Bug 173846

Summary: avc denied messages at boot
Product: [Fedora] Fedora Reporter: Orion Poplawski <orion>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-11-30 20:18:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Orion Poplawski 2005-11-21 20:56:45 UTC 
Description of problem:
This is on a freshly installed rawhide system:

audit(1132581025.086:2): avc:  denied  { use } for  pid=447 comm="hwclock"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:hwclock_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
audit(1132606311.016:3): avc:  denied  { read } for  pid=1278 comm="restorecon"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606313.153:4): avc:  denied  { use } for  pid=1288 comm="fsck"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
audit(1132606313.897:5): avc:  denied  { read } for  pid=1297 comm="restorecon"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606314.401:6): avc:  denied  { read } for  pid=1298 comm="restorecon"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606317.237:7): avc:  denied  { read } for  pid=1314 comm="ifconfig"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606331.254:8): avc:  denied  { read } for  pid=1419 comm="restorecon"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606331.850:9): avc:  denied  { read } for  pid=1424 comm="restorecon"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:restorecon_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606332.438:10): avc:  denied  { use } for  pid=1426 comm="swapon"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:fsadm_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
audit(1132606334.342:11): avc:  denied  { read } for  pid=1520 comm="ip"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606334.390:12): avc:  denied  { read } for  pid=1522 comm="ip"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606334.414:13): avc:  denied  { read } for  pid=1524 comm="iwconfig"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606334.458:14): avc:  denied  { read } for  pid=1526 comm="ethtool"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606334.514:15): avc:  denied  { read } for  pid=1529 comm="ip"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606334.538:16): avc:  denied  { use } for  pid=1530 comm="arping"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:netutils_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
audit(1132606334.546:17): avc:  denied  { read } for  pid=1531 comm="ip"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606334.582:18): avc:  denied  { use } for  pid=1533 comm="arping"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:netutils_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
audit(1132606334.610:19): avc:  denied  { read } for  pid=1538 comm="ethtool"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606334.622:20): avc:  denied  { read } for  pid=1540 comm="ip"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606334.758:21): avc:  denied  { read } for  pid=1551 comm="ifconfig"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606335.150:22): avc:  denied  { read } for  pid=1595 comm="ip"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606335.162:23): avc:  denied  { read } for  pid=1598 comm="ip"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606335.182:24): avc:  denied  { read } for  pid=1601 comm="ip"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606335.198:25): avc:  denied  { read } for  pid=1603 comm="iwconfig"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606335.218:26): avc:  denied  { read } for  pid=1605 comm="ethtool"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606335.242:27): avc:  denied  { read } for  pid=1607 comm="ip"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606335.258:28): avc:  denied  { read } for  pid=1609 comm="ip"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606335.290:29): avc:  denied  { read } for  pid=1611 comm="mii-tool"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606335.310:30): avc:  denied  { read } for  pid=1615 comm="ethtool"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606335.362:31): avc:  denied  { read } for  pid=1618 comm="dhclient"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:dhcpc_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606336.134:32): avc:  denied  { read } for  pid=1701 comm="ethtool"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606336.150:33): avc:  denied  { read } for  pid=1703 comm="ip"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606336.270:34): avc:  denied  { read } for  pid=1717 comm="ifconfig"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:ifconfig_t:s0
tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file
audit(1132606336.566:35): avc:  denied  { use } for  pid=1735 comm="syslogd"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:syslogd_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
audit(1132606336.614:36): avc:  denied  { use } for  pid=1737 comm="arping"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:netutils_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
audit(1132606336.738:37): avc:  denied  { use } for  pid=1739 comm="klogd"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:klogd_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
audit(1132606336.986:38): avc:  denied  { use } for  pid=1750 comm="portmap"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:portmap_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
audit(1132606337.218:39): avc:  denied  { use } for  pid=1769 comm="rpc.statd"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:rpcd_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd
audit(1132606338.030:40): avc:  denied  { use } for  pid=1784 comm="auditd"
name="rootvg-swap" dev=tmpfs ino=881 scontext=system_u:system_r:auditd_t:s0
tcontext=system_u:system_r:kernel_t:s0 tclass=fd


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.27.2-19
Comment 1 Daniel Walsh 2005-11-30 20:18:37 UTC 
This was fixed in mkinitrd package.

mkinitrd-5.0.12-1