Description of problem: in dmesg [...] audit(1114306425.761:0): avc: denied { write } for name=rhgb-socket dev=ramfs ino=6052 scontext=system_u:system_r:init_t tcontext=system_u:object_r:ramfs_t tclass=sock_file [...] Version-Release number of selected component (if applicable): selinux-policy-targeted-1.23.12-4 How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: rhgb-0.16.2-3 kernel-2.6.11-1.1261_FC4
Fixed in selinux-policy-*-1.23.13-3
Created attachment 113721 [details] dmesg in kernel-2.6.11-1.1268_FC4 After installing selinux-policy-*-1.23.13-3, audit error messages are changed in dmesg. [...] audit(1114611219.454:0): avc: denied { write } for path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=6990 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t tclass=fifo_file [...] audit(1114611242.177:0): avc: denied { lock } for path=/etc/fstab dev=hda8 ino=211799 scontext=system_u:system_r:updfstab_t tcontext=system_u:object_r:etc_runtime_t tclass=file audit(1114611242.753:0): avc: denied { lock } for path=/etc/fstab dev=hda8 ino=211799 scontext=system_u:system_r:updfstab_t tcontext=system_u:object_r:etc_runtime_t tclass=file audit(1114611242.905:0): avc: denied { lock } for path=/etc/fstab dev=hda8 ino=211799 scontext=system_u:system_r:updfstab_t tcontext=system_u:object_r:etc_runtime_t tclass=file audit(1114611243.042:0): avc: denied { lock } for path=/etc/fstab dev=hda8 ino=211799 scontext=system_u:system_r:updfstab_t tcontext=system_u:object_r:etc_runtime_t tclass=file audit(1114611252.611:0): avc: denied { connectto } for path=/etc/rhgb/temp/rhgb-socket scontext=system_u:system_r:init_t tcontext=system_u:system_r:initrc_t
restorecon -v /etc/fstab should clear most of them. Dan
Dan : thank your comments. /etc/fstab problem is fixed. $restorecon -v /etc/fstab After rebooting $dmesg | grep avc audit(1114621106.443:0): avc: denied { write } for path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=7080 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t tclass=fifo_file audit(1114621145.580:0): avc: denied { connectto } for path=/etc/rhgb/temp/rhgb-socket scontext=system_u:system_r:init_t tcontext=system_u:system_r:initrc_t tclass=unix_stream_socket
in selinux-policy-targeted-1.23.14-2, kernel-2.6.11-1.1282_FC4 $ dmesg | grep avc audit(1115168226.367:0): avc: denied { write } for path=/etc/rhgb/temp/rhgb-console dev=ramfs ino=6650 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:ramfs_t tclass=fifo_file audit(1115168263.211:0): avc: denied { search } for name=rhgb dev=hda8 ino=211872 scontext=system_u:system_r:init_t tcontext=system_u:object_r:mnt_t tclass=dir