First Last Prev Next    This bug is not in your last search results.
Bug 480344 - avc: denied { read } for comm="sadc" path="inotify" dev=inotifyfs
avc: denied { read } for comm="sadc" path="inotify" dev=inotifyfs
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
10
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-01-16 10:36 EST by Orion Poplawski
Modified: 2009-01-20 16:23 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-19 14:53:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Orion Poplawski 2009-01-16 10:36:08 EST 
Description of problem:

I'm only seeing this on the F10 machine I upgraded via yum, so something may be out of whack here too.  Getting this every time sadc runs:

Jan 16 08:30:02 saga kernel: type=1400 audit(0.000:41693): avc:  denied  { read } for  pid=19616 comm="sadc" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:sysstat_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-38.fc10.noarch
kernel-2.6.27.9-159.fc10.i686
Comment 1 Miroslav Grepl 2009-01-19 05:03:35 EST 
Orion,

probably you need to update selinux-policy-targeted too.

My version of policy:

# rpm -q selinux-policy-targeted selinux-policy

selinux-policy-targeted-3.5.13-38.fc10.noarch
selinux-policy-3.5.13-38.fc10.noarch
Comment 2 Daniel Walsh 2009-01-19 14:53:41 EST 
Orion, try

yum reinstall selinux-policy-targeted

And see if this adds the rule.

# rpm -q selinux-policy-targeted
selinux-policy-targeted-3.5.13-38.fc10.noarch
# sesearch --allow -s sysstat_t -t inotifyfs_t
WARNING: This policy contained disabled aliases; they have been removed.
Found 1 semantic av rules:
   allow sysstat_t inotifyfs_t : dir { ioctl read getattr lock search } ;
Comment 3 Orion Poplawski 2009-01-20 16:23:44 EST 
Thanks, I think that will clean a bunch of things up.  Didn't know about yum reinstall.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.