This service will be undergoing maintenance at 20:00 UTC, 2017-04-03. It is expected to last about 30 minutes
Bug 184077 - avc denied messages while upgrading SELinux policy
avc denied messages while upgrading SELinux policy
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Russell Coker
Depends On:
  Show dependency treegraph
Reported: 2006-03-05 18:11 EST by Robert Scheck
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 2.2.23-3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-25 17:37:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2006-03-05 18:11:28 EST
Description of problem:
I get these avc denied messages everytime while upgrading the SELinux policy:

type=AVC msg=audit(1141600380.200:890872): avc:  denied  { read write } for  
pid=22630 comm="load_policy" name="semanage.trans.LOCK" dev=cciss/c0d0p2 
ino=1081437 scontext=user_u:system_r:load_policy_t:s0-s0:c0.c255 
tcontext=system_u:object_r:semanage_trans_lock_t:s0 tclass=file
type=AVC msg=audit(1141600380.200:890872): avc:  denied  { read write } for  
pid=22630 comm="load_policy" name="" dev=cciss/c0d0p2 
ino=1081436 scontext=user_u:system_r:load_policy_t:s0-s0:c0.c255 
tcontext=system_u:object_r:semanage_read_lock_t:s0 tclass=file
type=SYSCALL msg=audit(1141600380.200:890872): arch=40000003 syscall=11 
success=yes exit=0 a0=955c800 a1=9b9d600 a2=0 a3=0 items=2 pid=22630 auid=500 
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="load_policy" 
type=AVC_PATH msg=audit(1141600380.200:890872):  path="/etc/selinux/targeted/
type=AVC_PATH msg=audit(1141600380.200:890872):  path="/etc/selinux/targeted/
type=CWD msg=audit(1141600380.200:890872):  cwd="/usr/share/selinux/targeted"
type=PATH msg=audit(1141600380.200:890872): item=0 name="/usr/sbin/load_policy" 
flags=101  inode=458846 dev=68:02 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1141600380.200:890872): item=1 flags=101  inode=2965569 
dev=68:02 mode=0100755 ouid=0 ogid=0 rdev=00:00

Version-Release number of selected component (if applicable):

How reproducible:
Everytime on upgrading SELinux policy (also at rpm -Uvh --force)

Expected results:
No avc denied messages ;-)
Comment 1 Daniel Walsh 2006-03-06 12:12:16 EST
Fixed in 2.2.23-3

Note You need to log in before you can comment on or make changes to this bug.