Bug 440189
Summary: | Current avc Denials during rawhide startup | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | dex <dex.mbox> | ||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | rawhide | CC: | jkubin | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i686 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-05-02 20:12:38 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
dex
2008-04-02 06:09:21 UTC
Created attachment 300013 [details]
dmesg
This looks like /sbin/hwclock does not have the correct label on it? ls -lZ /sbin/hwclock I am also not seeing these errors in the latest -28 policy. Please make sure there is only one policy file in /etc/selinux/targeted/policy Remove the lower. ls -lZ /sbin/hwclock -rwxr-xr-x root root system_u:object_r:hwclock_exec_t:s0 /sbin/hwclock looks ok to my untrained eye. Also no change with -28 same set of avc's after a relabel :-( udev is supposed to be transitioning to hwclock_t Are you sure udev is executing /sbin/hwclock? Is /usr/sbin/hwclock a symlink? (In reply to comment #4) > udev is supposed to be transitioning to hwclock_t > > > Are you sure udev is executing /sbin/hwclock? How can I verify this, > Is /usr/sbin/hwclock a symlink? yes lrwxrwxrwx root root system_u:object_r:bin_t:s0 /usr/sbin/hwclock -> ../../sbin/hwclock policy -29 # yum install setools # sesearch --allow | grep udev | grep hwclock allow udev_t hwclock_t : process transition ; allow hwclock_t udev_t : process sigchld ; allow hwclock_t udev_t : fd use ; allow hwclock_t udev_t : fifo_file { ioctl read write getattr lock append }; allow udev_t hwclock_exec_t : file { read getattr execute }; allow hwclock_t udev_tbl_t : file { ioctl read getattr lock }; Also verify that there is only one policy file in /etc/selinux/targeted/policy/policy* If there are more then one, please delete all but the greatest. |