Bug 676617 - Bootup avc: denied on TC1 for systemd-readahead
Summary: Bootup avc: denied on TC1 for systemd-readahead
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-02-10 12:55 UTC by Jóhann B. Guðmundsson
Modified: 2011-02-24 15:41 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-02-10 14:40:02 UTC
Type: ---


Attachments (Terms of Use)
dmesg (74.59 KB, text/plain)
2011-02-10 12:55 UTC, Jóhann B. Guðmundsson
no flags Details

Description Jóhann B. Guðmundsson 2011-02-10 12:55:43 UTC
Created attachment 478044 [details]
dmesg

Description of problem:

see attached dmesg for details.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Note comm="systemd-readahe" <-- you might want to increase the number of characters in this field and or there is a spelling error in the code somewhere for systemd-readahe this probably is supposed to be systemd-readahead atleast

Comment 1 Daniel Walsh 2011-02-10 14:40:02 UTC
systemd-readahe is related to the kernel mechanism for reporting avcs.  If you looked at the syscall record you would get more information, potentially the entire path.

Avcs fixed in selinux-policy-3.9.14-3.fc15.src.rpm

Comment 2 Jóhann B. Guðmundsson 2011-02-24 14:15:40 UTC
They are still present with alpha rc1...

[    7.179257] type=1400 audit(1298554024.392:4): avc:  denied  { write } for  pid=393 comm="systemd-readahe" name="kmsg" dev=devtmpfs ino=4351 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:kmsg_device_t:s0 tclass=chr_file
[   13.617210] type=1400 audit(1298554030.830:5): avc:  denied  { write } for  pid=393 comm="systemd-readahe" path="/etc/modprobe.d" dev=dm-1 ino=1308166 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:modules_conf_t:s0 tclass=dir
[   16.029420] type=1400 audit(1298554033.242:6): avc:  denied  { write } for  pid=393 comm="systemd-readahe" path="/etc/tmpfiles.d" dev=dm-1 ino=1308732 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:etc_t:s0 tclass=dir
[   16.862111] type=1400 audit(1298554034.075:7): avc:  denied  { write } for  pid=393 comm="systemd-readahe" path="/etc/portreserve" dev=dm-1 ino=1440398 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:portreserve_etc_t:s0 tclass=dir
[   17.317967] type=1400 audit(1298554034.530:8): avc:  denied  { write } for  pid=393 comm="systemd-readahe" path="/etc/dbus-1/system.d" dev=dm-1 ino=1311628 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:dbusd_etc_t:s0 tclass=dir
[   17.991566] type=1400 audit(1298554035.204:9): avc:  denied  { write } for  pid=393 comm="systemd-readahe" path="/usr/share/dbus-1/system-services" dev=dm-1 ino=922913 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=dir

Comment 3 Jóhann B. Guðmundsson 2011-02-24 14:16:13 UTC
Did a fresh install

Comment 4 Jóhann B. Guðmundsson 2011-02-24 15:41:43 UTC
Hum doing a network install with updates updates-testing does not contain these denials so it's best to leave it closed.. 

I'll comment on this if still present on final alpha..


Note You need to log in before you can comment on or make changes to this bug.