On Wed, Feb 4, 2009 at 10:46 AM, Antonio Olivares olivares14031@yahoo.com wrote:
--- On Wed, 2/4/09, Dominick Grift domg472@gmail.com wrote:
From: Dominick Grift domg472@gmail.com Subject: Re: on machine with CPU -> 100%, lots of avc's To: olivares14031@yahoo.com Cc: fedora-selinux-list@redhat.com, fedora-test-list@redhat.com Date: Wednesday, February 4, 2009, 9:33 AM Op woensdag 04-02-2009 om 08:39 uur [tijdzone -0800], schreef Antonio Olivares:
setroubleshooter does not kick in and I find these via
dmesg.
Thanks for help/advice provided.
Do you not have auditd enabled? Usually the avc denials are in /var/log/audit/audit.log
The avc denials are (most likely) due to missing policy. You can pipe them into the input stream of audit2why to confirm this.
--
I wonder what is wrong auditd is not running :(, it is enabled via services, but it is not working:
[olivares@localhost ~]$ su - Password: [root@localhost ~]# chkconfig auditd --list auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@localhost ~]# service auditd status auditd is stopped [root@localhost ~]#
Thanks,
Antonio
Running "audit2allow -al" on a system booted with "enforcing=0" yields:
[root@tlondon ~]# audit2allow -al
#============= devicekit_power_t ============== allow devicekit_power_t NetworkManager_t:dir search; allow devicekit_power_t NetworkManager_t:file { read getattr open }; allow devicekit_power_t audisp_t:dir search; allow devicekit_power_t audisp_t:file { read getattr open }; allow devicekit_power_t auditd_t:dir search; allow devicekit_power_t auditd_t:file { read getattr open }; allow devicekit_power_t avahi_t:dir search; allow devicekit_power_t avahi_t:file { read getattr open }; allow devicekit_power_t crond_t:dir search; allow devicekit_power_t crond_t:file { read getattr open }; allow devicekit_power_t cupsd_t:dir search; allow devicekit_power_t cupsd_t:file { read getattr open }; allow devicekit_power_t dhcpc_t:dir search; allow devicekit_power_t dhcpc_t:file { read getattr open }; allow devicekit_power_t hald_t:dir search; allow devicekit_power_t hald_t:file { read getattr open }; allow devicekit_power_t kernel_t:dir search; allow devicekit_power_t kernel_t:file { read getattr open }; allow devicekit_power_t kerneloops_t:dir search; allow devicekit_power_t kerneloops_t:file { read getattr open }; allow devicekit_power_t nscd_t:dir search; allow devicekit_power_t nscd_t:file { read getattr open }; allow devicekit_power_t ntpd_t:dir search; allow devicekit_power_t ntpd_t:file { read getattr open }; allow devicekit_power_t proc_t:file { write read getattr open }; allow devicekit_power_t rpcbind_t:dir search; allow devicekit_power_t rpcbind_t:file { read getattr open }; allow devicekit_power_t rpm_t:dir search; allow devicekit_power_t rpm_t:file { read getattr open }; allow devicekit_power_t sendmail_t:dir search; allow devicekit_power_t sendmail_t:file { read getattr open }; allow devicekit_power_t unconfined_dbusd_t:dir search; allow devicekit_power_t unconfined_dbusd_t:file { read getattr open }; allow devicekit_power_t xdm_t:dir search; allow devicekit_power_t xdm_t:file { read getattr open }; allow devicekit_power_t xserver_t:dir search; allow devicekit_power_t xserver_t:file { read getattr open };
#============= devicekit_t ============== allow devicekit_t udev_tbl_t:file { read getattr open }; [root@tlondon ~]#
tom
[BTW, SELinux/permissive mode appears to have no impact on the Xorg issue. Still at >90%....]