Get these very early during boot up. I'm guessing we're trying to check the 'early root' and that this is harmless. If so,
dontaudit fsadm_t device_t:blk_file { getattr };
That sound right? tom
Sep 16 10:50:36 fedora kernel: ACPI: Sleep Button (CM) [FUTS] Sep 16 10:50:36 fedora kernel: audit(1095357002.303:0): avc: denied { getattr } for pid=1839 exe=/sbin/fsck.ext3 path=/dev/root dev=tmpfs ino=2028 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:device_t tclass=blk_file Sep 16 10:50:36 fedora kernel: EXT3 FS on hda2, internal journal Sep 16 10:50:36 fedora kernel: device-mapper: 4.1.0-ioctl (2003-12-10) initialised: dm@uk.sistina.com Sep 16 10:50:36 fedora kernel: audit(1095357004.327:0): avc: denied { getattr } for pid=2074 exe=/sbin/fsck.ext3 path=/dev/root dev=tmpfs ino=2028 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:device_t tclass=blk_file
On Fri, 17 Sep 2004 04:24, Tom London selinux@comcast.net wrote:
Get these very early during boot up. I'm guessing we're trying to check the 'early root' and that this is harmless. If so,
Sep 16 10:50:36 fedora kernel: ACPI: Sleep Button (CM) [FUTS] Sep 16 10:50:36 fedora kernel: audit(1095357002.303:0): avc: denied { getattr } for pid=1839 exe=/sbin/fsck.ext3 path=/dev/root dev=tmpfs ino=2028 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:device_t tclass=blk_file
Is this still happening with FC3T2 or the latest rawhide?
Still happening with latest Rawhide with Dan's latest (selinux-policy-strict-1.17.20-3)
tom
On Thu, 23 Sep 2004 03:33:29 +1000, Russell Coker russell@coker.com.au wrote:
On Fri, 17 Sep 2004 04:24, Tom London selinux@comcast.net wrote:
Get these very early during boot up. I'm guessing we're trying to check the 'early root' and that this is harmless. If so,
Sep 16 10:50:36 fedora kernel: ACPI: Sleep Button (CM) [FUTS] Sep 16 10:50:36 fedora kernel: audit(1095357002.303:0): avc: denied { getattr } for pid=1839 exe=/sbin/fsck.ext3 path=/dev/root dev=tmpfs ino=2028 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:device_t tclass=blk_file
Is this still happening with FC3T2 or the latest rawhide?
-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Fri, 24 Sep 2004 13:14, Tom London selinux@gmail.com wrote:
Still happening with latest Rawhide with Dan's latest (selinux-policy-strict-1.17.20-3)
This is bizarre, I can't reproduce it.
Could you please give us full details of your boot setup, the root device, that type of storage, and anything else that seems remotely relevant?
OK. I'll attach the boot log, grub.conf
Boot drive reports as: Hitachi IC35L060AVV207-0 : 40GB ATA 100 7200-RPM 3.5" 2MB
Here is my mtab: /dev/hda2 on / type ext3 (rw) none on /proc type proc (rw) none on /sys type sysfs (rw) none on /dev/pts type devpts (rw,gid=5,mode=620) usbfs on /proc/bus/usb type usbfs (rw) /dev/hda1 on /boot type ext3 (rw) none on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw) nfsd on /proc/fs/nfsd type nfsd (rw)
I notice that my initrd is dated 4 September. Is it possible that it was made with an 'older' mkinitrd that isn't 'doing the right thing'? I'll test this later today.
tom
On Fri, 24 Sep 2004 20:59:15 +1000, Russell Coker russell@coker.com.au wrote:
On Fri, 24 Sep 2004 13:14, Tom London selinux@gmail.com wrote:
Still happening with latest Rawhide with Dan's latest (selinux-policy-strict-1.17.20-3)
This is bizarre, I can't reproduce it.
Could you please give us full details of your boot setup, the root device, that type of storage, and anything else that seems remotely relevant?
-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
On Sat, 25 Sep 2004 01:50, Tom London selinux@gmail.com wrote:
Here is my mtab: /dev/hda2 on / type ext3 (rw)
I notice that my initrd is dated 4 September. Is it possible that it was made with an 'older' mkinitrd that isn't 'doing the right thing'? I'll test this later today.
Please test it with an initrd image made from the latest mkinitrd. If it still happens then I guess the reason why you see it and I don't would be because I use only LVM.
If you report that you still see it with the latest initrd then I'll find a spare machine for a non-LVM install to test.
OK. I made a new initrd using mkinitrd-4.1.12-1, rebooted, but the result is the same.
Sorry.... Anything else I can try? tom
Sep 24 20:57:26 fedora smartd: smartd startup succeeded Sep 24 20:57:26 fedora kernel: ACPI: Power Button (FF) [PWRF] Sep 24 20:57:26 fedora kernel: ACPI: Sleep Button (CM) [FUTS] Sep 24 20:57:26 fedora kernel: audit(1096084614.355:0): avc: denied { getattr } for pid=1585 exe=/sbin/fsck.ext3 path=/dev/root dev=tmpfs ino=1192 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:device_t tclass=blk_file Sep 24 20:57:26 fedora acpid: acpid startup succeeded Sep 24 20:57:26 fedora kernel: EXT3 FS on hda2, internal journal Sep 24 20:57:27 fedora kernel: device-mapper: 4.1.0-ioctl (2003-12-10) initialised: dm@uk.sistina.com Sep 24 20:57:27 fedora kernel: audit(1096084616.708:0): avc: denied { getattr } for pid=1820 exe=/sbin/fsck.ext3 path=/dev/root dev=tmpfs ino=1192 scontext=system_u:system_r:fsadm_t tcontext=system_u:object_r:device_t tclass=blk_file Sep 24 20:57:27 fedora kernel: kjournald starting. Commit interval 5 seconds Sep 24 20:57:27 fedora kernel: EXT3 FS on hda1, internal journal Sep 24 20:57:27 fedora kernel: EXT3-fs: mounted filesystem with ordered data mode.
On Sat, 25 Sep 2004 02:20:15 +1000, Russell Coker russell@coker.com.au wrote:
On Sat, 25 Sep 2004 01:50, Tom London selinux@gmail.com wrote:
Here is my mtab: /dev/hda2 on / type ext3 (rw)
I notice that my initrd is dated 4 September. Is it possible that it was made with an 'older' mkinitrd that isn't 'doing the right thing'? I'll test this later today.
Please test it with an initrd image made from the latest mkinitrd. If it still happens then I guess the reason why you see it and I don't would be because I use only LVM.
If you report that you still see it with the latest initrd then I'll find a spare machine for a non-LVM install to test.
-- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
On Sat, 25 Sep 2004 14:19, Tom London selinux@gmail.com wrote:
OK. I made a new initrd using mkinitrd-4.1.12-1, rebooted, but the result is the same.
Sorry.... Anything else I can try?
It seems that a device node /dev/root is created when you boot from a non-LVM device. This is probably a bug in the boot scripts which may tie in with the following bugzilla (about root= parameter being ignored in the case of LVM systems).
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133236
Anyway I have attached a policy patch that will work around the SE Linux aspects of this issue.
selinux@lists.fedoraproject.org
-
Russell Coker -
Tom London -
Tom London