FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 09-02-2008, 11:12 PM
Antonio Olivares
 
Default many avcs at startup, readahead and several others

Dear fellow selinux troubleshooters and testers,

Using rawhide, I have seen several avcs at startup namely readahead and others, while I found out that the sound problem is due to selinux getting in the way of pulse. Here's a few avcs. Advise and/or workarounds appreciated, setroubleshoot has not kicked in, these are from dmesg | grep 'avcs'

[root@localhost ~]# dmesg | grep 'avc'
type=1400 audit(1220390408.063:4): avc: denied { read write } for pid=611 comm="readahead" path="/dev/console" dev=tmpfs ino=408 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
type=1400 audit(1220390408.064:5): avc: denied { read write } for pid=611 comm="readahead" path="/dev/console" dev=tmpfs ino=408 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
type=1400 audit(1220390408.064:6): avc: denied { read write } for pid=611 comm="readahead" path="/dev/console" dev=tmpfs ino=408 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
type=1400 audit(1220390408.788:7): avc: denied { fowner } for pid=611 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220390408.837:8): avc: denied { fowner } for pid=611 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220390408.838:9): avc: denied { fowner } for pid=611 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220390409.131:10): avc: denied { fowner } for pid=611 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220390433.392:11): avc: denied { write } for pid=1457 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:devpts_t:s0 tclass=chr_file
type=1400 audit(1220390434.665:12): avc: denied { write } for pid=1679 comm="ip" path="/0" dev=devpts ino=2 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_ubject_r:devpts_t:s0 tclass=chr_file
type=1400 audit(1220390483.087:13): avc: denied { search } for pid=1941 comm="pcscd" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_rcscd_t:s0 tcontext=system_ubject_r:system_dbusd_var_run_t: s0 tclass=dir
type=1400 audit(1220390498.350:14): avc: denied { execute } for pid=2393 comm="gdm" name="rpm" dev=dm-0 ino=24117303 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
type=1400 audit(1220390498.351:15): avc: denied { getattr } for pid=2393 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117303 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
type=1400 audit(1220390498.351:16): avc: denied { getattr } for pid=2393 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117303 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
type=1400 audit(1220391361.963:17): avc: denied { setattr } for pid=3251 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220391361.965:18): avc: denied { setattr } for pid=3251 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220391361.965:19): avc: denied { setattr } for pid=3251 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220391361.966:20): avc: denied { setattr } for pid=3251 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220391361.966:21): avc: denied { write } for pid=3251 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220391480.205:22): avc: denied { setattr } for pid=3267 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220391480.206:23): avc: denied { setattr } for pid=3267 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220391480.206:24): avc: denied { setattr } for pid=3267 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220391480.206:25): avc: denied { setattr } for pid=3267 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220391480.206:26): avc: denied { write } for pid=3267 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396664.211:27): avc: denied { setattr } for pid=3639 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396664.211:28): avc: denied { setattr } for pid=3639 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396664.212:29): avc: denied { setattr } for pid=3639 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396664.212:30): avc: denied { setattr } for pid=3639 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396664.212:31): avc: denied { write } for pid=3639 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396675.758:32): avc: denied { setattr } for pid=3655 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396675.759:33): avc: denied { setattr } for pid=3655 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396675.759:34): avc: denied { setattr } for pid=3655 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396675.760:35): avc: denied { setattr } for pid=3655 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396675.760:36): avc: denied { write } for pid=3655 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396688.315:37): avc: denied { setattr } for pid=3667 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396688.316:38): avc: denied { setattr } for pid=3667 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396688.317:39): avc: denied { setattr } for pid=3667 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396688.317:40): avc: denied { setattr } for pid=3667 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396688.318:41): avc: denied { write } for pid=3667 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396800.645:42): avc: denied { setattr } for pid=3788 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396800.645:43): avc: denied { setattr } for pid=3788 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396800.646:44): avc: denied { setattr } for pid=3788 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396800.646:45): avc: denied { setattr } for pid=3788 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396800.647:46): avc: denied { write } for pid=3788 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396814.195:47): avc: denied { setattr } for pid=3800 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396814.196:48): avc: denied { setattr } for pid=3800 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396814.196:49): avc: denied { setattr } for pid=3800 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396814.197:50): avc: denied { setattr } for pid=3800 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
type=1400 audit(1220396814.197:51): avc: denied { write } for pid=3800 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir


Thanks,

Antonio




--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-02-2008, 11:28 PM
"Tom London"
 
Default many avcs at startup, readahead and several others

On Tue, Sep 2, 2008 at 4:12 PM, Antonio Olivares
<olivares14031@yahoo.com> wrote:
> Dear fellow selinux troubleshooters and testers,
>
> Using rawhide, I have seen several avcs at startup namely readahead and others, while I found out that the sound problem is due to selinux getting in the way of pulse. Here's a few avcs. Advise and/or workarounds appreciated, setroubleshoot has not kicked in, these are from dmesg | grep 'avcs'
>
> [root@localhost ~]# dmesg | grep 'avc'
> type=1400 audit(1220390408.063:4): avc: denied { read write } for pid=611 comm="readahead" path="/dev/console" dev=tmpfs ino=408 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220390408.064:5): avc: denied { read write } for pid=611 comm="readahead" path="/dev/console" dev=tmpfs ino=408 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220390408.064:6): avc: denied { read write } for pid=611 comm="readahead" path="/dev/console" dev=tmpfs ino=408 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220390408.788:7): avc: denied { fowner } for pid=611 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220390408.837:8): avc: denied { fowner } for pid=611 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220390408.838:9): avc: denied { fowner } for pid=611 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220390409.131:10): avc: denied { fowner } for pid=611 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220390433.392:11): avc: denied { write } for pid=1457 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:devpts_t:s0 tclass=chr_file
> type=1400 audit(1220390434.665:12): avc: denied { write } for pid=1679 comm="ip" path="/0" dev=devpts ino=2 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_ubject_r:devpts_t:s0 tclass=chr_file
> type=1400 audit(1220390483.087:13): avc: denied { search } for pid=1941 comm="pcscd" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_rcscd_t:s0 tcontext=system_ubject_r:system_dbusd_var_run_t: s0 tclass=dir
> type=1400 audit(1220390498.350:14): avc: denied { execute } for pid=2393 comm="gdm" name="rpm" dev=dm-0 ino=24117303 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220390498.351:15): avc: denied { getattr } for pid=2393 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117303 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220390498.351:16): avc: denied { getattr } for pid=2393 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117303 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220391361.963:17): avc: denied { setattr } for pid=3251 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220391361.965:18): avc: denied { setattr } for pid=3251 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220391361.965:19): avc: denied { setattr } for pid=3251 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220391361.966:20): avc: denied { setattr } for pid=3251 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220391361.966:21): avc: denied { write } for pid=3251 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220391480.205:22): avc: denied { setattr } for pid=3267 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220391480.206:23): avc: denied { setattr } for pid=3267 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220391480.206:24): avc: denied { setattr } for pid=3267 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220391480.206:25): avc: denied { setattr } for pid=3267 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220391480.206:26): avc: denied { write } for pid=3267 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396664.211:27): avc: denied { setattr } for pid=3639 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396664.211:28): avc: denied { setattr } for pid=3639 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396664.212:29): avc: denied { setattr } for pid=3639 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396664.212:30): avc: denied { setattr } for pid=3639 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396664.212:31): avc: denied { write } for pid=3639 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396675.758:32): avc: denied { setattr } for pid=3655 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396675.759:33): avc: denied { setattr } for pid=3655 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396675.759:34): avc: denied { setattr } for pid=3655 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396675.760:35): avc: denied { setattr } for pid=3655 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396675.760:36): avc: denied { write } for pid=3655 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396688.315:37): avc: denied { setattr } for pid=3667 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396688.316:38): avc: denied { setattr } for pid=3667 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396688.317:39): avc: denied { setattr } for pid=3667 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396688.317:40): avc: denied { setattr } for pid=3667 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396688.318:41): avc: denied { write } for pid=3667 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396800.645:42): avc: denied { setattr } for pid=3788 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396800.645:43): avc: denied { setattr } for pid=3788 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396800.646:44): avc: denied { setattr } for pid=3788 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396800.646:45): avc: denied { setattr } for pid=3788 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396800.647:46): avc: denied { write } for pid=3788 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396814.195:47): avc: denied { setattr } for pid=3800 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396814.196:48): avc: denied { setattr } for pid=3800 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396814.196:49): avc: denied { setattr } for pid=3800 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396814.197:50): avc: denied { setattr } for pid=3800 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
> type=1400 audit(1220396814.197:51): avc: denied { write } for pid=3800 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200 scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
>
>
> Thanks,
>
> Antonio
>
Try "restorecon -v -R ~"

--
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-03-2008, 01:19 AM
Antonio Olivares
 
Default many avcs at startup, readahead and several others

--- On Tue, 9/2/08, Tom London <selinux@gmail.com> wrote:

> From: Tom London <selinux@gmail.com>
> Subject: Re: many avcs at startup, readahead and several others
> To: olivares14031@yahoo.com, "For testers of Fedora Core development releases" <fedora-test-list@redhat.com>
> Cc: fedora-selinux-list@redhat.com
> Date: Tuesday, September 2, 2008, 4:28 PM
> On Tue, Sep 2, 2008 at 4:12 PM, Antonio Olivares
> <olivares14031@yahoo.com> wrote:
> > Dear fellow selinux troubleshooters and testers,
> >
> > Using rawhide, I have seen several avcs at startup
> namely readahead and others, while I found out that the
> sound problem is due to selinux getting in the way of pulse.
> Here's a few avcs. Advise and/or workarounds
> appreciated, setroubleshoot has not kicked in, these are
> from dmesg | grep 'avcs'
> >
> > [root@localhost ~]# dmesg | grep 'avc'
> > type=1400 audit(1220390408.063:4): avc: denied {
> read write } for pid=611 comm="readahead"
> path="/dev/console" dev=tmpfs ino=408
> scontext=system_u:system_r:readahead_t:s0
.... removed to save BANDWITH ........
> >
> >
> > Thanks,
> >
> > Antonio
> >
> Try "restorecon -v -R ~"
>
> --
> Tom London

It did not work. STILL I see the AVCS at startup


Regards,

Antonio




--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-03-2008, 02:57 AM
"Tom London"
 
Default many avcs at startup, readahead and several others

On Tue, Sep 2, 2008 at 6:19 PM, Antonio Olivares
<olivares14031@yahoo.com> wrote:
> --- On Tue, 9/2/08, Tom London <selinux@gmail.com> wrote:
>
>> From: Tom London <selinux@gmail.com>
>> Subject: Re: many avcs at startup, readahead and several others
>> To: olivares14031@yahoo.com, "For testers of Fedora Core development releases" <fedora-test-list@redhat.com>
>> Cc: fedora-selinux-list@redhat.com
>> Date: Tuesday, September 2, 2008, 4:28 PM
>> On Tue, Sep 2, 2008 at 4:12 PM, Antonio Olivares
>> <olivares14031@yahoo.com> wrote:
>> > Dear fellow selinux troubleshooters and testers,
>> >
>> > Using rawhide, I have seen several avcs at startup
>> namely readahead and others, while I found out that the
>> sound problem is due to selinux getting in the way of pulse.
>> Here's a few avcs. Advise and/or workarounds
>> appreciated, setroubleshoot has not kicked in, these are
>> from dmesg | grep 'avcs'
>> >
>> > [root@localhost ~]# dmesg | grep 'avc'
>> > type=1400 audit(1220390408.063:4): avc: denied {
>> read write } for pid=611 comm="readahead"
>> path="/dev/console" dev=tmpfs ino=408
>> scontext=system_u:system_r:readahead_t:s0
> .... removed to save BANDWITH ........
>> >
>> >
>> > Thanks,
>> >
>> > Antonio
>> >
>> Try "restorecon -v -R ~"
>>
>> --
>> Tom London
>
> It did not work. STILL I see the AVCS at startup
>
>
> Regards,
>
> Antonio
>
I'm running selinux-policy-targeted-3.5.5-3.fc10.noarch and
selinux-policy-3.5.5-3.fc10.noarch.

and on my system ~/.pulse is:
[tbl@tlondon ~]$ ls -ld .pulse
drwx------ 2 tbl tbl 4096 2008-09-02 19:48 .pulse
[tbl@tlondon ~]$ ls -ldZ .pulse
drwx------ tbl tbl system_ubject_r:gnome_home_t:s0 .pulse
[tbl@tlondon ~]$

On yours, it seems to be user_home_t.

type=1400 audit(1220391480.206:24): avc: denied { setattr } for
pid=3267 comm="npviewer.bin" name=".pulse" dev=dm-0 ino=7176200
scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir

You running the same policy? Did you update from F9?

tom
--
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-03-2008, 04:05 AM
Antonio Olivares
 
Default many avcs at startup, readahead and several others

--- On Tue, 9/2/08, Tom London <selinux@gmail.com> wrote:

> From: Tom London <selinux@gmail.com>
> Subject: Re: many avcs at startup, readahead and several others
> To: olivares14031@yahoo.com
> Cc: fedora-test-list@redhat.com, fedora-selinux-list@redhat.com
> Date: Tuesday, September 2, 2008, 7:57 PM
> On Tue, Sep 2, 2008 at 6:19 PM, Antonio Olivares
> <olivares14031@yahoo.com> wrote:
> > --- On Tue, 9/2/08, Tom London
> <selinux@gmail.com> wrote:
> >
> >> From: Tom London <selinux@gmail.com>
> >> Subject: Re: many avcs at startup, readahead and
> several others
> >> To: olivares14031@yahoo.com, "For testers of
> Fedora Core development releases"
> <fedora-test-list@redhat.com>
> >> Cc: fedora-selinux-list@redhat.com
> >> Date: Tuesday, September 2, 2008, 4:28 PM
> >> On Tue, Sep 2, 2008 at 4:12 PM, Antonio Olivares
> >> <olivares14031@yahoo.com> wrote:
> >> > Dear fellow selinux troubleshooters and
> testers,
> >> >
> >> > Using rawhide, I have seen several avcs at
> startup
> >> namely readahead and others, while I found out
> that the
> >> sound problem is due to selinux getting in the way
> of pulse.
> >> Here's a few avcs. Advise and/or workarounds
> >> appreciated, setroubleshoot has not kicked in,
> these are
> >> from dmesg | grep 'avcs'
> >> >
> >> > [root@localhost ~]# dmesg | grep
> 'avc'
> >> > type=1400 audit(1220390408.063:4): avc:
> denied {
> >> read write } for pid=611
> comm="readahead"
> >> path="/dev/console" dev=tmpfs ino=408
> >> scontext=system_u:system_r:readahead_t:s0
> > .... removed to save BANDWITH ........
> >> >
> >> >
> >> > Thanks,
> >> >
> >> > Antonio
> >> >
> >> Try "restorecon -v -R ~"
> >>
> >> --
> >> Tom London
> >
> > It did not work. STILL I see the AVCS at startup
> >
> >
> > Regards,
> >
> > Antonio
> >
> I'm running selinux-policy-targeted-3.5.5-3.fc10.noarch
> and
> selinux-policy-3.5.5-3.fc10.noarch.
>
> and on my system ~/.pulse is:
> [tbl@tlondon ~]$ ls -ld .pulse
> drwx------ 2 tbl tbl 4096 2008-09-02 19:48 .pulse
> [tbl@tlondon ~]$ ls -ldZ .pulse
> drwx------ tbl tbl system_ubject_r:gnome_home_t:s0
> .pulse
> [tbl@tlondon ~]$
>
> On yours, it seems to be user_home_t.
>
> type=1400 audit(1220391480.206:24): avc: denied { setattr
> } for
> pid=3267 comm="npviewer.bin"
> name=".pulse" dev=dm-0 ino=7176200
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
>
> You running the same policy? Did you update from F9?
Should be, I'll check tommorrow in the morning.

I did a touch /. autorelabel; reboot

and avc's appear to be gone , however when I try to play an audio file, I get error(s) with pulse, so maybe pulse or the permissions are wrong .


> tom
> --
> Tom London

Thanks for helping out.

Regards,

Antonio




--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-03-2008, 12:02 PM
Antonio Olivares
 
Default many avcs at startup, readahead and several others

--- On Tue, 9/2/08, Tom London <selinux@gmail.com> wrote:

> I'm running selinux-policy-targeted-3.5.5-3.fc10.noarch
> and
> selinux-policy-3.5.5-3.fc10.noarch.
>
> and on my system ~/.pulse is:
> [tbl@tlondon ~]$ ls -ld .pulse
> drwx------ 2 tbl tbl 4096 2008-09-02 19:48 .pulse
> [tbl@tlondon ~]$ ls -ldZ .pulse
> drwx------ tbl tbl system_ubject_r:gnome_home_t:s0
> .pulse
> [tbl@tlondon ~]$
>
> On yours, it seems to be user_home_t.
>
> type=1400 audit(1220391480.206:24): avc: denied { setattr
> } for
> pid=3267 comm="npviewer.bin"
> name=".pulse" dev=dm-0 ino=7176200
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
>
> You running the same policy? Did you update from F9?

[olivares@localhost ~]$ cat .selinux-policy.txt
selinux-policy-targeted-3.5.5-3.fc10.noarch
selinux-policy-3.5.5-3.fc10.noarch
[olivares@localhost ~]$ ls -ld .pulse
drwx------ 2 olivares olivares 4096 2008-09-03 07:00 .pulse
[olivares@localhost ~]$ ls -ldZ .pulse
drwx------ olivares olivares system_ubject_r:gnome_home_t .pulse
[olivares@localhost ~]$

I did a
# touch ./autorelabel; reboot

and the denied avcs still appear . Wonder what is happening?
>
> tom
> --
> Tom London




--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-03-2008, 05:14 PM
Daniel J Walsh
 
Default many avcs at startup, readahead and several others

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
>
>
> --- On Tue, 9/2/08, Tom London <selinux@gmail.com> wrote:
>
>> I'm running selinux-policy-targeted-3.5.5-3.fc10.noarch
>> and
>> selinux-policy-3.5.5-3.fc10.noarch.
>>
>> and on my system ~/.pulse is:
>> [tbl@tlondon ~]$ ls -ld .pulse
>> drwx------ 2 tbl tbl 4096 2008-09-02 19:48 .pulse
>> [tbl@tlondon ~]$ ls -ldZ .pulse
>> drwx------ tbl tbl system_ubject_r:gnome_home_t:s0
>> .pulse
>> [tbl@tlondon ~]$
>>
>> On yours, it seems to be user_home_t.
>>
>> type=1400 audit(1220391480.206:24): avc: denied { setattr
>> } for
>> pid=3267 comm="npviewer.bin"
>> name=".pulse" dev=dm-0 ino=7176200
>> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
>> tcontext=unconfined_ubject_r:user_home_t:s0 tclass=dir
>>
>> You running the same policy? Did you update from F9?
>
> [olivares@localhost ~]$ cat .selinux-policy.txt
> selinux-policy-targeted-3.5.5-3.fc10.noarch
> selinux-policy-3.5.5-3.fc10.noarch
> [olivares@localhost ~]$ ls -ld .pulse
> drwx------ 2 olivares olivares 4096 2008-09-03 07:00 .pulse
> [olivares@localhost ~]$ ls -ldZ .pulse
> drwx------ olivares olivares system_ubject_r:gnome_home_t .pulse
> [olivares@localhost ~]$
>
> I did a
> # touch ./autorelabel; reboot
>
> and the denied avcs still appear . Wonder what is happening?
>> tom
>> --
>> Tom London
>
>
>
>
Which avc's still appear?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAki+xf4ACgkQrlYvE4MpobM6aACeNr5Hr+KQ88 FmP1EKnJHALf25
TJMAnA6P4ORu8BJvSnKubjM7x+9oYvXy
=lJ6A
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-03-2008, 09:14 PM
Antonio Olivares
 
Default many avcs at startup, readahead and several others

--- On Wed, 9/3/08, Daniel J Walsh <dwalsh@redhat.com> wrote:

> From: Daniel J Walsh <dwalsh@redhat.com>
> Subject: Re: many avcs at startup, readahead and several others
> To: olivares14031@yahoo.com, "For testers of Fedora Core development releases" <fedora-test-list@redhat.com>
> Cc: "Tom London" <selinux@gmail.com>, fedora-selinux-list@redhat.com
> Date: Wednesday, September 3, 2008, 10:14 AM
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Antonio Olivares wrote:
> >
> >
> > --- On Tue, 9/2/08, Tom London
> <selinux@gmail.com> wrote:
> >
> >> I'm running
> selinux-policy-targeted-3.5.5-3.fc10.noarch
> >> and
> >> selinux-policy-3.5.5-3.fc10.noarch.
> >>
> >> and on my system ~/.pulse is:
> >> [tbl@tlondon ~]$ ls -ld .pulse
> >> drwx------ 2 tbl tbl 4096 2008-09-02 19:48 .pulse
> >> [tbl@tlondon ~]$ ls -ldZ .pulse
> >> drwx------ tbl tbl
> system_ubject_r:gnome_home_t:s0
> >> .pulse
> >> [tbl@tlondon ~]$
> >>
> >> On yours, it seems to be user_home_t.
> >>
> >> type=1400 audit(1220391480.206:24): avc: denied
> { setattr
> >> } for
> >> pid=3267 comm="npviewer.bin"
> >> name=".pulse" dev=dm-0 ino=7176200
> >>
> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
> >> tcontext=unconfined_ubject_r:user_home_t:s0
> tclass=dir
> >>
> >> You running the same policy? Did you update from
> F9?
> >
> > [olivares@localhost ~]$ cat .selinux-policy.txt
> > selinux-policy-targeted-3.5.5-3.fc10.noarch
> > selinux-policy-3.5.5-3.fc10.noarch
> > [olivares@localhost ~]$ ls -ld .pulse
> > drwx------ 2 olivares olivares 4096 2008-09-03 07:00
> .pulse
> > [olivares@localhost ~]$ ls -ldZ .pulse
> > drwx------ olivares olivares
> system_ubject_r:gnome_home_t .pulse
> > [olivares@localhost ~]$
> >
> > I did a
> > # touch ./autorelabel; reboot
> >
> > and the denied avcs still appear . Wonder what is
> happening?
> >> tom
> >> --
> >> Tom London
> >
> >
> >
> >
> Which avc's still appear?


After applying today's updates,

[olivares@localhost ~]$ dmesg | grep 'avc'
type=1400 audit(1220475941.234:4): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
type=1400 audit(1220475941.235:5): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
type=1400 audit(1220475941.235:6): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
type=1400 audit(1220475942.150:7): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220475942.150:8): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220475942.155:9): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220475942.651:10): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
type=1400 audit(1220475968.477:11): avc: denied { write } for pid=1475 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:devpts_t:s0 tclass=chr_file
type=1400 audit(1220475969.949:12): avc: denied { write } for pid=1697 comm="ip" path="/0" dev=devpts ino=2 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_ubject_r:devpts_t:s0 tclass=chr_file
type=1400 audit(1220476005.919:13): avc: denied { search } for pid=1958 comm="pcscd" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_rcscd_t:s0 tcontext=system_ubject_r:system_dbusd_var_run_t: s0 tclass=dir
type=1400 audit(1220476026.870:14): avc: denied { search } for pid=2368 comm="python" name="hp" dev=dm-0 ino=28345940 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_ubject_r:hplip_etc_t:s0 tclass=dir
type=1400 audit(1220476026.972:15): avc: denied { execute } for pid=2417 comm="gdm" name="rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
type=1400 audit(1220476026.973:16): avc: denied { getattr } for pid=2417 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
type=1400 audit(1220476026.973:17): avc: denied { getattr } for pid=2417 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
type=1400 audit(1220476028.580:18): avc: denied { search } for pid=2449 comm="python" name="hp" dev=dm-0 ino=28345940 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_ubject_r:hplip_etc_t:s0 tclass=dir
[olivares@localhost ~]$
[olivares@localhost ~]$ uname -a
Linux localhost 2.6.27-0.297.rc5.git2.fc10.i686 #1 SMP Tue Sep 2 11:19:36 EDT 2008 i686 athlon i386 GNU/Linux






--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-03-2008, 10:14 PM
"Tom London"
 
Default many avcs at startup, readahead and several others

On Wed, Sep 3, 2008 at 2:14 PM, Antonio Olivares
<olivares14031@yahoo.com> wrote:
>
>
>
> --- On Wed, 9/3/08, Daniel J Walsh <dwalsh@redhat.com> wrote:
>
>> From: Daniel J Walsh <dwalsh@redhat.com>
>> Subject: Re: many avcs at startup, readahead and several others
>> To: olivares14031@yahoo.com, "For testers of Fedora Core development releases" <fedora-test-list@redhat.com>
>> Cc: "Tom London" <selinux@gmail.com>, fedora-selinux-list@redhat.com
>> Date: Wednesday, September 3, 2008, 10:14 AM
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Antonio Olivares wrote:
>> >
>> >
>> > --- On Tue, 9/2/08, Tom London
>> <selinux@gmail.com> wrote:
>> >
>> >> I'm running
>> selinux-policy-targeted-3.5.5-3.fc10.noarch
>> >> and
>> >> selinux-policy-3.5.5-3.fc10.noarch.
>> >>
>> >> and on my system ~/.pulse is:
>> >> [tbl@tlondon ~]$ ls -ld .pulse
>> >> drwx------ 2 tbl tbl 4096 2008-09-02 19:48 .pulse
>> >> [tbl@tlondon ~]$ ls -ldZ .pulse
>> >> drwx------ tbl tbl
>> system_ubject_r:gnome_home_t:s0
>> >> .pulse
>> >> [tbl@tlondon ~]$
>> >>
>> >> On yours, it seems to be user_home_t.
>> >>
>> >> type=1400 audit(1220391480.206:24): avc: denied
>> { setattr
>> >> } for
>> >> pid=3267 comm="npviewer.bin"
>> >> name=".pulse" dev=dm-0 ino=7176200
>> >>
>> scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023
>> >> tcontext=unconfined_ubject_r:user_home_t:s0
>> tclass=dir
>> >>
>> >> You running the same policy? Did you update from
>> F9?
>> >
>> > [olivares@localhost ~]$ cat .selinux-policy.txt
>> > selinux-policy-targeted-3.5.5-3.fc10.noarch
>> > selinux-policy-3.5.5-3.fc10.noarch
>> > [olivares@localhost ~]$ ls -ld .pulse
>> > drwx------ 2 olivares olivares 4096 2008-09-03 07:00
>> .pulse
>> > [olivares@localhost ~]$ ls -ldZ .pulse
>> > drwx------ olivares olivares
>> system_ubject_r:gnome_home_t .pulse
>> > [olivares@localhost ~]$
>> >
>> > I did a
>> > # touch ./autorelabel; reboot
>> >
>> > and the denied avcs still appear . Wonder what is
>> happening?
>> >> tom
>> >> --
>> >> Tom London
>> >
>> >
>> >
>> >
>> Which avc's still appear?
>
>
> After applying today's updates,
>
> [olivares@localhost ~]$ dmesg | grep 'avc'
> type=1400 audit(1220475941.234:4): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220475941.235:5): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220475941.235:6): avc: denied { read write } for pid=613 comm="readahead" path="/dev/console" dev=tmpfs ino=410 scontext=system_u:system_r:readahead_t:s0 tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
> type=1400 audit(1220475942.150:7): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475942.150:8): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475942.155:9): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475942.651:10): avc: denied { fowner } for pid=613 comm="readahead" capability=3 scontext=system_u:system_r:readahead_t:s0 tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> type=1400 audit(1220475968.477:11): avc: denied { write } for pid=1475 comm="ip6tables-resto" path="/0" dev=devpts ino=2 scontext=system_u:system_r:iptables_t:s0 tcontext=system_ubject_r:devpts_t:s0 tclass=chr_file
> type=1400 audit(1220475969.949:12): avc: denied { write } for pid=1697 comm="ip" path="/0" dev=devpts ino=2 scontext=system_u:system_r:ifconfig_t:s0 tcontext=system_ubject_r:devpts_t:s0 tclass=chr_file
> type=1400 audit(1220476005.919:13): avc: denied { search } for pid=1958 comm="pcscd" name="dbus" dev=dm-0 ino=3276848 scontext=system_u:system_rcscd_t:s0 tcontext=system_ubject_r:system_dbusd_var_run_t: s0 tclass=dir
> type=1400 audit(1220476026.870:14): avc: denied { search } for pid=2368 comm="python" name="hp" dev=dm-0 ino=28345940 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_ubject_r:hplip_etc_t:s0 tclass=dir
> type=1400 audit(1220476026.972:15): avc: denied { execute } for pid=2417 comm="gdm" name="rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220476026.973:16): avc: denied { getattr } for pid=2417 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220476026.973:17): avc: denied { getattr } for pid=2417 comm="gdm" path="/bin/rpm" dev=dm-0 ino=24117291 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
> type=1400 audit(1220476028.580:18): avc: denied { search } for pid=2449 comm="python" name="hp" dev=dm-0 ino=28345940 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_ubject_r:hplip_etc_t:s0 tclass=dir
> [olivares@localhost ~]$
> [olivares@localhost ~]$ uname -a
> Linux localhost 2.6.27-0.297.rc5.git2.fc10.i686 #1 SMP Tue Sep 2 11:19:36 EDT 2008 i686 athlon i386 GNU/Linux
>
>
>
OK, so running "restorecon" on your home directory got rid of the
pulse related AVCs.

Are you booting/running in enforcing or permissive mode?

tom
--
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 09-03-2008, 10:51 PM
Antonio Olivares
 
Default many avcs at startup, readahead and several others

> >> Which avc's still appear?
> >
> >
> > After applying today's updates,
> >
> > [olivares@localhost ~]$ dmesg | grep 'avc'
> > type=1400 audit(1220475941.234:4): avc: denied {
> read write } for pid=613 comm="readahead"
> path="/dev/console" dev=tmpfs ino=410
> scontext=system_u:system_r:readahead_t:s0
> tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
> > type=1400 audit(1220475941.235:5): avc: denied {
> read write } for pid=613 comm="readahead"
> path="/dev/console" dev=tmpfs ino=410
> scontext=system_u:system_r:readahead_t:s0
> tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
> > type=1400 audit(1220475941.235:6): avc: denied {
> read write } for pid=613 comm="readahead"
> path="/dev/console" dev=tmpfs ino=410
> scontext=system_u:system_r:readahead_t:s0
> tcontext=system_ubject_r:tmpfs_t:s0 tclass=chr_file
> > type=1400 audit(1220475942.150:7): avc: denied {
> fowner } for pid=613 comm="readahead"
> capability=3 scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> > type=1400 audit(1220475942.150:8): avc: denied {
> fowner } for pid=613 comm="readahead"
> capability=3 scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> > type=1400 audit(1220475942.155:9): avc: denied {
> fowner } for pid=613 comm="readahead"
> capability=3 scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> > type=1400 audit(1220475942.651:10): avc: denied {
> fowner } for pid=613 comm="readahead"
> capability=3 scontext=system_u:system_r:readahead_t:s0
> tcontext=system_u:system_r:readahead_t:s0 tclass=capability
> > type=1400 audit(1220475968.477:11): avc: denied {
> write } for pid=1475 comm="ip6tables-resto"
> path="/0" dev=devpts ino=2
> scontext=system_u:system_r:iptables_t:s0
> tcontext=system_ubject_r:devpts_t:s0 tclass=chr_file
> > type=1400 audit(1220475969.949:12): avc: denied {
> write } for pid=1697 comm="ip"
> path="/0" dev=devpts ino=2
> scontext=system_u:system_r:ifconfig_t:s0
> tcontext=system_ubject_r:devpts_t:s0 tclass=chr_file
> > type=1400 audit(1220476005.919:13): avc: denied {
> search } for pid=1958 comm="pcscd"
> name="dbus" dev=dm-0 ino=3276848
> scontext=system_u:system_rcscd_t:s0
> tcontext=system_ubject_r:system_dbusd_var_run_t: s0
> tclass=dir
> > type=1400 audit(1220476026.870:14): avc: denied {
> search } for pid=2368 comm="python"
> name="hp" dev=dm-0 ino=28345940
> scontext=system_u:system_r:cupsd_config_t:s0
> tcontext=system_ubject_r:hplip_etc_t:s0 tclass=dir
> > type=1400 audit(1220476026.972:15): avc: denied {
> execute } for pid=2417 comm="gdm"
> name="rpm" dev=dm-0 ino=24117291
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
> > type=1400 audit(1220476026.973:16): avc: denied {
> getattr } for pid=2417 comm="gdm"
> path="/bin/rpm" dev=dm-0 ino=24117291
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
> > type=1400 audit(1220476026.973:17): avc: denied {
> getattr } for pid=2417 comm="gdm"
> path="/bin/rpm" dev=dm-0 ino=24117291
> scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
> tcontext=system_ubject_r:rpm_exec_t:s0 tclass=file
> > type=1400 audit(1220476028.580:18): avc: denied {
> search } for pid=2449 comm="python"
> name="hp" dev=dm-0 ino=28345940
> scontext=system_u:system_r:cupsd_config_t:s0
> tcontext=system_ubject_r:hplip_etc_t:s0 tclass=dir
> > [olivares@localhost ~]$
> > [olivares@localhost ~]$ uname -a
> > Linux localhost 2.6.27-0.297.rc5.git2.fc10.i686 #1 SMP
> Tue Sep 2 11:19:36 EDT 2008 i686 athlon i386 GNU/Linux
> >
> >
> >
> OK, so running "restorecon" on your home
> directory got rid of the
> pulse related AVCs.
>
> Are you booting/running in enforcing or permissive mode?
enforcing
>
> tom
> --
> Tom London

Thanks,

Antonio




--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 05:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org