Description of problem: after updating to kde357 (using fc7) and installing and deinstalling (because of numerous problems) seedit-2.1.1-2.fc7.1.i386.rpm seedit-gui-2.1.1-2.fc7.1.i386.rpm seedit-policy-2.1.1-2.fc7.1.i386.rpm selinux-doc-1.26-1.1.noarch.rpm i got lots of the following messages when shutting down: ---------------------------------------------- Jul 2 22:26:34 localhost auditd[1776]: The audit daemon is exiting. Jul 2 22:26:34 localhost kernel: audit(1183407994.408:95): audit_pid=0 old=1776 by auid=4294967295 subj=system_u:system_r:auditd_t:s0 Jul 2 22:26:34 localhost kernel: audit(1183407994.408:96): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit rule for selinux 'dhclient_t' is invalid Jul 2 22:26:34 localhost kernel: audit(1183407994.408:97): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit(1183407994.408:98): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit rule for selinux 'mcstransd_t' is invalid Jul 2 22:26:34 localhost kernel: audit(1183407994.408:99): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit(1183407994.408:100): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit(1183407994.408:101): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit rule for selinux 'samba_t' is invalid Jul 2 22:26:34 localhost kernel: audit(1183407994.408:102): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit(1183407994.408:103): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit(1183407994.408:104): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit(1183407994.408:105): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit(1183407994.408:106): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit(1183407994.408:107): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit(1183407994.408:108): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 Jul 2 22:26:34 localhost kernel: audit(1183407994.408:109): auid=4294967295 subj=system_u:system_r:auditctl_t:s0 op=remove rule key=(null) list=4 res=1 ----------------------------------------------------------------- I also now have problems with the combination "fn+sound up/down". I've anabled the "microsoft natural pro/ internet pro" keyboard layout (in kde) but it doesn't function anymore. and when trying to use the combination "fn+sound up/down" I just see the status bar dialog going from 0 upto 11% but this doesn't reflect the actuall volume level(and the level is actually 100% not 0% as shown). in kde 356 it was ok and all keyboard shortcuts were functioning ok. Version-Release number of selected component (if applicable): How reproducible: install the above packages then, after relabelling the system what of the sys.processes wouldn't start because of the se-rules. start interractive startup and disbale the messagebus and the HAL deamon, go into the X (kde) und deinstall the rpms. after the new relabelling the problem occurs. Steps to Reproduce: 1. 2. 3. Actual results: Expected results: the kde keyboard layout with microsoft natural pro/ internet pro enabled, enables lots of the fn keys on most laptops. and I think the kde-update has nothing to do with the problem. maybe the seedit (which i had to delete manually after deinstall from /etc/seedit and /ets/selinux/seedit/) is blocking somehow the kde script that manages the keyboard. Additional info:
Hi. There may be extra entries in audit.conf. Can you tell me the contents of /etc/audit.conf ?
Created attachment 158585 [details] found in /var/log/audit/
Created attachment 158586 [details] found in /var/log/audit/
Created attachment 158587 [details] found in /etc/audit/
Created attachment 158589 [details] found in /etc/audit/
Created attachment 158590 [details] found in /etc/
theses are the files that I found but no /etc/audit.conf. When I looked in them there is nothing unusuall for me.
another user has this problem, too. here: http://forums.fedoraforum.org/showthread.php?t=159800
What happens you delete following from audit.rules, and restart audit service? -a exit,always -S chroot -a exit,always -S chdir -F obj_type=dhclient_t -a exit,always -S chdir -F obj_type=sendmail_t -a exit,always -S chdir -F obj_type=mcstransd_t -a exit,always -S chdir -F obj_type=sshd_t -a exit,always -S chdir -F obj_type=ntpd_t -a exit,always -S chdir -F obj_type=samba_t -a exit,always -S chdir -F obj_type=named_t -a exit,always -S chdir -F obj_type=klogd_t -a exit,always -S chdir -F obj_type=crond_t -a exit,always -S chdir -F obj_type=httpd_t -a exit,always -S chdir -F obj_type=auditd_t -a exit,always -S chdir -F obj_type=portmap_t -a exit,always -S chdir -F obj_type=syslogd_t
ok, after deleting these rules and restarting the service i've got no more messages. actually just one but i think it is from the audit service itself and it reports that the service has exited or something like this. actually i had a similar message before installing seedit. the message is: -------------------- Jul 6 20:07:42 localhost auditd[1753]: The audit daemon is exiting. Jul 6 20:07:42 localhost audispd[1755]: input read: EOF Jul 6 20:07:42 localhost kernel: audit(1183745262.457:277): audit_pid=0 old=1753 by auid=4294967295 subj=system_u:system_r:auditd_t:s0 -------------------- as of this i think this problem has been fixed. By thy way how all these rules have been added to the rules.conf? I haven't made any manuall changes to these files.
... -a exit,always -S chdir -F obj_type=dhclient_t .... are added by seedit when converting policy. These entries are necessary for seedit's policy generating component to obtain full path information from audit.log.
And I fixed seedit to remove these entries from audit.rules when uninstalling seedit. I applied the change to svn.sourceforge.net/svnroot/seedit. I think fixed seedit will be uploaded also to fedora in near future.
Thanks alot about this! terefore I love fedora!
ok, the problem has been fixed (credit should go to Yuichi Nakamura) but when i installed the seedit for the first time there was something strange. it made me reboot and on the reboot there was a relabelling with the seedit policy. after this a automatic restart and then lots of services wouldn't start because of problems. So i restarted in interective startup and didn't start the failed services. then uninstalled the seedit, restart, relabel with the target-policy and the messages appeared. So in my opinion seedit shouldn't automatic relable and should be more compatible with the other processes. But I cannot exactly remember what errors appered because it was for about 2 weeks. :( maybe this can help for a more user-friendly policy editor.
Thanks for report. > after this a automatic restart and then lots of services wouldn't start > because of problems. It is strange. In F7, seedit is not tested well, I have to test in F7 more.