Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 237391 - AVC on boot: accessing /etc/audit
AVC on boot: accessing /etc/audit
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2007-04-21 15:51 EDT by Tom London
Modified: 2007-11-30 17:12 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-04-24 12:18:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tom London 2007-04-21 15:51:19 EDT
Description of problem:
Get this (in /var/log/messages) booting latest rawhide:

Apr 21 09:35:55 localhost kernel: audit(1177173338.205:7): avc:  denied  {
search } for  pid=1759 comm="readahead" name="audit" dev=dm-0 ino=11076215
tcontext=system_u:object_r:auditd_etc_t:s0 tclass=dir

/etc/readahead.d/early.sorted has:

448 /etc/audit/auditd.conf

Version-Release number of selected component (if applicable):

How reproducible:
every time

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 Karel Zak 2007-04-23 08:13:04 EDT
Hmm... the readahead should be able to read all files that system uses during boot.

Note there is few files (like /var/lib/random-seed) that will be removed from
the default readahead lists in the next update, because these files are from
very early boot time (time before /etc/init.d/readahead_early execution).

But the file /etc/audit/auditd.conf definitely belong to readahead list.
Comment 2 Tom London 2007-04-24 12:09:47 EDT
Seems to be gone with selinux-policy-targeted-2.6.1-1.fc7

Didn't see anything in the changelog.

Comment 3 Daniel Walsh 2007-04-24 12:18:29 EDT
Sorry must of missed this change.

Note You need to log in before you can comment on or make changes to this bug.