Running strict/enforcing off of latest Rawhide:
initrc runs hpoj which runs /usr/sbin/ptal-init which produces the following avc's.
[I tried changing the type of /usr/sbin/ptal-init to ptal_exec_t, but that didn't work ;-( ]
tom
Dec 2 06:45:39 fedora kernel: audit(1101998713.227:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series dev=hda2 ino=38214 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file Dec 2 06:45:39 fedora kernel: audit(1101998713.228:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series__1 dev=hda2 ino=38215 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file Dec 2 06:45:39 fedora kernel: audit(1101998713.228:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series__2 dev=hda2 ino=38216 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file Dec 2 06:45:39 fedora kernel: audit(1101998713.228:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series__3 dev=hda2 ino=38217 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file Dec 2 06:45:39 fedora kernel: audit(1101998713.228:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series__4 dev=hda2 ino=38218 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file Dec 2 06:45:39 fedora kernel: audit(1101998713.228:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series__5 dev=hda2 ino=38219 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file Dec 2 06:45:39 fedora kernel: audit(1101998713.228:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series__6 dev=hda2 ino=38220 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file Dec 2 06:45:39 fedora kernel: audit(1101998713.229:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series__7 dev=hda2 ino=38221 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file Dec 2 06:45:39 fedora kernel: audit(1101998713.229:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series__8 dev=hda2 ino=38222 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file Dec 2 06:45:39 fedora kernel: audit(1101998713.229:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series__9 dev=hda2 ino=38223 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file Dec 2 06:45:39 fedora kernel: audit(1101998739.288:0): avc: denied { rmdir } for pid=1980 exe=/bin/rm name=ptal-mlcd dev=hda2 ino=38157 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=dir
On Friday 03 December 2004 03:55, Tom London selinux@gmail.com wrote:
Running strict/enforcing off of latest Rawhide:
initrc runs hpoj which runs /usr/sbin/ptal-init which produces the following avc's.
[I tried changing the type of /usr/sbin/ptal-init to ptal_exec_t, but that didn't work ;-( ]
How did it not work?
Dec 2 06:45:39 fedora kernel: audit(1101998713.227:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series dev=hda2 ino=38214 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file
On Tue, 28 Dec 2004 01:10:31 +1100, Russell Coker russell@coker.com.au wrote:
On Friday 03 December 2004 03:55, Tom London selinux@gmail.com wrote:
Running strict/enforcing off of latest Rawhide:
initrc runs hpoj which runs /usr/sbin/ptal-init which produces the following avc's.
[I tried changing the type of /usr/sbin/ptal-init to ptal_exec_t, but that didn't work ;-( ]
How did it not work?
Dec 2 06:45:39 fedora kernel: audit(1101998713.227:0): avc: denied { unlink } for pid=1414 exe=/bin/rm name=mlc_usb_PSC_900_Series dev=hda2 ino=38214 scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:ptal_var_run_t tclass=fifo_file
-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Russell,
If I remember correctly, this caused many more AVCs for other things.....
The current policy has this working correctly.
tom
selinux@lists.fedoraproject.org