Hello, Every time I reboot, I have those 9 AVCs in /var/log/messages:
Apr 3 19:18:35 jack kernel: audit(1207243095.907:4): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:5): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:6): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:7): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:8): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:9): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:10): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:11): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:12): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
They are generated before audit runs. What are they trying to tell me? Should I relabel something or bug it?
TIA Laurent
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Laurent Jacquot wrote:
Hello, Every time I reboot, I have those 9 AVCs in /var/log/messages:
Apr 3 19:18:35 jack kernel: audit(1207243095.907:4): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:5): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:6): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:7): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:8): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:9): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:10): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:11): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability Apr 3 19:18:35 jack kernel: audit(1207243095.907:12): avc: denied { sys_admin } for pid=1707 comm="loadkeys" capability=21 scontext=system_u:system_r:loadkeys_t:s0 tcontext=system_u:system_r:loadkeys_t:s0 tclass=capability
They are generated before audit runs. What are they trying to tell me? Should I relabel something or bug it?
TIA Laurent
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This is saying loadkeys is requesting a sys_admin capability. I have no idea why, and have never seen it before.
You can add this rule by executing
# dmesg | audit2allow -M myloadkeys # semodule -i myloadkeys.pp
selinux@lists.fedoraproject.org