FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 12-06-2007, 04:42 PM
"Tom London"
 
Default AVC with today's rawhide

I think today's policykit update needs some more love....

Graphical login failed with 'respawn too fast' messages.

Here are the AVCs:

type=AVC msg=audit(1196960817.504:18): avc: denied { read } for
pid=2324 comm="hald" name="PolicyKit.reload" dev=dm-0 ino=67633
scontext=system_u:system_r:hald_t:s0
tcontext=system_ubject_r:system_crond_var_lib_t: s0 tclass=file
type=SYSCALL msg=audit(1196960817.504:18): arch=40000003 syscall=292
success=no exit=-13 a0=d a1=923400 a2=106 a3=9b25d88 items=0 ppid=2323
pid=2324 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) comm="hald" exe="/usr/sbin/hald"
subj=system_u:system_r:hald_t:s0 key=(null)

type=AVC msg=audit(1196961900.294:38): avc: denied { getattr } for
pid=3308 comm="polkit-read-aut" scontext=root:system_r:hald_t:s0
tcontext=root:system_r:hald_t:s0 tclass=process
type=SYSCALL msg=audit(1196961900.294:38): arch=40000003 syscall=3
success=yes exit=24 a0=4 a1=945f538 a2=fff a3=fff items=0 ppid=2833
pid=3308 auid=0 uid=68 gid=68 euid=68 suid=68 fsuid=68 egid=87 sgid=87
fsgid=87 tty=(none) comm="polkit-read-aut"
exe="/usr/libexec/polkit-read-auth-helper"
subj=root:system_r:hald_t:s0 key=(null)

'audit2allow -M'/etc. fixes:

#============= hald_t ==============
allow hald_t selfrocess getattr;
allow hald_t system_crond_var_lib_t:file read;


tom
--
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 08:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org