Bug 182435
Summary: | Denials on fresh install | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Orion Poplawski <orion> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | fc5-updates | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2006-05-09 20:19:33 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Orion Poplawski
2006-02-22 15:54:23 UTC
After updating to selinux-policy-targeted-2.2.17-2, I'm down to: audit(1140624078.890:2): avc: denied { write } for pid=1318 comm="mount" name="blkid.tab" dev=dm-0 ino=10192280 scontext=system_u:system_r:mount_t:s0 tcontext=root:object_r:etc_t:s0 tclass=file audit(1140624079.666:3): avc: denied { write } for pid=1367 comm="swapon" name="blkid.tab" dev=dm-0 ino=10192280 scontext=system_u:system_r:fsadm_t:s0 tcontext=root:object_r:etc_t:s0 tclass=file Yes this is a labeling problem. There should be a fix in mkinitrd and the initscripts to fix this problem For now you can restorecon /etc/blkid.* Getting somewhat different ones now with today's rawhide: audit(1140799735.426:2): avc: denied { relabelfrom } for pid=1312 comm="mount" name="blkid.tab" dev=dm-0 ino=48370 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file audit(1140799743.586:3): avc: denied { relabelfrom } for pid=1387 comm="swapon" name="blkid.tab" dev=dm-0 ino=48367 scontext=system_u:system_r:fsadm_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file audit(1140799744.694:4): avc: denied { dac_override } for pid=1419 comm="readahead" capability=1 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability audit(1140799744.694:5): avc: denied { dac_read_search } for pid=1419 comm="readahead" capability=2 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability Does the blkid.tab AVC message still occur? With the readahead AVC message, if it still occurs then please boot the machine with audit=1 on the kernel command line so we can get more information on what's happening. (In reply to comment #4) > Does the blkid.tab AVC message still occur? > Not since Mar 9. Probably fixed by: Mar 10 12:35:05 Updated: selinux-policy-targeted.noarch 2.2.23-15 > With the readahead AVC message, if it still occurs then please boot the > machine with audit=1 on the kernel command line so we can get more information > on what's happening. Do not see readahead messages either with latest rawhide. |