Bug 166082 - audit error messages when initializing lancards
audit error messages when initializing lancards
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
All Linux
medium Severity low
: ---
: ---
Assigned To: Daniel Walsh
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-16 14:57 EDT by Christophe Lambin
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.25.4-10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-30 02:08:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christophe Lambin 2005-08-16 14:57:45 EDT
I have two lancards in my system. During boot, I see the following error
messages when the lancards are initialized:

Aug 16 21:57:49 localhost kernel: audit(1124222262.902:2): avc:  denied  { use }
for  pid=2503 comm="ifconfig" name="null" dev=tmpfs ino=2824
scontext=system_u:system_r:ifconfig_t tcontext=system_u:system_r:pppd_t tclass=fd
Aug 16 21:57:49 localhost kernel: audit(1124222262.902:3): avc:  denied  { use }
for  pid=2503 comm="ifconfig" name="null" dev=tmpfs ino=2824
scontext=system_u:system_r:ifconfig_t tcontext=system_u:system_r:pppd_t tclass=fd

Auditing system is already running at this time:

Aug 16 21:57:45 localhost auditd[2565]: Init complete, auditd 1.0.2 listening
for events
Aug 16 21:57:46 localhost kernel: audit: initializing netlink socket (disabled)
Aug 16 21:57:46 localhost kernel: audit(1124222198.048:1): initialized



On a possibly related note, I also see the following error messages during shutdown:

Aug 16 00:55:41 localhost kernel: audit(1124146541.722:13554078): audit_pid=0
old=2556 by auid=4294967295
Aug 16 00:55:41 localhost kernel: audit(1124146541.856:13554469): SELinux: 
unrecognized netlink message type=1009 for sclass=49
Aug 16 00:55:41 localhost kernel: audit(1124146541.856:13554469): arch=40000003
syscall=102 success=no exit=-22 a0=b a1=bfb9f8c0 a2=80510f8 a3=bfba5ce8 items=0
pid=23983 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 comm="auditctl" exe="/sbin/auditctl"
Aug 16 00:55:41 localhost kernel: audit(1124146541.856:13554469):
saddr=100000000000000000000000
Aug 16 00:55:41 localhost kernel: audit(1124146541.856:13554469): nargs=6 a0=3
a1=bfba3b4c a2=10 a3=0 a4=bfba5ce8 a5=c
Aug 16 00:55:41 localhost kernel: audit(1124146541.957:13554488): SELinux: 
unrecognized netlink message type=1009 for sclass=49
Aug 16 00:55:41 localhost kernel: audit(1124146541.957:13554488): arch=40000003
syscall=102 success=no exit=-22 a0=b a1=bfb9f8b0 a2=80510f8 a3=bfba5cd8 items=0
pid=23983 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 comm="auditctl" exe="/sbin/auditctl"
Aug 16 00:55:41 localhost kernel: audit(1124146541.957:13554488):
saddr=100000000000000000000000
Aug 16 00:55:41 localhost kernel: audit(1124146541.957:13554488): nargs=6 a0=3
a1=bfba3b3c a2=10 a3=0 a4=bfba5cd8 a5=c


This is using audit-1.0.2-3.FC4. Setting severity to 'low', since the errors do
not appear to have a negative effect.
Comment 1 Steve Grubb 2005-08-17 08:13:21 EDT
The messages for avc denial are from the targeted policy. That is where your
problem lies. Auditd only records the problem similarly to syslog. The second
set of messages are being worked under a different bugzilla number (bug 161322)
and are a known problem. They are harmless and can be disregarded.
Comment 2 Daniel Walsh 2005-08-25 09:39:33 EDT
Fixed in selinux-policy-targeted-1.25.4-10
Comment 3 Walter Justen 2005-08-30 02:08:00 EDT
Thanks for the bug report. This particular bug was fixed and a update package
was published for download. Please feel free to report any further bugs you find.

Note You need to log in before you can comment on or make changes to this bug.