Stephen Smalley wrote:
On Wed, 2006-03-15 at 19:08 +0200, Maxim Britov wrote:
I have installed current fc5 by http about week or two ago. It updated from rawhide. It currently installed on hda2 and it ran from qemu.
I see many avc denied messages in dmesg (repeated 210 times with different pids): audit(1142439027.188:2): avc: denied { search } for pid=349 comm="pam_console_app" name="var" dev=hda2 ino=210081 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir hda2 here is /
Hmmm.../var should be labeled with system_u:object_r:var_t, not file_t. Need to relabel?
I'm seeing these too. My /var is on a separate partition. Could this be the cause of the problem?
Mar 31 20:04:18 random kernel: audit(1143831757.360:451): avc: denied { search } for pid=1384 comm="pam_console_app" name="var" dev=hde3 ino=62785 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir Mar 31 20:04:18 random kernel: EXT3 FS on hde3, internal journal Mar 31 20:04:18 random kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs Mar 31 20:04:18 random kernel: kjournald starting. Commit interval 5 seconds Mar 31 20:04:18 random kernel: EXT3 FS on hde8, internal journal Mar 31 20:04:18 random kernel: EXT3-fs: mounted filesystem with ordered data mode. Mar 31 20:04:18 random kernel: SELinux: initialized (dev hde8, type ext3), uses xattr
# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/hde3 972564 353452 568912 39% / /dev/hde8 972532 290180 632152 32% /var # ls -Zd /var drwxr-xr-x root root system_u:object_r:var_t /var # ls -id /var 2 /var
Ron
Ron Yorston wrote:
Stephen Smalley wrote:
On Wed, 2006-03-15 at 19:08 +0200, Maxim Britov wrote:
I have installed current fc5 by http about week or two ago. It updated from rawhide. It currently installed on hda2 and it ran from qemu.
I see many avc denied messages in dmesg (repeated 210 times with different pids): audit(1142439027.188:2): avc: denied { search } for pid=349 comm="pam_console_app" name="var" dev=hda2 ino=210081 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir hda2 here is /
Hmmm.../var should be labeled with system_u:object_r:var_t, not file_t. Need to relabel?
I'm seeing these too. My /var is on a separate partition. Could this be the cause of the problem?
Mar 31 20:04:18 random kernel: audit(1143831757.360:451): avc: denied { search } for pid=1384 comm="pam_console_app" name="var" dev=hde3 ino=62785 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir Mar 31 20:04:18 random kernel: EXT3 FS on hde3, internal journal Mar 31 20:04:18 random kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs Mar 31 20:04:18 random kernel: kjournald starting. Commit interval 5 seconds Mar 31 20:04:18 random kernel: EXT3 FS on hde8, internal journal Mar 31 20:04:18 random kernel: EXT3-fs: mounted filesystem with ordered data mode. Mar 31 20:04:18 random kernel: SELinux: initialized (dev hde8, type ext3), uses xattr
# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/hde3 972564 353452 568912 39% / /dev/hde8 972532 290180 632152 32% /var # ls -Zd /var drwxr-xr-x root root system_u:object_r:var_t /var # ls -id /var 2 /var
Ron
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
What happens when you
restorecon -R -v /var
Hmmm.../var should be labeled with system_u:object_r:var_t, not file_t. Need to relabel?
I'm seeing these too. My /var is on a separate partition. Could this be the cause of the problem?
Mar 31 20:04:18 random kernel: audit(1143831757.360:451): avc: denied { search } for pid=1384 comm="pam_console_app" name="var" dev=hde3 ino=62785 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir Mar 31 20:04:18 random kernel: EXT3 FS on hde3, internal journal Mar 31 20:04:18 random kernel: SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs Mar 31 20:04:18 random kernel: kjournald starting. Commit interval 5 seconds Mar 31 20:04:18 random kernel: EXT3 FS on hde8, internal journal Mar 31 20:04:18 random kernel: EXT3-fs: mounted filesystem with ordered data mode. Mar 31 20:04:18 random kernel: SELinux: initialized (dev hde8, type ext3), uses xattr
What happens when you restorecon -R -v /var
autorelabel works after /var mounted, but that error messages put before mount /var. And /var on root partiotion still unlabeled. IMHO it is installer or filesystem package bug.
selinux@lists.fedoraproject.org