FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-10-2008, 05:58 PM
Laurent Jacquot
 
Default loadkey avc denied

Hello,
Every time I reboot, I have those 9 AVCs in /var/log/messages:

Apr 3 19:18:35 jack kernel: audit(1207243095.907:4): avc: denied
{ sys_admin } for pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr 3 19:18:35 jack kernel: audit(1207243095.907:5): avc: denied
{ sys_admin } for pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr 3 19:18:35 jack kernel: audit(1207243095.907:6): avc: denied
{ sys_admin } for pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr 3 19:18:35 jack kernel: audit(1207243095.907:7): avc: denied
{ sys_admin } for pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr 3 19:18:35 jack kernel: audit(1207243095.907:8): avc: denied
{ sys_admin } for pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr 3 19:18:35 jack kernel: audit(1207243095.907:9): avc: denied
{ sys_admin } for pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr 3 19:18:35 jack kernel: audit(1207243095.907:10): avc: denied
{ sys_admin } for pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr 3 19:18:35 jack kernel: audit(1207243095.907:11): avc: denied
{ sys_admin } for pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
Apr 3 19:18:35 jack kernel: audit(1207243095.907:12): avc: denied
{ sys_admin } for pid=1707 comm="loadkeys" capability=21
scontext=system_u:system_r:loadkeys_t:s0
tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability

They are generated before audit runs.
What are they trying to tell me? Should I relabel something or bug it?

TIA
Laurent

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 04-10-2008, 08:00 PM
Daniel J Walsh
 
Default loadkey avc denied

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Laurent Jacquot wrote:
> Hello,
> Every time I reboot, I have those 9 AVCs in /var/log/messages:
>
> Apr 3 19:18:35 jack kernel: audit(1207243095.907:4): avc: denied
> { sys_admin } for pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr 3 19:18:35 jack kernel: audit(1207243095.907:5): avc: denied
> { sys_admin } for pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr 3 19:18:35 jack kernel: audit(1207243095.907:6): avc: denied
> { sys_admin } for pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr 3 19:18:35 jack kernel: audit(1207243095.907:7): avc: denied
> { sys_admin } for pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr 3 19:18:35 jack kernel: audit(1207243095.907:8): avc: denied
> { sys_admin } for pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr 3 19:18:35 jack kernel: audit(1207243095.907:9): avc: denied
> { sys_admin } for pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr 3 19:18:35 jack kernel: audit(1207243095.907:10): avc: denied
> { sys_admin } for pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr 3 19:18:35 jack kernel: audit(1207243095.907:11): avc: denied
> { sys_admin } for pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
> Apr 3 19:18:35 jack kernel: audit(1207243095.907:12): avc: denied
> { sys_admin } for pid=1707 comm="loadkeys" capability=21
> scontext=system_u:system_r:loadkeys_t:s0
> tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
>
> They are generated before audit runs.
> What are they trying to tell me? Should I relabel something or bug it?
>
> TIA
> Laurent
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This is saying loadkeys is requesting a sys_admin capability. I have no
idea why, and have never seen it before.

You can add this rule by executing

# dmesg | audit2allow -M myloadkeys
# semodule -i myloadkeys.pp

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEUEARECAAYFAkf+ccwACgkQrlYvE4MpobNDYQCY0lGhLJux23 bezHvmnWC9MUCJ
rwCg2H8EwY0V31A35UBXm++kumHRu4Y=
=/js5
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 10:24 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org