Bug 209949 - many avc denied messages after setting strict
Summary: many avc denied messages after setting strict
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-strict
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
: 209946 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-10-08 18:20 UTC by Gene Czarcinski
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-22 14:14:45 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
avc messages (4.42 KB, text/plain)
2006-10-08 18:20 UTC, Gene Czarcinski 		no flags Details
/var/log/messages for bootup (25.92 KB, text/plain)
2006-10-08 18:22 UTC, Gene Czarcinski 		no flags Details
View All

Description Gene Czarcinski 2006-10-08 18:20:41 UTC 
Description of problem:
After selecting permissive/strict, setting /.autorelabel and reboot.  Then
reboot again to get "clean" record.  Get 19 avc denied messages during
bootup/root login (see attachment).  Also attaching that portion of
/var/log/messages for the bootup.

Version-Release number of selected component (if applicable):
fc6-devel as of 10/8/2006, minimal server fresh install (no X)
Comment 1 Gene Czarcinski 2006-10-08 18:20:41 UTC 
Created attachment 138012 [details]
avc messages
Comment 2 Gene Czarcinski 2006-10-08 18:22:29 UTC 
Created attachment 138013 [details]
/var/log/messages for bootup
Comment 3 Gene Czarcinski 2006-10-08 18:47:52 UTC 
*** Bug 209946 has been marked as a duplicate of this bug. ***
Comment 4 Daniel Walsh 2007-01-11 22:13:31 UTC 
I did lots of work over vacation to help cleanup problems with strict policy. 
Although not perfect it works a lot better.

Fixed in selinux-policy-strict-2.4.6-24
Comment 5 Daniel Walsh 2007-08-22 14:14:45 UTC 
Should be fixed in the current release
Note You need to log in before you can comment on or make changes to this bug.