Hi all,
I have a laptop that I have installed rawhide on. For the last few days I have been getting the following avc messages:
Apr 21 11:38:36 bullwinkle kernel: audit(1114097912.824:0): avc: denied { sys_admin } for pid=1878 exe=/sbin/consoletype capability=21 scontext=user_u:system_r:dhcpc_t tcontext=user_u:system_r:dhcpc_t tclass=capability Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.047:0): avc: denied { sys_admin } for pid=1907 exe=/sbin/consoletype capability=21 scontext=user_u:system_r:dhcpc_t tcontext=user_u:system_r:dhcpc_t tclass=capability Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.302:0): avc: denied { rename } for pid=1952 exe=/bin/mv name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.305:0): avc: denied { append } for pid=1905 exe=/bin/bash name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.305:0): avc: denied { append } for pid=1905 exe=/bin/bash name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.311:0): avc: denied { append } for pid=1905 exe=/bin/bash name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.312:0): avc: denied { append } for pid=1905 exe=/bin/bash name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file Apr 21 11:38:36 bullwinkle last message repeated 2 times Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.495:0): avc: denied { sys_admin } for pid=1965 exe=/sbin/consoletype capability=21 scontext=user_u:system_r:dhcpc_t tcontext=user_u:system_r:dhcpc_t tclass=capability Apr 21 11:38:36 bullwinkle kernel: audit(1114097916.060:0): avc: denied { setsched } for pid=2048 exe=/sbin/auditd scontext=user_u:system_r:auditd_t tcontext=user_u:system_r:auditd_t tclass=process Apr 21 11:38:36 bullwinkle kernel: SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses genfs_contexts
Can someone if this should be in bugzilla or what to do to fix this?
(bullwinkle pts10) # rpm -qa | grep selinux selinux-policy-targeted-1.23.12-1 libselinux-1.23.7-2 libselinux-devel-1.23.7-2 (bullwinkle pts10) # rpm -qa | grep audit audit-libs-0.6.12-1 audit-0.6.12-1 (bullwinkle pts10) #
Regards,
Tom Diehl tdiehl@rogueind.com Spamtrap address mtd123@rogueind.com
Tom Diehl wrote:
Hi all,
I have a laptop that I have installed rawhide on. For the last few days I have been getting the following avc messages:
Apr 21 11:38:36 bullwinkle kernel: audit(1114097912.824:0): avc: denied { sys_admin } for pid=1878 exe=/sbin/consoletype capability=21 scontext=user_u:system_r:dhcpc_t tcontext=user_u:system_r:dhcpc_t tclass=capability Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.047:0): avc: denied { sys_admin } for pid=1907 exe=/sbin/consoletype capability=21 scontext=user_u:system_r:dhcpc_t tcontext=user_u:system_r:dhcpc_t tclass=capability Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.302:0): avc: denied { rename } for pid=1952 exe=/bin/mv name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.305:0): avc: denied { append } for pid=1905 exe=/bin/bash name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.305:0): avc: denied { append } for pid=1905 exe=/bin/bash name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.311:0): avc: denied { append } for pid=1905 exe=/bin/bash name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.312:0): avc: denied { append } for pid=1905 exe=/bin/bash name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file Apr 21 11:38:36 bullwinkle last message repeated 2 times Apr 21 11:38:36 bullwinkle kernel: audit(1114097914.495:0): avc: denied { sys_admin } for pid=1965 exe=/sbin/consoletype capability=21 scontext=user_u:system_r:dhcpc_t tcontext=user_u:system_r:dhcpc_t tclass=capability Apr 21 11:38:36 bullwinkle kernel: audit(1114097916.060:0): avc: denied { setsched } for pid=2048 exe=/sbin/auditd scontext=user_u:system_r:auditd_t tcontext=user_u:system_r:auditd_t tclass=process Apr 21 11:38:36 bullwinkle kernel: SELinux: initialized (dev rpc_pipefs, type rpc_pipefs), uses genfs_contexts
Can someone if this should be in bugzilla or what to do to fix this?
(bullwinkle pts10) # rpm -qa | grep selinux selinux-policy-targeted-1.23.12-1 libselinux-1.23.7-2 libselinux-devel-1.23.7-2 (bullwinkle pts10) # rpm -qa | grep audit audit-libs-0.6.12-1 audit-0.6.12-1 (bullwinkle pts10) #
Regards,
Tom Diehl tdiehl@rogueind.com Spamtrap address mtd123@rogueind.com
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Here is one that I filed.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155400
Regards,
Gary
On Friday 22 April 2005 04:27, Tom Diehl tdiehl@rogueind.com wrote:
kernel: audit(1114097914.302:0): avc: denied { rename } for pid=1952 exe=/bin/mv name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file
Your /etc/ntp.conf is mislabelled.
The others are minor errors, the machine should work fine even before we fix them.
On Sat, 23 Apr 2005, Russell Coker wrote:
On Friday 22 April 2005 04:27, Tom Diehl tdiehl@rogueind.com wrote:
kernel: audit(1114097914.302:0): avc: denied { rename } for pid=1952 exe=/bin/mv name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file
Your /etc/ntp.conf is mislabelled.
Is it normal to have to relabel individual files like this or is this indicative of something not being setup correctly at install time? This error appeared on the first boot after the install.
The others are minor errors, the machine should work fine even before we fix them.
The machine does in fact work fine. After the latest update from rawhide today, the messages are gone.
Thanks for the fixes.
Regards,
Tom Diehl tdiehl@rogueind.com Spamtrap address mtd123@rogueind.com
On Monday 25 April 2005 13:48, Tom Diehl tdiehl@rogueind.com wrote:
On Sat, 23 Apr 2005, Russell Coker wrote:
On Friday 22 April 2005 04:27, Tom Diehl tdiehl@rogueind.com wrote:
kernel: audit(1114097914.302:0): avc: denied { rename } for pid=1952 exe=/bin/mv name=ntp.conf dev=dm-0 ino=102686 scontext=user_u:system_r:dhcpc_t tcontext=user_u:object_r:etc_t tclass=file
Your /etc/ntp.conf is mislabelled.
Is it normal to have to relabel individual files like this or is this indicative of something not being setup correctly at install time? This error appeared on the first boot after the install.
Until fairly recently it has been "normal" as it has been expected. But of course this is not desired and we have been working hard to fix all such issues.
I have just done a test install of FC4T2 and the /etc/ntp.conf file had the correct context. If you can reproduce this then please tell me exactly what you have to do.
selinux@lists.fedoraproject.org