Bug 375841 - audit messages during boot of F8
audit messages during boot of F8
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
8
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-11 06:57 EST by Bernd Bartmann
Modified: 2008-01-30 14:19 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 14:19:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bernd Bartmann 2007-11-11 06:57:05 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.1.8) Gecko/20071030 Fedora/2.0.0.8-2.fc8 Firefox/2.0.0.8

Description of problem:
I'm seeing the following audit messages during boot of F8:

Nov 11 11:02:17 beverly kernel: audit: initializing netlink socket (disabled)
Nov 11 11:02:17 beverly kernel: audit(1194778895.447:1): initialized
Nov 11 11:02:17 beverly kernel: audit(1194778915.057:2): policy loaded auid=4294967295
Nov 11 11:02:17 beverly kernel: audit(1194775319.677:3): avc:  denied  { read } for  pid=922 comm="mdadm" name=".tmp-9-0" dev=tmpfs ino=5157 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=blk_file
Nov 11 11:02:17 beverly kernel: audit(1194775319.678:4): avc:  denied  { ioctl } for  pid=922 comm="mdadm" path="/dev/.tmp-9-0" dev=tmpfs ino=5157 scontext=system_u:system_r:mdadm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=blk_file
Nov 11 11:02:17 beverly kernel: audit(1194775337.201:5): audit_pid=1569 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0


Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. look for audit messages in /var/log/messages
2.
3.

Actual Results:


Expected Results:


Additional info:
Comment 1 Bernd Bartmann 2007-11-11 07:02:28 EST
And even more messages from another F8 system:

audit(1194773843.793:4): avc:  denied  { read write } for  pid=1895
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773843.793:5): avc:  denied  { read write } for  pid=1895
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773843.797:6): avc:  denied  { read write } for  pid=1897
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773843.797:7): avc:  denied  { read write } for  pid=1897
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773843.810:8): avc:  denied  { read write } for  pid=1899
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773843.810:9): avc:  denied  { read write } for  pid=1899
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773843.879:10): avc:  denied  { read write } for  pid=1930
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773843.879:11): avc:  denied  { read write } for  pid=1930
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773843.883:12): avc:  denied  { read write } for  pid=1932
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773843.883:13): avc:  denied  { read write } for  pid=1932
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773843.897:14): avc:  denied  { read write } for  pid=1934
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773843.897:15): avc:  denied  { read write } for  pid=1934
comm="consoletype" path="/dev/pts/0" dev=devpts ino=2
scontext=system_u:system_r:consoletype_t:s0
tcontext=system_u:object_r:rhgb_devpts_t:s0 tclass=chr_file
audit(1194773844.570:16): audit_pid=2059 old=0 by auid=4294967295
subj=system_u:system_r:auditd_t:s0
Comment 2 Steve Grubb 2007-11-11 09:55:56 EST
The audit system just records events for other kernel subsystem much the same
way syslog records messages for programs. This is a selinux-policy problem,
transferring.
Comment 3 Daniel Walsh 2007-11-12 10:36:10 EST
The first avc's are refering to a device named .tmp-9.0 which is unexpected. 
Perhaps mdadm is creating them and using them.  I am changing mdadm to be
allowed to use them.  The other audit messages should also be fixed in the
latest policy upgrade.

Fixed in selinux-policy-3.0.8-52.fc8
Comment 4 Daniel Walsh 2008-01-30 14:19:52 EST
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.