Bug 480344 - avc: denied { read } for comm="sadc" path="inotify" dev=inotifyfs
avc: denied { read } for comm="sadc" path="inotify" dev=inotifyfs
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-01-16 10:36 EST by Orion Poplawski
Modified: 2009-01-20 16:23 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-19 14:53:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2009-01-16 10:36:08 EST
Description of problem:

I'm only seeing this on the F10 machine I upgraded via yum, so something may be out of whack here too.  Getting this every time sadc runs:

Jan 16 08:30:02 saga kernel: type=1400 audit(0.000:41693): avc:  denied  { read } for  pid=19616 comm="sadc" path="inotify" dev=inotifyfs ino=1 scontext=system_u:system_r:sysstat_t:s0-s0:c0.c1023 tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

Version-Release number of selected component (if applicable):
Comment 1 Miroslav Grepl 2009-01-19 05:03:35 EST

probably you need to update selinux-policy-targeted too.

My version of policy:

# rpm -q selinux-policy-targeted selinux-policy

Comment 2 Daniel Walsh 2009-01-19 14:53:41 EST
Orion, try

yum reinstall selinux-policy-targeted

And see if this adds the rule.

# rpm -q selinux-policy-targeted
# sesearch --allow -s sysstat_t -t inotifyfs_t
WARNING: This policy contained disabled aliases; they have been removed.
Found 1 semantic av rules:
   allow sysstat_t inotifyfs_t : dir { ioctl read getattr lock search } ;
Comment 3 Orion Poplawski 2009-01-20 16:23:44 EST
Thanks, I think that will clean a bunch of things up.  Didn't know about yum reinstall.

Note You need to log in before you can comment on or make changes to this bug.