Bug 480344 - avc: denied { read } for comm="sadc" path="inotify" dev=inotifyfs
Summary: avc: denied { read } for comm="sadc" path="inotify" dev=inotifyfs
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 10
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-01-16 15:36 UTC by Orion Poplawski
Modified: 2009-01-20 21:23 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-01-19 19:53:41 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Orion Poplawski 2009-01-16 15:36:08 UTC
Description of problem:

I'm only seeing this on the F10 machine I upgraded via yum, so something may be out of whack here too.  Getting this every time sadc runs:

Jan 16 08:30:02 saga kernel: type=1400 audit(0.000:41693): avc:  denied  { read } for  pid=19616 comm="sadc" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:sysstat_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

Version-Release number of selected component (if applicable):
selinux-policy-3.5.13-38.fc10.noarch
kernel-2.6.27.9-159.fc10.i686

Comment 1 Miroslav Grepl 2009-01-19 10:03:35 UTC
Orion,

probably you need to update selinux-policy-targeted too.

My version of policy:

# rpm -q selinux-policy-targeted selinux-policy

selinux-policy-targeted-3.5.13-38.fc10.noarch
selinux-policy-3.5.13-38.fc10.noarch

Comment 2 Daniel Walsh 2009-01-19 19:53:41 UTC
Orion, try

yum reinstall selinux-policy-targeted

And see if this adds the rule.

# rpm -q selinux-policy-targeted
selinux-policy-targeted-3.5.13-38.fc10.noarch
# sesearch --allow -s sysstat_t -t inotifyfs_t
WARNING: This policy contained disabled aliases; they have been removed.
Found 1 semantic av rules:
   allow sysstat_t inotifyfs_t : dir { ioctl read getattr lock search } ;

Comment 3 Orion Poplawski 2009-01-20 21:23:44 UTC
Thanks, I think that will clean a bunch of things up.  Didn't know about yum reinstall.


Note You need to log in before you can comment on or make changes to this bug.