From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.8) Gecko/20071030 Fedora/2.0.0.8-2.fc8 Firefox/2.0.0.8 Description of problem: I'm seeing the following audit messages during boot of F8: Nov 11 11:02:17 beverly kernel: audit: initializing netlink socket (disabled) Nov 11 11:02:17 beverly kernel: audit(1194778895.447:1): initialized Nov 11 11:02:17 beverly kernel: audit(1194778915.057:2): policy loaded auid=4294967295 Nov 11 11:02:17 beverly kernel: audit(1194775319.677:3): avc: denied { read } for pid=922 comm="mdadm" name=".tmp-9-0" dev=tmpfs ino=5157 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=blk_file Nov 11 11:02:17 beverly kernel: audit(1194775319.678:4): avc: denied { ioctl } for pid=922 comm="mdadm" path="/dev/.tmp-9-0" dev=tmpfs ino=5157 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=blk_file Nov 11 11:02:17 beverly kernel: audit(1194775337.201:5): audit_pid=1569 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0 Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. look for audit messages in /var/log/messages 2. 3. Actual Results: Expected Results: Additional info:
And even more messages from another F8 system: audit(1194773843.793:4): avc: denied { read write } for pid=1895 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773843.793:5): avc: denied { read write } for pid=1895 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773843.797:6): avc: denied { read write } for pid=1897 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773843.797:7): avc: denied { read write } for pid=1897 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773843.810:8): avc: denied { read write } for pid=1899 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773843.810:9): avc: denied { read write } for pid=1899 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773843.879:10): avc: denied { read write } for pid=1930 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773843.879:11): avc: denied { read write } for pid=1930 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773843.883:12): avc: denied { read write } for pid=1932 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773843.883:13): avc: denied { read write } for pid=1932 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773843.897:14): avc: denied { read write } for pid=1934 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773843.897:15): avc: denied { read write } for pid=1934 comm="consoletype" path="/dev/pts/0" dev=devpts ino=2 scontext=system_u:system_r:consoletype_t:s0 tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file audit(1194773844.570:16): audit_pid=2059 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0
The audit system just records events for other kernel subsystem much the same way syslog records messages for programs. This is a selinux-policy problem, transferring.
The first avc's are refering to a device named .tmp-9.0 which is unexpected. Perhaps mdadm is creating them and using them. I am changing mdadm to be allowed to use them. The other audit messages should also be fixed in the latest policy upgrade. Fixed in selinux-policy-3.0.8-52.fc8
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.