Bug 164612
Summary: | avc: denied comm="hwclock" | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ralf Corsepius <rc040203> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 1.25.3-12 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-08-19 08:31:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ralf Corsepius
2005-07-29 09:58:11 UTC
Fixed in selinux-policy-targeted-1.25.3-9 also... audit(1122622171.549:3): avc: denied { getattr } for pid=1611 comm="fsck.reiserfs" name="radio0" dev=tmpfs ino=5624 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file Jul 29 06:40:07 axp kernel: audit(1122633576.122:3): avc: denied { getattr } for pid=1517 comm="fsck.reiserfs" name="audio1" dev=tmpfs ino=5228 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file not all of these seem to make it into the messages file... I've seen at least one with name="dsp"... ?! there is some other complaining at system shutdown which is also not logged. 1.25.3-9 is not coming over the net yet... at least from kernel.org FWIW, this is all I find which I believe happens during shutdown: Jul 29 10:38:33 axp auditd[2025]: The audit daemon is exiting Jul 29 10:38:33 axp kernel: audit: *NO* daemon at audit_pid=2025 Jul 29 10:38:33 axp kernel: audit(1122647913.970:10225520): arch=40000003 syscall=102 success=no exit=-22 a0=b a1=bfb349e0 a2=80510f8 a3=bfb38cd8 items=0 pid=10937 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl" exe="/sbin/auditctl" Jul 29 10:38:33 axp kernel: audit(1122647913.970:10225520): saddr=100000000000000000000000 Jul 29 10:38:33 axp kernel: audit(1122647913.970:10225520): nargs=6 a0=3 a1=bfb36b3c a2=10 a3=0 a4=bfb38cd8 a5=c Jul 29 10:38:34 axp kernel: audit(1122647914.071:10225533): SELinux: unrecognized netlink message type=1009 for sclass=49 Jul 29 10:38:34 axp kernel: audit(1122647914.071:10225533): arch=40000003 syscall=102 success=no exit=-22 a0=b a1=bfb349d0 a2=80510f8 a3=bfb38cc8 items=0 pid=10937 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="auditctl" exe="/sbin/auditctl" Jul 29 10:38:34 axp kernel: audit(1122647914.071:10225533): saddr=100000000000000000000000 Jul 29 10:38:34 axp kernel: audit(1122647914.071:10225533): nargs=6 a0=3 a1=bfb36b2c a2=10 a3=0 a4=bfb38cc8 a5=c I have just noticed about this bug and want to add more info... I got the selinux policy update today and it still does not allow hwclock to work... I did a few things to check why and here are the steps.... [root@jzc ~]# setenforce 0 [root@jzc ~]# hwclock --show Tue 02 Aug 2005 01:04:10 PM MST -0.069945 seconds [root@jzc ~]# setenforce 1 [root@jzc ~]# hwclock --show NOTE: My clock is set to local time. Selinux is blocking hwclock's access to the hardware clock. Also, at boot time, this message pops out... audit(1122972407.947:2): avc: denied { create } for pid=1281 comm="hwclock" scontext=system_u:system_r:hwclock_t tcontext=system_u:system_r:hwclock_t tclass=netlink_audit_socket Just to clairfy the output, it should be like below..... [root@jzc ~]# setenforce 0 [root@jzc ~]# hwclock --show Tue 02 Aug 2005 01:04:10 PM MST -0.069945 seconds [root@jzc ~]# setenforce 1 [root@jzc ~]# hwclock --show [root@jzc ~]# (forgot to add that last line) Just took another policy update and it still dosen't work... [root@jzc ~]# setenforce 0 [root@jzc ~]# audit2allow -l -d -o $SELINUX_SRC/domains/misc/local.te [root@jzc ~]# hwclock --show Tue 02 Aug 2005 02:20:09 PM MST -0.279594 seconds [root@jzc ~]# setenforce 1 [root@jzc ~]# hwclock --show [root@jzc ~]# ---------------------------------------- [root@jzc ~]# rpm -qi selinux-policy-targeted Name : selinux-policy-targeted Relocations: /usr Version : 1.25.3 Vendor: Red Hat, Inc. Release : 9 Build Date: Thu 28 Jul 2005 08:58:47 AM MST Install Date: Tue 02 Aug 2005 02:18:49 PM MST Build Host: porky.build.redhat.com Fixed in selinux-policy-targeted-1.25.3-12 Took another update of selinux-policy-targeted and now the hwclock command works. :) [root@jzc ~]# hwclock --show Thu 11 Aug 2005 12:37:02 PM MST -0.677996 seconds [root@jzc ~]# rpm -q selinux-policy-targeted selinux-policy-targeted-1.25.3-12 |