Red Hat Bugzilla – Bug 133145
avc denied for tmpfs during boot
Last modified: 2007-11-30 17:10:49 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040809 Epiphany/1.3.8 Description of problem: During boot to multiuser runlevel 5, there are various messages "avc: denied" with tmpfs_t being the common element. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.18-3 How reproducible: Always Steps to Reproduce: 1. Boot to runlevel 5 using kernel-2.6.8-1.541, initscripts-7.82-1, and selinux-policy-targeted-1.17.18-3 in permissive mode. 2. 3. Actual Results: 12 lines in /var/log/messages with "avc: denied", all featuring tmpfs_t. Expected Results: No complaints. Additional info: Selected lines will be attached (all lines from /var/log/messages relating to selinux, in order.)
Created attachment 104090 [details] grep "avc:" /var/log/messages # plus all selinux-related lines, to show context I see 12 lines with avc: complaints.
THis is caused because the tmpfs xattr patch was pulled from the kernel. Please use the previous kernel (FC3-T2 kernel) until we have this sorted out. Dan
kernel-2.6.8-1.541 is supposed to have tmpfs + xattrs. The next working tmpfs + xattrs kernel was 598+. Reiser mentions "permissive" mode. Are the xattrs being set properly in permissive mode?
I see no complaints when booting to targeted, permissive mode using: kernel-2.6.8-1.541 selinux-policy-targeted-1.17.24-2 initscripts-7.85-1 The /var/log/messages at boot has: Oct 9 16:44:38 localhost kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs [I stopped running up2date on Oct.4 because my reading of fedora-test-list convinced me that FC3test2 had entered a phase of instability that was more than I wanted to handle.]
Fixed with latest kernel (603) and policy-1.17.29-1.
Yeah, we can mark this as fixed.