs ino=1038 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:ramfs_t tclass=blk_file <4>audit(1119355973.379:16): avc: denied { append } for pid=13799 comm="kudzu" name=anaconda.log dev=ramfs ino=512 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:ramfs_t tclass=file <4>audit(1119355973.380:17): avc: denied { read write } for pid=13799 comm="kudzu" name=[1673] dev=sockfs ino=1673 scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:anaconda_t tclass=udp_socket <4>audit(1119355973.380:18): avc: denied { write } for pid=13799 comm="kudzu" name=disk dev=ramfs ino=1870 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:ramfs_t tclass=blk_file <4>audit(1119355973.380:19): avc: denied { append } for pid=13799 comm="kudzu" name=install.log dev=hda5 ino=325762 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:file_t tclass=file <4>audit(1119355973.691:20): avc: denied { read } for pid=13799 comm="kudzu" name=mtab dev=hda5 ino=293192 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:file_t tclass=file <4>audit(1119355973.692:21): avc: denied { getattr } for pid=13799 comm="kudzu" name=mtab dev=hda5 ino=293192 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:file_t tclass=file <4>audit(1119355974.164:22): avc: denied { search } for pid=13799 comm="kudzu" name=/ dev=tmpfs ino=469 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t tclass=dir <4>audit(1119355974.386:23): avc: denied { ioctl } for pid=13799 comm="kudzu" name=console dev=tmpfs ino=470 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t tclass=chr_file <4>audit(1119355974.386:24): avc: denied { execute } for pid=13799 comm="kudzu" name=zero dev=tmpfs ino=476 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t tclass=chr_file <4>audit(1119355974.460:25): avc: denied { read } for pid=13799 comm="kudzu" name=fd0 dev=tmpfs ino=496 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t tclass=blk_file <4>audit(1119355974.460:26): avc: denied { write } for pid=13799 comm="kudzu" name=fd0 dev=tmpfs ino=496 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t tclass=blk_file <4>audit(1119355974.460:27): avc: denied { ioctl } for pid=13799 comm="kudzu" name=fd0 dev=tmpfs ino=496 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t tclass=blk_file <4>audit(1119355975.136:28): avc: denied { use } for pid=13803 comm="sh" name=tty1 dev=tmpfs ino=482 scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kernel_t tclass=fd <4>audit(1119355975.179:29): avc: denied { getattr } for pid=13803 comm="sh" name=/ dev=hda5 ino=2 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:file_t tclass=dir <4>audit(1119355975.657:30): avc: denied { getattr } for pid=13804 comm="python" name=tty1 dev=tmpfs ino=482 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t tclass=chr_file <4>audit(1119355976.111:31): avc: denied { ioctl } for pid=13804 comm="python" name=system-config-mouse.py dev=hda5 ino=524627 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:usr_t tclass=file <4>audit(1119355976.632:32): avc: denied { write } for pid=13804 comm="python" name=system-config-mouse dev=hda5 ino=524618 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:usr_t tclass=dir <4>audit(1119355976.632:33): avc: denied { add_name } for pid=13804 comm="python" name=mouse_cli.pyc scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:usr_t tclass=dir <4>audit(1119355976.632:34): avc: denied { create } for pid=13804 comm="python" name=mouse_cli.pyc scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:usr_t tclass=file <4>audit(1119355976.669:35): avc: denied { write } for pid=13804 comm="python" name=mouse_cli.pyc dev=hda5 ino=1477765 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:usr_t tclass=file <4>audit(1119355976.919:36): avc: denied { execute } for pid=13805 comm="service" name=gpm dev=hda5 ino=293713 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:initrc_exec_t tclass=file <4>audit(1119355976.952:37): avc: denied { execute_no_trans } for pid=13808 comm="env" name=gpm dev=hda5 ino=293713 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:initrc_exec_t tclass=file <4>audit(1119355976.952:38): avc: denied { read } for pid=13808 comm="env" name=gpm dev=hda5 ino=293713 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:initrc_exec_t tclass=file <4>audit(1119355977.008:39): avc: denied { ioctl } for pid=13808 comm="gpm" name=gpm dev=hda5 ino=293713 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:initrc_exec_t tclass=file <4>audit(1119355977.008:40): avc: denied { getattr } for pid=13808 comm="gpm" name=gpm dev=hda5 ino=293713 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:initrc_exec_t tclass=file <4>audit(1119355977.009:41): avc: denied { execute } for pid=13808 comm="gpm" name=functions dev=hda5 ino=293501 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:etc_t tclass=file <4>audit(1119355977.050:42): avc: denied { execute } for pid=13810 comm="gpm" name=consoletype dev=hda5 ino=1042555 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:consoletype_exec_t tclass=file <4>audit(1119355977.050:43): avc: denied { execute_no_trans } for pid=13810 comm="gpm" name=consoletype dev=hda5 ino=1042555 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:consoletype_exec_t tclass=file <4>audit(1119355977.050:44): avc: denied { read } for pid=13810 comm="gpm" name=consoletype dev=hda5 ino=1042555 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:consoletype_exec_t tclass=file <4>audit(1119355977.171:45): avc: denied { write } for pid=13799 comm="kudzu" name=log dev=tmpfs ino=2387 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t tclass=sock_file <4>audit(1119355977.171:46): avc: denied { connectto } for pid=13799 comm="kudzu" name=log scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:anaconda_t tclass=unix_stream_socket <4>audit(1119355977.171:47): avc: denied { rename } for pid=13799 comm="kudzu" name=modprobe.conf dev=hda5 ino=293193 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:file_t tclass=file <4>audit(1119355977.399:48): avc: denied { search } for pid=13811 comm="system-config-d" name=selinux dev=hda5 ino=293622 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:selinux_config_t tclass=dir <4>audit(1119355977.435:49): avc: denied { read } for pid=13811 comm="system-config-d" name=config dev=hda5 ino=293646 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:selinux_config_t tclass=file <4>audit(1119355977.435:50): avc: denied { getattr } for pid=13811 comm="system-config-d" name=config dev=hda5 ino=293646 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:selinux_config_t tclass=file <4>audit(1119355978.381:51): avc: denied { append } for pid=13811 comm="consolehelper-g" name=null dev=tmpfs ino=475 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t tclass=chr_file <4>audit(1119355984.677:52): avc: denied { create } for pid=13811 comm="consolehelper-g" scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kudzu_t tclass=tcp_socket <4>audit(1119355985.016:53): avc: denied { setopt } for pid=13811 comm="consolehelper-g" scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kudzu_t tclass=tcp_socket <4>audit(1119355985.072:54): avc: denied { connect } for pid=13811 comm="consolehelper-g" scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kudzu_t tclass=tcp_socket <4>audit(1119355985.073:55): avc: denied { name_connect } for pid=13811 comm="consolehelper-g" dest=6001 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:xserver_port_t tclass=tcp_socket <4>audit(1119355985.073:56): avc: denied { tcp_send } for pid=13811 comm="consolehelper-g" saddr=10.210.132.101 src=51587 daddr=127.0.0.1 dest=6001 netif=eth0 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:netif_eth0_t tclass=netif <4>audit(1119355985.073:57): avc: denied { tcp_send } for pid=13811 comm="consolehelper-g" saddr=10.210.132.101 src=51587 daddr=127.0.0.1 dest=6001 netif=eth0 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:node_lo_t tclass=node <4>audit(1119355985.073:58): avc: denied { send_msg } for pid=13811 comm="consolehelper-g" saddr=10.210.132.101 src=51587 daddr=127.0.0.1 dest=6001 netif=eth0 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:xserver_port_t tclass=tcp_socket <4>audit(1119356174.240:59): avc: denied { search } for pid=13811 comm="userhelper" name=contexts dev=hda5 ino=293625 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:default_context_t tclass=dir <4>audit(1119356174.263:60): avc: denied { read } for pid=13811 comm="userhelper" name=userhelper_context dev=hda5 ino=293638 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:default_context_t tclass=file <4>audit(1119356174.263:61): avc: denied { getattr } for pid=13811 comm="userhelper" name=userhelper_context dev=hda5 ino=293638 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:default_context_t tclass=file <4>audit(1119356174.415:62): avc: denied { search } for pid=13811 comm="userhelper" name=/ dev=selinuxfs ino=182 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:security_t tclass=dir <4>audit(1119356174.415:63): avc: denied { read write } for pid=13811 comm="userhelper" name=access dev=selinuxfs ino=6 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:security_t tclass=file <4>audit(1119356174.472:64): avc: denied { compute_av } for pid=13811 comm="userhelper" scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:security_t tclass=security <4>audit(1119356174.501:65): avc: denied { create } for pid=13811 comm="userhelper" scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kudzu_t tclass=netlink_audit_socket <4>audit(1119356174.529:66): avc: denied { bind } for pid=13811 comm="userhelper" scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kudzu_t tclass=netlink_audit_socket <4>audit(1119356174.558:67): avc: denied { write } for pid=13811 comm="userhelper" scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kudzu_t tclass=netlink_audit_socket <4>audit(1119356174.558:68): avc: denied { nlmsg_read } for pid=13811 comm="userhelper" scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kudzu_t tclass=netlink_audit_socket <4>audit(1119356174.717:69): avc: denied { read } for pid=13811 comm="userhelper" scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kudzu_t tclass=netlink_audit_socket <4>audit(1119356174.961:70): avc: denied { getattr } for pid=13811 comm="userhelper" name=/ dev=hda6 ino=2 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:var_t tclass=dir <4>audit(1119356174.990:71): avc: denied { getattr } for pid=13811 comm="userhelper" name=run dev=hda6 ino=163841 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:var_run_t tclass=dir <4>audit(1119356175.032:72): avc: denied { write } for pid=13811 comm="userhelper" name=sudo dev=hda6 ino=163849 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:var_run_t tclass=dir <4>audit(1119356175.032:73): avc: denied { add_name } for pid=13811 comm="userhelper" name=root scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:var_run_t tclass=dir <4>audit(1119356175.032:74): avc: denied { create } for pid=13811 comm="userhelper" name=root scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:var_run_t tclass=dir <4>audit(1119356175.103:75): avc: denied { setattr } for pid=13811 comm="userhelper" name=root dev=hda6 ino=163876 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:var_run_t tclass=dir <4>audit(1119356175.103:76): avc: denied { create } for pid=13811 comm="userhelper" name=_pam_timestamp_key scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:var_run_t tclass=file <4>audit(1119356175.103:77): avc: denied { setattr } for pid=13811 comm="userhelper" name=_pam_timestamp_key dev=hda6 ino=163877 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:var_run_t tclass=file <4>audit(1119356175.103:78): avc: denied { write } for pid=13811 comm="userhelper" name=_pam_timestamp_key dev=hda6 ino=163877 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:var_run_t tclass=file <4>audit(1119356175.103:79): avc: denied { read } for pid=13811 comm="userhelper" name=_pam_timestamp_key dev=hda6 ino=163877 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:var_run_t tclass=file <4>audit(1119356175.103:80): avc: denied { getattr } for pid=13811 comm="userhelper" name=_pam_timestamp_key dev=hda6 ino=163877 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:var_run_t tclass=file <4>audit(1119356175.328:81): avc: denied { write } for pid=13815 comm="userhelper" name=exec dev=proc ino=905379862 scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kudzu_t tclass=file <4>audit(1119356175.329:82): avc: denied { setexec } for pid=13815 comm="userhelper" scontext=system_u:system_r:kudzu_t tcontext=system_u:system_r:kudzu_t tclass=process <4>audit(1119356175.410:83): avc: denied { transition } for pid=13815 comm="userhelper" name=system-config-display dev=hda5 ino=888161 scontext=system_u:system_r:kudzu_t tcontext=root:system_r:unconfined_t tclass=process <4>audit(1119356175.441:84): avc: denied { siginh } for pid=13815 comm="system-config-d" scontext=system_u:system_r:kudzu_t tcontext=root:system_r:unconfined_t tclass=process <4>audit(1119356175.442:85): avc: denied { rlimitinh } for pid=13815 comm="system-config-d" scontext=system_u:system_r:kudzu_t tcontext=root:system_r:unconfined_t tclass=process <4>audit(1119356175.442:86): avc: denied { noatsecure } for pid=13815 comm="system-config-d" scontext=system_u:system_r:kudzu_t tcontext=root:system_r:unconfined_t tclass=process <4>audit(1119356185.350:87): avc: denied { write } for pid=13799 comm="kudzu" name=log dev=tmpfs ino=2387 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:tmpfs_t tclass=sock_file <4>audit(1119356185.350:88): avc: denied { unlink } for pid=13799 comm="kudzu" name=modprobe.conf~ dev=hda5 ino=293193 scontext=system_u:system_r:kudzu_t tcontext=system_u:object_r:file_t tclass=file <4>audit(1119356194.408:89): avc: granted { setbool } for pid=13833 comm="setsebool" scontext=system_u:system_r:anaconda_t tcontext=system_u:object_r:security_t tclass=security <4>audit(1119356194.408:90): avc: granted { setbool } for pid=13833 comm="setsebool" scontext=system_u:system_r:anaconda_t tcontext=system_u:object_r:security_t tclass=security <6>security: committed booleans { allow_write_xshm:0, use_nfs_home_dirs:0, allow_execmem:1, allow_execstack:1, allow_execmod:1, use_samba_home_dirs:0, allow_ypbind:0, allow_kerberos:1, read_default_t:1, NetworkManager_disable_trans:0, httpd_unified:1, httpd_builtin_scripting:1, httpd_enable_cgi:1, httpd_enable_homedirs:1, httpd_ssi_exec:1, httpd_tty_comm:0, httpd_can_network_connect:0, httpd_disable_trans:0, httpd_suexec_disable_trans:0, apmd_disable_trans:0, arpwatch_disable_trans:0, auditd_disable_trans:0, bluetooth_disable_trans:0, canna_disable_trans:0, cardmgr_disable_trans:0, comsat_disable_trans:0, cupsd_disable_trans:0, ptal_disable_trans:0, cupsd_config_disable_trans:0, cvs_disable_trans:0, cyrus_disable_trans:0, dbskkd_disable_trans:0, system_dbusd_disable_trans:0, dhcpc_disable_trans:0, dhcpd_disable_trans:0, dovecot_disable_trans:0, fingerd_disable_trans:0, ftpd_disable_trans:0, ftpd_is_daemon:1, ftp_home_dir:1, hald_disable_trans:0, hotplug_disable_trans:0, howl_disable_trans:0, i18n_input_disable_trans:0, inetd_disable_trans:0, inetd_child_disable_trans:0, innd_disable_trans:0, krb5kdc_disable_trans:0, kadmind_disable_trans:0, klogd_disable_trans:0, ktalkd_disable_trans:0, lpd_disable_trans:0, mysqld_disable_trans:0, named_disable_trans:0, named_write_master_zones:0, nscd_disable_trans:0, ntpd_disable_trans:0, portmap_disable_trans:0, postgresql_disable_trans:0, pppd_for_user:0, pppd_disable_trans:0, privoxy_disable_trans:0, radiusd_disable_trans:0, radvd_disable_trans:0, rlogind_disable_trans:0, nfs_export_all_rw:1, nfs_export_all_ro:1, rsync_disable_trans:0, smbd_disable_trans:0, nmbd_disable_trans:0, samba_enable_home_dirs:0, saslauthd_disable_trans:0, slapd_disable_trans:0, snmpd_disable_trans:0, squid_connect_any:0, squid_disable_trans:0, stunnel_disable_trans:0, stunnel_is_daemon:0, syslogd_disable_trans:0, telnetd_disable_trans:0, tftpd_disable_trans:0, udev_disable_trans:0, uucpd_disable_trans:0, winbind_disable_trans:0, ypbind_disable_trans:0, ypserv_disable_trans:0, zebra_disable_trans:0 } <4>end_request: I/O error, dev fd0, sector 0 <..cut..> After the reboot all seems fine, but to be sure now I reinstall FC4 with Selinux disabled and will reenable it after the 1st reboot. Bye Fabio Version-Release number of selected component (if applicable): FC4 How reproducible: Steps to Reproduce: 1.Ask me anaconda-ks.cfg 2. 3. Actual results: Expected results: Additional info: The hardware is an IBM Netvista type 6578-NDG [root@testfc4 ~]# lspci -v 00:00.0 Host bridge: Intel Corporation 82815 815 Chipset Host Bridge and Memory Controller Hub (rev 02) Flags: bus master, fast devsel, latency 0 Capabilities: [88] Vendor Specific Information 00:02.0 VGA compatible controller: Intel Corporation 82815 CGC [Chipset Graphics Controller] (rev 02) (prog-if 00 [VGA]) Subsystem: IBM: Unknown device 01e2 Flags: bus master, 66Mhz, medium devsel, latency 0, IRQ 11 Memory at f8000000 (32-bit, prefetchable) [size=64M] Memory at fea80000 (32-bit, non-prefetchable) [size=512K] Capabilities: [dc] Power Management version 2 00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 02) (prog-if 00 [Normal decode]) Flags: bus master, fast devsel, latency 0 Bus: primary=00, secondary=01, subordinate=01, sec-latency=32 I/O behind bridge: 00007000-00007fff Memory behind bridge: feb00000-febfffff 00:1f.0 ISA bridge: Intel Corporation 82801BA ISA Bridge (LPC) (rev 02) Flags: bus master, medium devsel, latency 0 00:1f.1 IDE interface: Intel Corporation 82801BA IDE U100 (rev 02) (prog-if 80 [Master]) Subsystem: IBM Netvista A40/A40p Flags: bus master, medium devsel, latency 0 I/O ports at fff0 [size=16] 00:1f.2 USB Controller: Intel Corporation 82801BA/BAM USB (Hub #1) (rev 02) (prog-if 00 [UHCI]) Subsystem: IBM Netvista A40/A40p Flags: bus master, medium devsel, latency 0, IRQ 10 I/O ports at fb00 [size=32] 00:1f.3 SMBus: Intel Corporation 82801BA/BAM SMBus (rev 02) Subsystem: IBM Netvista A40/A40p Flags: medium devsel, IRQ 9 I/O ports at fe00 [size=16] 00:1f.5 Multimedia audio controller: Intel Corporation 82801BA/BAM AC'97 Audio (rev 02) Subsystem: IBM Netvista A40/A40p Flags: bus master, medium devsel, latency 0, IRQ 9 I/O ports at f000 [size=256] I/O ports at f400 [size=64] 01:08.0 Ethernet controller: Intel Corporation 82801BA/BAM/CA/CAM Ethernet Controller (rev 01) Subsystem: IBM EtherExpress PRO/100 VE Flags: bus master, medium devsel, latency 64, IRQ 5 Memory at febff000 (32-bit, non-prefetchable) [size=4K] I/O ports at 78c0 [size=64] Capabilities: [dc] Power Management version 2