After upgrading a computer from FC2 to FC3, I decided to give SELinux a shot and used up2date to retrieve the rpm for selinux-policy-targeted and expected for all needed deps to be pulled in. The other dependent ackages did not get pulled in with this selection. I ended up having system messages not being accessable and also httpd being damened with errors. I supposed that there was an abnormality on my particular system. Within recent days, I have noted others experiencing similar failures on the fedora-list. I then decided that this might e a more common prblem than first expected.
Another Fedora user was asking questions regarding running fixfiles relabel. I noticed that I also did not have fixfiles installed.
After several failures trying to install selinux-policy-targeted-sources using up2date, I tried using yum and was able to get the needed dependent programs that contained fixfiles. After relabeling the system for targeted using fixfiles relabel at a command prompt, I decided to go one step further and fixfiles relabel with selinux-policy-strict-1.17.30-2 installed, which did not pull in fixfiles either when using up2date. Attached is the AVC messages containing 11/19/04 when I ended up changing targeted / enforcing jn order to get system logs to diagnose another problem and finding out that there were no logs from 10/4 until 11/19. Messages after 8:00 PM are avc errors after relabeling the filesystem and rebooting. After trying to start X in runlevel 3 using startx and experiencing a failure, I ran setenforce 0 and decided to at least attempt to convey useful information to help improve SELinux installations for systems that are upgraded from non-selinux to selinux complient systems.
Thanks,
Jim Cornette
Jim Cornette wrote:
After upgrading a computer from FC2 to FC3, I decided to give SELinux a shot and used up2date to retrieve the rpm for selinux-policy-targeted and expected for all needed deps to be pulled in. The other dependent ackages did not get pulled in with this selection. I ended up having system messages not being accessable and also httpd being damened with errors. I supposed that there was an abnormality on my particular system. Within recent days, I have noted others experiencing similar failures on the fedora-list. I then decided that this might e a more common prblem than first expected.
Another Fedora user was asking questions regarding running fixfiles relabel. I noticed that I also did not have fixfiles installed.
After several failures trying to install selinux-policy-targeted-sources using up2date, I tried using yum and was able to get the needed dependent programs that contained fixfiles. After relabeling the system for targeted using fixfiles relabel at a command prompt, I decided to go one step further and fixfiles relabel with selinux-policy-strict-1.17.30-2 installed, which did not pull in fixfiles either when using up2date. Attached is the AVC messages containing 11/19/04 when I ended up changing targeted / enforcing jn order to get system logs to diagnose another problem and finding out that there were no logs from 10/4 until 11/19. Messages after 8:00 PM are avc errors after relabeling the filesystem and rebooting. After trying to start X in runlevel 3 using startx and experiencing a failure, I ran setenforce 0 and decided to at least attempt to convey useful information to help improve SELinux installations for systems that are upgraded from non-selinux to selinux complient systems.
Thanks,
Jim Cornette
Oct 4 23:50:13 localhost kernel: audit(1096948213.231:0): avc: denied { append } for pid=2632 exe=/usr/sbin/httpd path=/var/log/httpd/error_log dev=hda3 ino=783426 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:32:18 localhost kernel: audit(1100907093.310:0): avc: denied { read write } for pid=606 exe=/sbin/minilogd name=console dev=tmpfs ino=930 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=chr_file Nov 19 23:32:18 localhost kernel: audit(1100907093.311:0): avc: denied { write } for pid=606 exe=/sbin/minilogd name=/ dev=tmpfs ino=929 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 19 23:32:18 localhost kernel: audit(1100907093.311:0): avc: denied { add_name } for pid=606 exe=/sbin/minilogd name=log scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 19 23:32:18 localhost kernel: audit(1100907093.311:0): avc: denied { create } for pid=606 exe=/sbin/minilogd name=log scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 19 23:32:18 localhost kernel: audit(1100907093.312:0): avc: denied { getattr } for pid=612 exe=/sbin/minilogd path=/dev/log dev=tmpfs ino=1789 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 19 23:32:18 localhost kernel: audit(1100907098.255:0): avc: denied { write } for pid=612 exe=/sbin/minilogd name=log dev=tmpfs ino=1789 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 19 23:32:18 localhost kernel: audit(1100907102.090:0): avc: denied { remove_name } for pid=1182 exe=/sbin/minilogd name=log dev=tmpfs ino=1789 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 19 23:32:18 localhost kernel: audit(1100907102.090:0): avc: denied { unlink } for pid=1182 exe=/sbin/minilogd name=log dev=tmpfs ino=1789 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 19 23:32:18 localhost kernel: audit(1100925136.741:0): avc: denied { read } for pid=2086 exe=/sbin/syslogd name=nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:32:18 localhost kernel: audit(1100925136.741:0): avc: denied { getattr } for pid=2086 exe=/sbin/syslogd path=/etc/nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:32:18 localhost kernel: audit(1100925136.756:0): avc: denied { append } for pid=2086 exe=/sbin/syslogd name=messages dev=hda3 ino=408316 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:32:18 localhost kernel: audit(1100925136.756:0): avc: denied { ioctl } for pid=2086 exe=/sbin/syslogd path=/var/log/messages dev=hda3 ino=408316 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:32:18 localhost kernel: audit(1100925136.763:0): avc: denied { setattr } for pid=2086 exe=/sbin/syslogd name=log dev=tmpfs ino=4973 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 19 23:32:18 localhost kernel: audit(1100925137.499:0): avc: denied { search } for pid=2117 exe=/sbin/portmap name=/ dev=hda3 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir Nov 19 23:32:18 localhost kernel: audit(1100925137.531:0): avc: denied { search } for pid=2118 exe=/sbin/portmap name=/ dev=tmpfs ino=929 scontext=user_u:system_r:portmap_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 19 23:32:18 localhost kernel: audit(1100925137.566:0): avc: denied { read } for pid=2118 exe=/sbin/portmap name=nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:32:18 localhost kernel: audit(1100925137.566:0): avc: denied { getattr } for pid=2118 exe=/sbin/portmap path=/etc/nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:32:28 localhost kernel: audit(1100925148.288:0): avc: denied { search } for pid=2450 exe=/usr/sbin/httpd name=/ dev=hda3 ino=2 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=dir Nov 19 23:32:28 localhost kernel: audit(1100925148.288:0): avc: denied { read } for pid=2450 exe=/usr/sbin/httpd name=libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:32:28 localhost kernel: audit(1100925148.289:0): avc: denied { getattr } for pid=2450 exe=/usr/sbin/httpd path=/lib/libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:32:28 localhost kernel: audit(1100925148.289:0): avc: denied { execute } for pid=2450 path=/lib/libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:32:28 localhost kernel: audit(1100925148.331:0): avc: denied { read } for pid=2450 exe=/usr/sbin/httpd name=libaprutil-0.so.0 dev=hda3 ino=103404 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=lnk_file Nov 19 23:32:29 localhost kernel: audit(1100925149.369:0): avc: denied { append } for pid=2450 exe=/usr/sbin/httpd name=error_log dev=hda3 ino=783426 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:33:32 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Nov 19 23:35:46 localhost kernel: audit(1100907302.257:0): avc: denied { read write } for pid=604 exe=/sbin/minilogd name=console dev=tmpfs ino=930 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=chr_file Nov 19 23:35:46 localhost kernel: audit(1100907302.258:0): avc: denied { write } for pid=604 exe=/sbin/minilogd name=/ dev=tmpfs ino=929 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 19 23:35:46 localhost kernel: audit(1100907302.258:0): avc: denied { add_name } for pid=604 exe=/sbin/minilogd name=log scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 19 23:35:46 localhost kernel: audit(1100907302.258:0): avc: denied { create } for pid=604 exe=/sbin/minilogd name=log scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 19 23:35:46 localhost kernel: audit(1100907302.259:0): avc: denied { getattr } for pid=607 exe=/sbin/minilogd path=/dev/log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 19 23:35:46 localhost kernel: audit(1100907307.244:0): avc: denied { write } for pid=607 exe=/sbin/minilogd name=log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 19 23:35:46 localhost kernel: audit(1100907311.038:0): avc: denied { remove_name } for pid=1180 exe=/sbin/minilogd name=log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 19 23:35:46 localhost kernel: audit(1100907311.039:0): avc: denied { unlink } for pid=1180 exe=/sbin/minilogd name=log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 19 23:35:46 localhost kernel: audit(1100925344.632:0): avc: denied { read } for pid=2084 exe=/sbin/syslogd name=nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:35:46 localhost kernel: audit(1100925344.632:0): avc: denied { getattr } for pid=2084 exe=/sbin/syslogd path=/etc/nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:35:46 localhost kernel: audit(1100925344.648:0): avc: denied { append } for pid=2084 exe=/sbin/syslogd name=messages dev=hda3 ino=408316 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:35:46 localhost kernel: audit(1100925344.648:0): avc: denied { ioctl } for pid=2084 exe=/sbin/syslogd path=/var/log/messages dev=hda3 ino=408316 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:35:46 localhost kernel: audit(1100925344.655:0): avc: denied { setattr } for pid=2084 exe=/sbin/syslogd name=log dev=tmpfs ino=4970 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 19 23:35:46 localhost kernel: audit(1100925345.248:0): avc: denied { search } for pid=2115 exe=/sbin/portmap name=/ dev=hda3 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir Nov 19 23:35:46 localhost kernel: audit(1100925345.280:0): avc: denied { search } for pid=2116 exe=/sbin/portmap name=/ dev=tmpfs ino=929 scontext=user_u:system_r:portmap_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 19 23:35:46 localhost kernel: audit(1100925345.291:0): avc: denied { read } for pid=2116 exe=/sbin/portmap name=nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:35:46 localhost kernel: audit(1100925345.291:0): avc: denied { getattr } for pid=2116 exe=/sbin/portmap path=/etc/nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:35:56 localhost kernel: audit(1100925356.180:0): avc: denied { search } for pid=2448 exe=/usr/sbin/httpd name=/ dev=hda3 ino=2 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=dir Nov 19 23:35:56 localhost kernel: audit(1100925356.180:0): avc: denied { read } for pid=2448 exe=/usr/sbin/httpd name=libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:35:56 localhost kernel: audit(1100925356.180:0): avc: denied { getattr } for pid=2448 exe=/usr/sbin/httpd path=/lib/libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:35:56 localhost kernel: audit(1100925356.181:0): avc: denied { execute } for pid=2448 path=/lib/libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 19 23:35:56 localhost kernel: audit(1100925356.237:0): avc: denied { read } for pid=2448 exe=/usr/sbin/httpd name=libaprutil-0.so.0 dev=hda3 ino=103404 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=lnk_file Nov 19 23:35:57 localhost kernel: audit(1100925357.204:0): avc: denied { append } for pid=2448 exe=/usr/sbin/httpd name=error_log dev=hda3 ino=783426 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 02:37:05 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Nov 20 07:23:08 localhost kernel: audit(1100935340.336:0): avc: denied { read write } for pid=604 exe=/sbin/minilogd name=console dev=tmpfs ino=930 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=chr_file Nov 20 07:23:08 localhost kernel: audit(1100935340.337:0): avc: denied { write } for pid=604 exe=/sbin/minilogd name=/ dev=tmpfs ino=929 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 07:23:08 localhost kernel: audit(1100935340.337:0): avc: denied { add_name } for pid=604 exe=/sbin/minilogd name=log scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 07:23:08 localhost kernel: audit(1100935340.337:0): avc: denied { create } for pid=604 exe=/sbin/minilogd name=log scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 07:23:08 localhost kernel: audit(1100935340.338:0): avc: denied { getattr } for pid=607 exe=/sbin/minilogd path=/dev/log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 07:23:08 localhost kernel: audit(1100935345.294:0): avc: denied { write } for pid=607 exe=/sbin/minilogd name=log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 07:23:08 localhost kernel: audit(1100935349.114:0): avc: denied { remove_name } for pid=1180 exe=/sbin/minilogd name=log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 07:23:08 localhost kernel: audit(1100935349.114:0): avc: denied { unlink } for pid=1180 exe=/sbin/minilogd name=log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 07:23:08 localhost kernel: audit(1100953386.843:0): avc: denied { read } for pid=2081 exe=/sbin/syslogd name=nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 07:23:08 localhost kernel: audit(1100953386.844:0): avc: denied { getattr } for pid=2081 exe=/sbin/syslogd path=/etc/nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 07:23:08 localhost kernel: audit(1100953386.858:0): avc: denied { append } for pid=2081 exe=/sbin/syslogd name=messages dev=hda3 ino=408316 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 07:23:08 localhost kernel: audit(1100953386.858:0): avc: denied { ioctl } for pid=2081 exe=/sbin/syslogd path=/var/log/messages dev=hda3 ino=408316 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 07:23:08 localhost kernel: audit(1100953386.865:0): avc: denied { setattr } for pid=2081 exe=/sbin/syslogd name=log dev=tmpfs ino=4961 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 07:23:08 localhost kernel: audit(1100953387.587:0): avc: denied { search } for pid=2112 exe=/sbin/portmap name=/ dev=hda3 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir Nov 20 07:23:08 localhost kernel: audit(1100953387.619:0): avc: denied { search } for pid=2113 exe=/sbin/portmap name=/ dev=tmpfs ino=929 scontext=user_u:system_r:portmap_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 07:23:08 localhost kernel: audit(1100953387.630:0): avc: denied { read } for pid=2113 exe=/sbin/portmap name=nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=file Nov 20 07:23:08 localhost kernel: audit(1100953387.630:0): avc: denied { getattr } for pid=2113 exe=/sbin/portmap path=/etc/nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=file Nov 20 07:23:17 localhost kernel: audit(1100953397.732:0): avc: denied { search } for pid=2445 exe=/usr/sbin/httpd name=/ dev=hda3 ino=2 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=dir Nov 20 07:23:17 localhost kernel: audit(1100953397.733:0): avc: denied { read } for pid=2445 exe=/usr/sbin/httpd name=libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 07:23:17 localhost kernel: audit(1100953397.733:0): avc: denied { getattr } for pid=2445 exe=/usr/sbin/httpd path=/lib/libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 07:23:17 localhost kernel: audit(1100953397.733:0): avc: denied { execute } for pid=2445 path=/lib/libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 07:23:17 localhost kernel: audit(1100953397.775:0): avc: denied { read } for pid=2445 exe=/usr/sbin/httpd name=libaprutil-0.so.0 dev=hda3 ino=103404 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=lnk_file Nov 20 07:23:18 localhost kernel: audit(1100953398.728:0): avc: denied { append } for pid=2445 exe=/usr/sbin/httpd name=error_log dev=hda3 ino=783426 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 07:23:47 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Nov 20 09:30:32 localhost kernel: audit(1100942986.311:0): avc: denied { read write } for pid=604 exe=/sbin/minilogd name=console dev=tmpfs ino=930 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=chr_file Nov 20 09:30:32 localhost kernel: audit(1100942986.311:0): avc: denied { write } for pid=604 exe=/sbin/minilogd name=/ dev=tmpfs ino=929 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 09:30:32 localhost kernel: audit(1100942986.311:0): avc: denied { add_name } for pid=604 exe=/sbin/minilogd name=log scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 09:30:32 localhost kernel: audit(1100942986.312:0): avc: denied { create } for pid=604 exe=/sbin/minilogd name=log scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 09:30:32 localhost kernel: audit(1100942986.312:0): avc: denied { getattr } for pid=607 exe=/sbin/minilogd path=/dev/log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 09:30:32 localhost kernel: audit(1100942991.282:0): avc: denied { write } for pid=607 exe=/sbin/minilogd name=log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 09:30:32 localhost kernel: audit(1100942995.091:0): avc: denied { remove_name } for pid=1180 exe=/sbin/minilogd name=log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 09:30:32 localhost kernel: audit(1100942995.091:0): avc: denied { unlink } for pid=1180 exe=/sbin/minilogd name=log dev=tmpfs ino=1785 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 09:30:32 localhost kernel: audit(1100961030.712:0): avc: denied { read } for pid=2081 exe=/sbin/syslogd name=nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 09:30:32 localhost kernel: audit(1100961030.713:0): avc: denied { getattr } for pid=2081 exe=/sbin/syslogd path=/etc/nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 09:30:32 localhost kernel: audit(1100961030.728:0): avc: denied { append } for pid=2081 exe=/sbin/syslogd name=messages dev=hda3 ino=408316 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 09:30:32 localhost kernel: audit(1100961030.728:0): avc: denied { ioctl } for pid=2081 exe=/sbin/syslogd path=/var/log/messages dev=hda3 ino=408316 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 09:30:32 localhost kernel: audit(1100961030.735:0): avc: denied { setattr } for pid=2081 exe=/sbin/syslogd name=log dev=tmpfs ino=4959 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 09:30:32 localhost kernel: audit(1100961031.842:0): avc: denied { search } for pid=2112 exe=/sbin/portmap name=/ dev=hda3 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir Nov 20 09:30:32 localhost kernel: audit(1100961031.860:0): avc: denied { search } for pid=2113 exe=/sbin/portmap name=/ dev=tmpfs ino=929 scontext=user_u:system_r:portmap_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 09:30:32 localhost kernel: audit(1100961031.872:0): avc: denied { read } for pid=2113 exe=/sbin/portmap name=nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=file Nov 20 09:30:32 localhost kernel: audit(1100961031.872:0): avc: denied { getattr } for pid=2113 exe=/sbin/portmap path=/etc/nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=file Nov 20 09:30:42 localhost kernel: audit(1100961042.630:0): avc: denied { search } for pid=2445 exe=/usr/sbin/httpd name=/ dev=hda3 ino=2 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=dir Nov 20 09:30:42 localhost kernel: audit(1100961042.631:0): avc: denied { read } for pid=2445 exe=/usr/sbin/httpd name=libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 09:30:42 localhost kernel: audit(1100961042.631:0): avc: denied { getattr } for pid=2445 exe=/usr/sbin/httpd path=/lib/libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 09:30:42 localhost kernel: audit(1100961042.631:0): avc: denied { execute } for pid=2445 path=/lib/libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 09:30:42 localhost kernel: audit(1100961042.673:0): avc: denied { read } for pid=2445 exe=/usr/sbin/httpd name=libaprutil-0.so.0 dev=hda3 ino=103404 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=lnk_file Nov 20 09:30:43 localhost kernel: audit(1100961043.683:0): avc: denied { append } for pid=2445 exe=/usr/sbin/httpd name=error_log dev=hda3 ino=783426 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 13:45:28 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Nov 20 15:49:58 localhost kernel: audit(1100965751.021:0): avc: denied { read write } for pid=606 exe=/sbin/minilogd name=console dev=tmpfs ino=930 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=chr_file Nov 20 15:49:58 localhost kernel: audit(1100965751.021:0): avc: denied { write } for pid=606 exe=/sbin/minilogd name=/ dev=tmpfs ino=929 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 15:49:58 localhost kernel: audit(1100965751.021:0): avc: denied { add_name } for pid=606 exe=/sbin/minilogd name=log scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 15:49:58 localhost kernel: audit(1100965751.021:0): avc: denied { create } for pid=606 exe=/sbin/minilogd name=log scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 15:49:58 localhost kernel: audit(1100965751.022:0): avc: denied { getattr } for pid=609 exe=/sbin/minilogd path=/dev/log dev=tmpfs ino=1788 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 15:49:58 localhost kernel: audit(1100965756.006:0): avc: denied { write } for pid=609 exe=/sbin/minilogd name=log dev=tmpfs ino=1788 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 15:49:58 localhost kernel: audit(1100965759.815:0): avc: denied { remove_name } for pid=1182 exe=/sbin/minilogd name=log dev=tmpfs ino=1788 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 15:49:58 localhost kernel: audit(1100965759.815:0): avc: denied { unlink } for pid=1182 exe=/sbin/minilogd name=log dev=tmpfs ino=1788 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 15:49:58 localhost kernel: audit(1100983796.690:0): avc: denied { read } for pid=1910 exe=/sbin/syslogd name=nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 15:49:58 localhost kernel: audit(1100983796.690:0): avc: denied { getattr } for pid=1910 exe=/sbin/syslogd path=/etc/nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 15:49:58 localhost kernel: audit(1100983796.706:0): avc: denied { append } for pid=1910 exe=/sbin/syslogd name=messages dev=hda3 ino=408316 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 15:49:58 localhost kernel: audit(1100983796.706:0): avc: denied { ioctl } for pid=1910 exe=/sbin/syslogd path=/var/log/messages dev=hda3 ino=408316 scontext=user_u:system_r:syslogd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 15:49:58 localhost kernel: audit(1100983796.713:0): avc: denied { setattr } for pid=1910 exe=/sbin/syslogd name=log dev=tmpfs ino=4583 scontext=user_u:system_r:syslogd_t tcontext=user_u:object_r:tmpfs_t tclass=sock_file Nov 20 15:49:58 localhost kernel: audit(1100983797.605:0): avc: denied { search } for pid=1941 exe=/sbin/portmap name=/ dev=hda3 ino=2 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=dir Nov 20 15:49:58 localhost kernel: audit(1100983797.638:0): avc: denied { search } for pid=1942 exe=/sbin/portmap name=/ dev=tmpfs ino=929 scontext=user_u:system_r:portmap_t tcontext=user_u:object_r:tmpfs_t tclass=dir Nov 20 15:49:58 localhost kernel: audit(1100983797.651:0): avc: denied { read } for pid=1942 exe=/sbin/portmap name=nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=file Nov 20 15:49:58 localhost kernel: audit(1100983797.651:0): avc: denied { getattr } for pid=1942 exe=/sbin/portmap path=/etc/nsswitch.conf dev=hda3 ino=554920 scontext=user_u:system_r:portmap_t tcontext=system_u:object_r:file_t tclass=file Nov 20 15:50:08 localhost kernel: audit(1100983808.337:0): avc: denied { search } for pid=2274 exe=/usr/sbin/httpd name=/ dev=hda3 ino=2 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=dir Nov 20 15:50:08 localhost kernel: audit(1100983808.337:0): avc: denied { read } for pid=2274 exe=/usr/sbin/httpd name=libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 15:50:08 localhost kernel: audit(1100983808.338:0): avc: denied { getattr } for pid=2274 exe=/usr/sbin/httpd path=/lib/libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 15:50:08 localhost kernel: audit(1100983808.338:0): avc: denied { execute } for pid=2274 path=/lib/libpcre.so.0.0.1 dev=hda3 ino=685883 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 15:50:08 localhost kernel: audit(1100983808.380:0): avc: denied { read } for pid=2274 exe=/usr/sbin/httpd name=libaprutil-0.so.0 dev=hda3 ino=103404 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=lnk_file Nov 20 15:50:09 localhost kernel: audit(1100983809.318:0): avc: denied { append } for pid=2274 exe=/usr/sbin/httpd name=error_log dev=hda3 ino=783426 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 16:31:25 localhost kernel: audit(1100986285.045:0): avc: granted { load_policy } for pid=3190 exe=/usr/sbin/load_policy scontext=root:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security Nov 20 16:36:23 localhost kernel: audit(1100986583.107:0): avc: granted { load_policy } for pid=3322 exe=/usr/sbin/load_policy scontext=root:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security Nov 20 16:37:17 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Nov 20 16:37:25 localhost kernel: audit(1100986645.478:0): avc: denied { search } for pid=2275 exe=/usr/sbin/httpd name=/ dev=hda3 ino=2 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=dir Nov 20 16:37:25 localhost kernel: audit(1100986645.515:0): avc: denied { append } for pid=2275 exe=/usr/sbin/httpd path=/var/log/httpd/error_log dev=hda3 ino=783426 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:file_t tclass=file Nov 20 16:53:12 localhost dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Nov 20 20:05:51 localhost kernel: audit(1100981107.146:0): avc: denied { ioctl } for pid=613 exe=/bin/bash path=/proc/ide/ide0/hda/media dev=proc ino=-268435122 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:proc_t tclass=file Nov 20 20:05:51 localhost kernel: audit(1100981107.350:0): avc: denied { ioctl } for pid=613 exe=/bin/bash path=/proc/ide/ide1/hdc/media dev=proc ino=-268435110 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:proc_t tclass=file Nov 20 20:05:51 localhost kernel: audit(1100999126.945:0): avc: denied { search } for pid=1576 exe=/sbin/alsactl name=root dev=hda3 ino=424321 scontext=system_u:system_r:udev_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 20 20:05:51 localhost kernel: audit(1100999126.955:0): avc: denied { search } for pid=1583 exe=/sbin/alsactl name=root dev=hda3 ino=424321 scontext=system_u:system_r:udev_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 20 20:05:51 localhost kernel: audit(1100999127.025:0): avc: denied { search } for pid=1588 exe=/sbin/alsactl name=root dev=hda3 ino=424321 scontext=system_u:system_r:udev_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 20 20:05:51 localhost kernel: audit(1100999144.634:0): avc: denied { read } for pid=1646 exe=/usr/sbin/cpuspeed name=mtab dev=hda3 ino=557677 scontext=system_u:system_r:cpuspeed_t tcontext=system_u:object_r:etc_runtime_t tclass=file Nov 20 20:05:51 localhost kernel: audit(1100999144.634:0): avc: denied { read } for pid=1646 exe=/usr/sbin/cpuspeed name=fstab dev=hda3 ino=555388 scontext=system_u:system_r:cpuspeed_t tcontext=system_u:object_r:etc_t tclass=file Nov 20 20:05:58 localhost kernel: audit(1100999158.170:0): avc: denied { search } for pid=2197 exe=/usr/sbin/clamd name=clamav dev=hda3 ino=473684 scontext=system_u:system_r:clamd_t tcontext=system_u:object_r:freshclam_log_t tclass=dir Nov 20 20:06:00 localhost kernel: audit(1100999160.614:0): avc: denied { fowner } for pid=2250 exe=/sbin/restorecon capability=3 scontext=system_u:system_r:restorecon_t tcontext=system_u:system_r:restorecon_t tclass=capability Nov 20 20:06:18 localhost kernel: audit(1100999178.145:0): avc: denied { getattr } for pid=2474 exe=/bin/mount path=/tos1 dev=hda3 ino=489601 scontext=system_u:system_r:mount_t tcontext=system_u:object_r:default_t tclass=dir Nov 20 20:06:20 localhost kernel: audit(1100999180.875:0): avc: denied { search } for pid=2456 exe=/usr/sbin/hald name=lib dev=hda3 ino=408002 scontext=system_u:system_r:hald_t tcontext=system_u:object_r:var_lib_t tclass=dir Nov 20 20:06:20 localhost kernel: audit(1100999180.876:0): avc: denied { search } for pid=2456 exe=/usr/sbin/hald name=lib dev=hda3 ino=408002 scontext=system_u:system_r:hald_t tcontext=system_u:object_r:var_lib_t tclass=dir Nov 20 20:06:20 localhost kernel: audit(1100999180.877:0): avc: denied { search } for pid=2456 exe=/usr/sbin/hald name=lib dev=hda3 ino=408002 scontext=system_u:system_r:hald_t tcontext=system_u:object_r:var_lib_t tclass=dir Nov 20 20:06:20 localhost kernel: audit(1100999180.877:0): avc: denied { search } for pid=2456 exe=/usr/sbin/hald name=lib dev=hda3 ino=408002 scontext=system_u:system_r:hald_t tcontext=system_u:object_r:var_lib_t tclass=dir Nov 20 20:14:21 localhost kernel: audit(1100999661.322:0): avc: denied { search } for pid=2959 exe=/usr/X11R6/bin/Xorg name=selinux dev=hda3 ino=603892 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:selinux_config_t tclass=dir Nov 20 20:14:21 localhost kernel: audit(1100999661.355:0): avc: denied { search } for pid=2959 exe=/usr/X11R6/bin/Xorg name=console dev=hda3 ino=408043 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:pam_var_console_t tclass=dir Nov 20 20:15:03 localhost kernel: audit(1100999703.350:0): avc: granted { setenforce } for pid=2961 exe=/usr/bin/setenforce scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security Nov 20 20:15:14 localhost kernel: audit(1100999714.269:0): avc: denied { search } for pid=2974 exe=/usr/X11R6/bin/Xorg name=selinux dev=hda3 ino=603892 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:selinux_config_t tclass=dir Nov 20 20:15:14 localhost kernel: audit(1100999714.269:0): avc: denied { read } for pid=2974 exe=/usr/X11R6/bin/Xorg name=config dev=hda3 ino=603908 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:selinux_config_t tclass=file Nov 20 20:15:14 localhost kernel: audit(1100999714.270:0): avc: denied { getattr } for pid=2974 exe=/usr/X11R6/bin/Xorg path=/etc/selinux/config dev=hda3 ino=603908 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:selinux_config_t tclass=file Nov 20 20:15:14 localhost kernel: audit(1100999714.277:0): avc: denied { search } for pid=2974 exe=/usr/X11R6/bin/Xorg name=console dev=hda3 ino=408043 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:pam_var_console_t tclass=dir Nov 20 20:15:22 localhost kernel: audit(1100999722.138:0): avc: denied { read } for pid=3050 exe=/usr/bin/ssh-agent name=config dev=hda3 ino=603908 scontext=user_u:user_r:user_ssh_agent_t tcontext=system_u:object_r:selinux_config_t tclass=file Nov 20 20:15:22 localhost kernel: audit(1100999722.139:0): avc: denied { getattr } for pid=3050 exe=/usr/bin/ssh-agent path=/etc/selinux/config dev=hda3 ino=603908 scontext=user_u:user_r:user_ssh_agent_t tcontext=system_u:object_r:selinux_config_t tclass=file Nov 20 20:15:32 localhost kernel: audit(1100999732.960:0): avc: denied { search } for pid=2974 exe=/usr/X11R6/bin/Xorg name=.gnome2 dev=hda3 ino=1338661 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:user_home_t tclass=dir Nov 20 20:15:32 localhost kernel: audit(1100999732.960:0): avc: denied { read } for pid=2974 exe=/usr/X11R6/bin/Xorg name=fonts.dir dev=hda3 ino=1338668 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:user_home_t tclass=file Nov 20 20:15:32 localhost kernel: audit(1100999732.960:0): avc: denied { getattr } for pid=2974 exe=/usr/X11R6/bin/Xorg path=/home/jim/.gnome2/share/cursor-fonts/fonts.dir dev=hda3 ino=1338668 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:user_home_t tclass=file Nov 20 20:15:41 localhost dbus: avc: received setenforce notice (enforcing=0) Nov 20 20:15:42 localhost kernel: audit(1100999742.244:0): avc: denied { use } for pid=3110 exe=/bin/mount path=/dev/tty2 dev=tmpfs ino=1864 scontext=user_u:user_r:user_mount_t tcontext=system_u:system_r:local_login_t tclass=fd Nov 20 20:16:54 localhost kernel: audit(1100999814.959:0): avc: denied { write } for pid=3156 exe=/usr/sbin/userhelper name=root dev=hda3 ino=424321 scontext=user_u:user_r:user_userhelper_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 20 20:16:54 localhost kernel: audit(1100999814.959:0): avc: denied { add_name } for pid=3156 exe=/usr/sbin/userhelper name=.xauthclDLiD scontext=user_u:user_r:user_userhelper_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 20 20:16:54 localhost kernel: audit(1100999814.959:0): avc: denied { create } for pid=3156 exe=/usr/sbin/userhelper name=.xauthclDLiD scontext=user_u:user_r:user_userhelper_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 20 20:16:55 localhost kernel: audit(1100999815.027:0): avc: denied { setattr } for pid=3156 exe=/usr/sbin/userhelper name=.xauthclDLiD dev=hda3 ino=391917 scontext=user_u:user_r:user_userhelper_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 20 20:16:55 localhost kernel: audit(1100999815.035:0): avc: denied { search } for pid=3158 exe=/usr/X11R6/bin/xauth name=root dev=hda3 ino=424321 scontext=user_u:user_r:user_xauth_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 20 20:16:55 localhost kernel: audit(1100999815.036:0): avc: denied { write } for pid=3158 exe=/usr/X11R6/bin/xauth name=root dev=hda3 ino=424321 scontext=user_u:user_r:user_xauth_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 20 20:16:55 localhost kernel: audit(1100999815.036:0): avc: denied { add_name } for pid=3158 exe=/usr/X11R6/bin/xauth name=.xauthclDLiD-c scontext=user_u:user_r:user_xauth_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 20 20:16:55 localhost kernel: audit(1100999815.036:0): avc: denied { create } for pid=3158 exe=/usr/X11R6/bin/xauth name=.xauthclDLiD-c scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 20 20:16:55 localhost kernel: audit(1100999815.037:0): avc: denied { link } for pid=3158 exe=/usr/X11R6/bin/xauth name=.xauthclDLiD-c dev=hda3 ino=391918 scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 20 20:16:55 localhost kernel: audit(1100999815.037:0): avc: denied { write } for pid=3158 exe=/usr/X11R6/bin/xauth name=.xauthclDLiD dev=hda3 ino=391917 scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 20 20:16:55 localhost kernel: audit(1100999815.038:0): avc: denied { read } for pid=3158 exe=/usr/X11R6/bin/xauth name=.xauthclDLiD dev=hda3 ino=391917 scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 20 20:16:55 localhost kernel: audit(1100999815.038:0): avc: denied { getattr } for pid=3158 exe=/usr/X11R6/bin/xauth path=/root/.xauthclDLiD dev=hda3 ino=391917 scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 20 20:16:55 localhost kernel: audit(1100999815.040:0): avc: denied { remove_name } for pid=3158 exe=/usr/X11R6/bin/xauth name=.xauthclDLiD dev=hda3 ino=391917 scontext=user_u:user_r:user_xauth_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 20 20:16:55 localhost kernel: audit(1100999815.040:0): avc: denied { unlink } for pid=3158 exe=/usr/X11R6/bin/xauth name=.xauthclDLiD dev=hda3 ino=391917 scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 20 20:16:56 localhost kernel: audit(1100999816.429:0): avc: denied { connectto } for pid=3159 exe=/usr/bin/python path=/tmp/.X11-unix/X0 scontext=root:sysadm_r:sysadm_t tcontext=user_u:user_r:user_xserver_t tclass=unix_stream_socket Nov 20 20:17:02 localhost kernel: audit(1100999822.827:0): avc: denied { unix_read unix_write } for pid=2974 exe=/usr/X11R6/bin/Xorg key=0 scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=shm Nov 20 20:17:02 localhost kernel: audit(1100999822.827:0): avc: denied { read write } for pid=2974 exe=/usr/X11R6/bin/Xorg key=0 scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=shm Nov 20 20:17:02 localhost kernel: audit(1100999822.827:0): avc: denied { use } for pid=2974 path=/SYSV00000000 (deleted) dev=tmpfs ino=557072 scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=fd Nov 20 20:17:02 localhost kernel: audit(1100999822.827:0): avc: denied { read write } for pid=2974 path=/SYSV00000000 (deleted) dev=tmpfs ino=557072 scontext=user_u:user_r:user_xserver_t tcontext=root:object_r:sysadm_tmpfs_t tclass=file Nov 20 20:17:02 localhost kernel: audit(1100999822.827:0): avc: denied { getattr associate } for pid=2974 exe=/usr/X11R6/bin/Xorg key=0 scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=shm
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
You need to install policycoreutils and relabel the file system.
Dan
Daniel J Walsh wrote:
Jim Cornette wrote:
After upgrading a computer from FC2 to FC3, I decided to give SELinux a shot and used up2date to retrieve the rpm for selinux-policy-targeted and expected for all needed deps to be pulled in. The other dependent ackages did not get pulled in with this selection. I ended up having system messages not being accessable and also httpd being damened with errors. I supposed that there was an abnormality on my particular system. Within recent days, I have noted others experiencing similar failures on the fedora-list. I then decided that this might e a more common prblem than first expected.
Another Fedora user was asking questions regarding running fixfiles relabel. I noticed that I also did not have fixfiles installed. <>
You need to install policycoreutils and relabel the file system.
Thanks Dan for the name of the rpm that is needed for fixfiles so relabeling can be performed. My main question is for those systems that are upgraded from non-selinux to systems where selinux is desired to be added. If one was to install selinux-policy-targeted via a repository installation, up2date in my case. I would expect the inclusion of other deps being pulled in. Selinux gives sort of a working system when using system-config-securitylevel to enable selinux via the gui. I am not too sure if this would introduce "dep hell" if having policycoreutils pulled in when selinux-policy for targeted or strict is pulled from a repo.
After relabeling my filesystem again in runlevel 1, I seem to get the same type of errors as experienced before. .mozilla related files seemed to be the major files that content was tried to be changed, when relabeling for strict. See attached avc for today. In order to bring up X, running setenforce 0 at a root shell was needed, in order to launch X successfully. If there is some lingering config file, either systemwide or hanging out in the per user directory that is blocking X, I don't know.
Thanks, Jim
Dan
Jim Cornette wrote:
Daniel J Walsh wrote:
Jim Cornette wrote:
After upgrading a computer from FC2 to FC3, I decided to give SELinux a shot and used up2date to retrieve the rpm for selinux-policy-targeted and expected for all needed deps to be pulled in. The other dependent ackages did not get pulled in with this selection. I ended up having system messages not being accessable and also httpd being damened with errors. I supposed that there was an abnormality on my particular system. Within recent days, I have noted others experiencing similar failures on the fedora-list. I then decided that this might e a more common prblem than first expected.
Another Fedora user was asking questions regarding running fixfiles relabel. I noticed that I also did not have fixfiles installed. <>
You need to install policycoreutils and relabel the file system.
Thanks Dan for the name of the rpm that is needed for fixfiles so relabeling can be performed. My main question is for those systems that are upgraded from non-selinux to systems where selinux is desired to be added. If one was to install selinux-policy-targeted via a repository installation, up2date in my case. I would expect the inclusion of other deps being pulled in. Selinux gives sort of a working system when using system-config-securitylevel to enable selinux via the gui. I am not too sure if this would introduce "dep hell" if having policycoreutils pulled in when selinux-policy for targeted or strict is pulled from a repo.
I have changed selinux-policy-targeted to require policycoreutils so it will be pulled in in the future. Secondly from the looks of it you are running strict policy. Please either run system-config-securitylevel and select targeted policy and reboot. (/.autorelabel) should be created and or you can edit /etc/selinux/config and change SELINUXTYPE=strict to SELINUXTYPE=targeted and touch /.autorelabel then reboot.
The init scripts will take care of relabeling.
After relabeling my filesystem again in runlevel 1, I seem to get the same type of errors as experienced before. .mozilla related files seemed to be the major files that content was tried to be changed, when relabeling for strict. See attached avc for today. In order to bring up X, running setenforce 0 at a root shell was needed, in order to launch X successfully. If there is some lingering config file, either systemwide or hanging out in the per user directory that is blocking X, I don't know.
The strict policy you are running 1.17.30 is way out of date. If you want to run strict policy you need to grab the one off of Rawhide or my people page and update and relabel. Upgrades from not SELinux boxes are not supported for SELinux for the simple reason that relabeling is required. So your machine ended up in a rather strange state.
Thanks, Jim
Dan
Nov 21 00:29:59 localhost kernel: <3>audit(1101014999.006:0): avc: denied { remove_name } for pid=3156 exe=/usr/sbin/userhelper name=.xauthclDLiD dev=hda3 ino=391919 scontext=user_u:user_r:user_userhelper_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 21 00:29:59 localhost kernel: audit(1101014999.006:0): avc: denied { unlink } for pid=3156 exe=/usr/sbin/userhelper name=.xauthclDLiD dev=hda3 ino=391919 scontext=user_u:user_r:user_userhelper_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 21 00:30:05 localhost kernel: audit(1101015005.924:0): avc: denied { search } for pid=3032 exe=/usr/bin/gnome-session name=console dev=hda3 ino=408043 scontext=user_u:user_r:user_t tcontext=system_u:object_r:pam_var_console_t tclass=dir Nov 21 00:30:33 localhost kernel: audit(1101015033.363:0): avc: denied { write } for pid=2973 exe=/usr/X11R6/bin/xinit path=/dev/tty2 dev=tmpfs ino=1864 scontext=user_u:user_r:user_t tcontext=system_u:object_r:tty_device_t tclass=chr_file Nov 21 00:30:35 localhost dbus: avc: 7 AV entries and 6/512 buckets used, longest chain length 2 Nov 21 08:00:19 localhost kernel: audit(1101023972.861:0): avc: denied { ioctl } for pid=613 exe=/bin/bash path=/proc/ide/ide0/hda/media dev=proc ino=-268435122 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:proc_t tclass=file Nov 21 08:00:19 localhost kernel: audit(1101023973.069:0): avc: denied { ioctl } for pid=613 exe=/bin/bash path=/proc/ide/ide1/hdc/media dev=proc ino=-268435110 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:proc_t tclass=file Nov 21 08:00:19 localhost kernel: audit(1101041993.110:0): avc: denied { search } for pid=1583 exe=/sbin/alsactl name=root dev=hda3 ino=424321 scontext=system_u:system_r:udev_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 21 08:00:19 localhost kernel: audit(1101041993.180:0): avc: denied { search } for pid=1580 exe=/sbin/alsactl name=root dev=hda3 ino=424321 scontext=system_u:system_r:udev_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 21 08:00:19 localhost kernel: audit(1101041993.191:0): avc: denied { search } for pid=1577 exe=/sbin/alsactl name=root dev=hda3 ino=424321 scontext=system_u:system_r:udev_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 21 08:00:19 localhost kernel: audit(1101042010.642:0): avc: denied { read } for pid=1646 exe=/usr/sbin/cpuspeed name=mtab dev=hda3 ino=557700 scontext=system_u:system_r:cpuspeed_t tcontext=system_u:object_r:etc_runtime_t tclass=file Nov 21 08:00:19 localhost kernel: audit(1101042010.642:0): avc: denied { read } for pid=1646 exe=/usr/sbin/cpuspeed name=fstab dev=hda3 ino=555388 scontext=system_u:system_r:cpuspeed_t tcontext=system_u:object_r:etc_t tclass=file Nov 21 08:00:25 localhost kernel: audit(1101042025.563:0): avc: denied { search } for pid=2197 exe=/usr/sbin/clamd name=clamav dev=hda3 ino=473684 scontext=system_u:system_r:clamd_t tcontext=system_u:object_r:freshclam_log_t tclass=dir Nov 21 08:00:27 localhost kernel: audit(1101042027.875:0): avc: denied { fowner } for pid=2250 exe=/sbin/restorecon capability=3 scontext=system_u:system_r:restorecon_t tcontext=system_u:system_r:restorecon_t tclass=capability Nov 21 08:00:35 localhost kernel: audit(1101042035.247:0): avc: denied { getattr } for pid=2406 exe=/bin/mount path=/tos1 dev=hda3 ino=489601 scontext=system_u:system_r:mount_t tcontext=system_u:object_r:default_t tclass=dir Nov 21 08:00:38 localhost kernel: audit(1101042038.076:0): avc: denied { search } for pid=2388 exe=/usr/sbin/hald name=lib dev=hda3 ino=408002 scontext=system_u:system_r:hald_t tcontext=system_u:object_r:var_lib_t tclass=dir Nov 21 08:00:38 localhost kernel: audit(1101042038.076:0): avc: denied { search } for pid=2388 exe=/usr/sbin/hald name=lib dev=hda3 ino=408002 scontext=system_u:system_r:hald_t tcontext=system_u:object_r:var_lib_t tclass=dir Nov 21 08:00:38 localhost kernel: audit(1101042038.077:0): avc: denied { search } for pid=2388 exe=/usr/sbin/hald name=lib dev=hda3 ino=408002 scontext=system_u:system_r:hald_t tcontext=system_u:object_r:var_lib_t tclass=dir Nov 21 08:04:09 localhost kernel: audit(1101042249.690:0): avc: denied { search } for pid=2894 exe=/usr/X11R6/bin/Xorg name=selinux dev=hda3 ino=603892 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:selinux_config_t tclass=dir Nov 21 08:04:09 localhost kernel: audit(1101042249.731:0): avc: denied { search } for pid=2894 exe=/usr/X11R6/bin/Xorg name=console dev=hda3 ino=408043 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:pam_var_console_t tclass=dir Nov 21 08:04:51 localhost kernel: audit(1101042291.658:0): avc: granted { setenforce } for pid=2896 exe=/usr/bin/setenforce scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security Nov 21 08:05:08 localhost kernel: audit(1101042308.913:0): avc: denied { search } for pid=2910 exe=/usr/X11R6/bin/Xorg name=selinux dev=hda3 ino=603892 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:selinux_config_t tclass=dir Nov 21 08:05:08 localhost kernel: audit(1101042308.913:0): avc: denied { read } for pid=2910 exe=/usr/X11R6/bin/Xorg name=config dev=hda3 ino=603908 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:selinux_config_t tclass=file Nov 21 08:05:08 localhost kernel: audit(1101042308.914:0): avc: denied { getattr } for pid=2910 exe=/usr/X11R6/bin/Xorg path=/etc/selinux/config dev=hda3 ino=603908 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:selinux_config_t tclass=file Nov 21 08:05:08 localhost kernel: audit(1101042308.922:0): avc: denied { search } for pid=2910 exe=/usr/X11R6/bin/Xorg name=console dev=hda3 ino=408043 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:pam_var_console_t tclass=dir Nov 21 08:05:17 localhost kernel: audit(1101042317.967:0): avc: denied { read } for pid=2986 exe=/usr/bin/ssh-agent name=config dev=hda3 ino=603908 scontext=user_u:user_r:user_ssh_agent_t tcontext=system_u:object_r:selinux_config_t tclass=file Nov 21 08:05:17 localhost kernel: audit(1101042317.968:0): avc: denied { getattr } for pid=2986 exe=/usr/bin/ssh-agent path=/etc/selinux/config dev=hda3 ino=603908 scontext=user_u:user_r:user_ssh_agent_t tcontext=system_u:object_r:selinux_config_t tclass=file Nov 21 08:05:28 localhost kernel: audit(1101042328.992:0): avc: denied { search } for pid=2910 exe=/usr/X11R6/bin/Xorg name=.gnome2 dev=hda3 ino=1338661 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:user_home_t tclass=dir Nov 21 08:05:28 localhost kernel: audit(1101042328.992:0): avc: denied { read } for pid=2910 exe=/usr/X11R6/bin/Xorg name=fonts.dir dev=hda3 ino=1338668 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:user_home_t tclass=file Nov 21 08:05:28 localhost kernel: audit(1101042328.992:0): avc: denied { getattr } for pid=2910 exe=/usr/X11R6/bin/Xorg path=/home/jim/.gnome2/share/cursor-fonts/fonts.dir dev=hda3 ino=1338668 scontext=user_u:user_r:user_xserver_t tcontext=system_u:object_r:user_home_t tclass=file Nov 21 08:05:38 localhost dbus: avc: received setenforce notice (enforcing=0) Nov 21 08:05:38 localhost kernel: audit(1101042338.848:0): avc: denied { use } for pid=3046 exe=/bin/mount path=/dev/tty2 dev=tmpfs ino=1864 scontext=user_u:user_r:user_mount_t tcontext=system_u:system_r:local_login_t tclass=fd Nov 21 08:09:29 localhost kernel: audit(1101042569.604:0): avc: denied { write } for pid=3093 exe=/usr/sbin/userhelper name=root dev=hda3 ino=424321 scontext=user_u:user_r:user_userhelper_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 21 08:09:29 localhost kernel: audit(1101042569.604:0): avc: denied { add_name } for pid=3093 exe=/usr/sbin/userhelper name=.xauthDMglgN scontext=user_u:user_r:user_userhelper_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 21 08:09:29 localhost kernel: audit(1101042569.604:0): avc: denied { create } for pid=3093 exe=/usr/sbin/userhelper name=.xauthDMglgN scontext=user_u:user_r:user_userhelper_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 21 08:09:29 localhost kernel: audit(1101042569.630:0): avc: denied { setattr } for pid=3093 exe=/usr/sbin/userhelper name=.xauthDMglgN dev=hda3 ino=424711 scontext=user_u:user_r:user_userhelper_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 21 08:09:29 localhost kernel: audit(1101042569.641:0): avc: denied { search } for pid=3095 exe=/usr/X11R6/bin/xauth name=root dev=hda3 ino=424321 scontext=user_u:user_r:user_xauth_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 21 08:09:29 localhost kernel: audit(1101042569.642:0): avc: denied { write } for pid=3095 exe=/usr/X11R6/bin/xauth name=root dev=hda3 ino=424321 scontext=user_u:user_r:user_xauth_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 21 08:09:29 localhost kernel: audit(1101042569.642:0): avc: denied { add_name } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN-c scontext=user_u:user_r:user_xauth_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 21 08:09:29 localhost kernel: audit(1101042569.642:0): avc: denied { create } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN-c scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 21 08:09:29 localhost kernel: audit(1101042569.655:0): avc: denied { link } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN-c dev=hda3 ino=425338 scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 21 08:09:29 localhost kernel: audit(1101042569.656:0): avc: denied { write } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN dev=hda3 ino=424711 scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 21 08:09:29 localhost kernel: audit(1101042569.657:0): avc: denied { read } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN dev=hda3 ino=424711 scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 21 08:09:29 localhost kernel: audit(1101042569.657:0): avc: denied { getattr } for pid=3095 exe=/usr/X11R6/bin/xauth path=/root/.xauthDMglgN dev=hda3 ino=424711 scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 21 08:09:29 localhost kernel: audit(1101042569.660:0): avc: denied { remove_name } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN dev=hda3 ino=424711 scontext=user_u:user_r:user_xauth_t tcontext=root:object_r:staff_home_dir_t tclass=dir Nov 21 08:09:29 localhost kernel: audit(1101042569.660:0): avc: denied { unlink } for pid=3095 exe=/usr/X11R6/bin/xauth name=.xauthDMglgN dev=hda3 ino=424711 scontext=user_u:user_r:user_xauth_t tcontext=user_u:object_r:staff_home_dir_t tclass=file Nov 21 08:09:30 localhost kernel: audit(1101042570.492:0): avc: denied { connectto } for pid=3096 exe=/usr/bin/python path=/tmp/.X11-unix/X0 scontext=root:sysadm_r:sysadm_t tcontext=user_u:user_r:user_xserver_t tclass=unix_stream_socket Nov 21 08:09:35 localhost kernel: audit(1101042575.295:0): avc: denied { unix_read unix_write } for pid=2910 exe=/usr/X11R6/bin/Xorg key=0 scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=shm Nov 21 08:09:35 localhost kernel: audit(1101042575.295:0): avc: denied { read write } for pid=2910 exe=/usr/X11R6/bin/Xorg key=0 scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=shm Nov 21 08:09:35 localhost kernel: audit(1101042575.295:0): avc: denied { use } for pid=2910 path=/SYSV00000000 (deleted) dev=tmpfs ino=557072 scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=fd Nov 21 08:09:35 localhost kernel: audit(1101042575.295:0): avc: denied { read write } for pid=2910 path=/SYSV00000000 (deleted) dev=tmpfs ino=557072 scontext=user_u:user_r:user_xserver_t tcontext=root:object_r:sysadm_tmpfs_t tclass=file Nov 21 08:09:35 localhost kernel: audit(1101042575.295:0): avc: denied { getattr associate } for pid=2910 exe=/usr/X11R6/bin/Xorg key=0 scontext=user_u:user_r:user_xserver_t tcontext=root:sysadm_r:sysadm_t tclass=shm
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Daniel J Walsh wrote:
Selinux gives sort of a working system when using system-config-securitylevel to enable selinux via the gui.(without policycoreutils being installed) I am not too sure if this would introduce "dep hell" if having policycoreutils pulled in when selinux-policy for targeted or strict is pulled from a repo.
I have changed selinux-policy-targeted to require policycoreutils so it will be pulled in in the future. Secondly from the looks of it you are running strict policy. Please either run system-config-securitylevel and select targeted policy and reboot. (/.autorelabel) should be created and or you can edit /etc/selinux/config and change SELINUXTYPE=strict to SELINUXTYPE=targeted and touch /.autorelabel then reboot.
The init scripts will take care of relabeling.
Thanks for pulling in this package when installing selinux-policy-targeted. This sounds like it will help reduce the problem with httpd and system logs not being written when installing the policy and activating selinux. I changed to targeted using system-config-securitylevel and I liked the warning that the system would relabel on next boot. Also, on the system when rebooted, I liked the warning that relabeling might take some time. Checking the log for avc errors after the system was relabled shows no avc errors.
I'll keep in mind that strict policy is more current within rawhide. I was not aware that the strict policy within FC3 would not be current. Since FC3 was setup for targeted policy as default, I'll stay clear of strict policy for awhile.
After relabeling my filesystem again in runlevel 1, I seem to get the same type of errors as experienced before. .mozilla related files seemed to be the major files that content was tried to be changed, when relabeling for strict. See attached avc for today. In order to bring up X, running setenforce 0 at a root shell was needed, in order to launch X successfully. If there is some lingering config file, either systemwide or hanging out in the per user directory that is blocking X, I don't know.
The strict policy you are running 1.17.30 is way out of date. If you want to run strict policy you need to grab the one off of Rawhide or my people page and update and relabel. Upgrades from not SELinux boxes are not supported for SELinux for the simple reason that relabeling is required. So your machine ended up in a rather strange state.
I have another computer with rawhide repositories. I'll try strict on this system later on down the road. Rawhide was a little bit mongrelized on the day after FC3 came out. In a week, it might be a little more in tune. Regarding the need for relabeling being a roadblock for non-selinux systems. It might allow the system to choose this at either anaconda for install, but not activate selinux until either questions at firstboot or when selecting policy from s-c-securitylevel.
Thanks for the helpful information.
Jim
Dan
selinux@lists.fedoraproject.org