From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.4) Gecko/20070607 Swiftweasel/2.0.0.4 Description of problem: Rawhide (F9) with: policycoreutils-2.0.46-2.fc9.i386 selinux-policy-3.3.1-32.fc9.noarch selinux-policy-devel-3.3.1-32.fc9.noarch policycoreutils-newrole-2.0.46-2.fc9.i386 selinux-policy-mls-3.3.1-32.fc9.noarch selinux-policy-targeted-3.3.1-32.fc9.noarch checkpolicy-2.0.13-1.fc9.i386 hack-policy-1.0.0-18.noarch policycoreutils-gui-2.0.46-2.fc9.i386 audit-1.7.1-1.fc9.i386 prelude-manager-0.9.11-1.fc9.i386 libprelude-0.9.16.2-2.fc9.i386 prelude-lml-0.9.11-2.fc9.i386 After booting, starting up application see a number of AVCs in audit (attached). I am using relaying from this machine to another; this is different from Steve G.'s testing. Version-Release number of selected component (if applicable): selinux-policy-mls-3.3.1-32.fc9.noarch How reproducible: Always Steps to Reproduce: 1.Boot 2.Start application 3.run "ausearch --start today -m avc -x prelude" Actual Results: Saw the attached AVC list in the ausearch results. Expected Results: Hopefully no AVCs related to prelude/audit. Additional info: I can add any relevant information needed on request (audit rules, etc.) but didn't want to clog this bz with irrelevant info. Attached files are results of: prelude.avc : ausearch --start today -m avc -x prelude > prelude.avc ausearch.avc : ausearch --start today -m avc -x ausearch > ausearch.avc audisp-prelude.avc : ausearch --start today -m avc -x audisp-prelude > audisp-prelude.avc
Created attachment 302128 [details] audisp-prelude avc
Created attachment 302129 [details] ausearch avc
Created attachment 302130 [details] prelude avc
This looks like a labeling problem. prelude-manager is running as initrc_t rather then the correct context. What is it labeled? Also staff_t should not be allowed to look at audit data, so the second avc's are caused by you not transitioning to sysadm_r:sysadm_t
The other problem is prelude policy is not included in mls policy. I will add and update Fixed in selinux-policy-3.3.1-35.fc9
(In reply to comment #4) > This looks like a labeling problem. prelude-manager is running as initrc_t > rather then the correct context. What is it labeled? > > Also staff_t should not be allowed to look at audit data, so the second avc's > are caused by you not transitioning to sysadm_r:sysadm_t > prelude-manager is labeled: [lenny@sun ~]$ ls -alZ /usr/bin/prelude-manager -rwxr-xr-x root root system_u:object_r:bin_t:SystemLow /usr/bin/prelude-manager [lenny@sun ~]$ ps -eadflZ | grep prelude-manager system_u:system_r:initrc_t:SystemLow-SystemHigh 1 S root 2082 1 0 80 0 - 8864 sys_po 12:03 ? 00:00:01 prelude-manager -d user_u:user_r:user_t:SystemLow 0 S lenny 3514 3473 0 80 0 - 1041 pipe_w 15:28 pts/1 00:00:00 grep prelude-manager