selinux April 2004

selinux@lists.fedoraproject.org

84 participants
96 discussions

SELinux issues
by jacob 22 Apr '04

22 Apr '04

Some SELinux issues I've been experiencing when running in enforcing mode: * Only my own user processes show up in top/gnome-system-monitor/ps aux, no root or other users processes are visible. * /lib/modules is marked with '?--------- ? ? ? ? modules' for me as normal user, I can't even cd into it. Looks ok as root though. * Normal user can't mount cdrom, only root can. * fam & nautilus are the ones spewing out the most avc messages in dmesg. Running latest rawhide as of 2004/04/19 policy : 1.11.2-9 libselinux : 1.11.1-1 /Jacob

6 6

SELinux and Palm devices (with avc messages)
by Dax Kelson 22 Apr '04

22 Apr '04

This has been on my ToDo list for awhile, here goes. I have a Treo 600 (finally, a converged device done right) Palm OS 5.2 pda, cell phone, OGG/MP3/WMA player, mobile email, and mobile ssh client. When I plug it in, it shows up at /dev/usb/ttyUSB1 Many of the binaries from the pilot-link package want to read and write to that character device file. For sure the pilot-xfer utility. For example, audit(1082445673.351:0): avc: denied { read write } for pid=3647 exe=/usr/bin/pilot-xfer name=ttyUSB1 dev=hda8 ino=1210304 scontext=user_u:user_r:user_t tcontext=system_u:object_r:tty_device_t tclass=chr_file Additionally, I need to sync Evolution's calendar and address book with my Treo. Evolution uses gnome-pilot and it's gpilotd daemon to communicate with Palm devices. Currently this results in failure with the following avc message: audit(1082445978.961:0): avc: denied { read write } for pid=3735 exe=/usr/libexec/gpilotd name=ttyUSB1 dev=hda8 ino=1210304 scontext=user_u:user_r:user_t tcontext=system_u:object_r:tty_device_t tclass=chr_file Dax Kelson Guru Labs

2 2

gnome-cpufreq-applet problem
by Rudi Chiarito 22 Apr '04

22 Apr '04

Any attempts to start the 3rd party GNOME cpufreq applet (which can be found at http://linups.org/~kal/gnome-cpufreq-applet/) will result in two identical error messages like this: avc: denied { search } for pid=9558 exe=/usr/libexec/gnome-cpufreq-applet dev= ino=1 scontext=user_u:user_r:user_t tcontext=system_u:object_r:sysfs_t tclass=dir The program is trying to read in /sys/devices/system/cpu/cpu*/cpufreq/. Rudi

2 1

disabled selinux???
by Dax Kelson 22 Apr '04

22 Apr '04

> fam-2.6.10-8 > ------------ > * Fri Apr 16 2004 Alex Larsson <alexl(a)redhat.com> 2.6.10-8 > > - re-enable fam since we disabled selinux What's the story? Hve the SELinux plans changed with FC2?

2 1

Fedora Core 2 and SELinux
by Bill Nottingham 22 Apr '04

22 Apr '04

Just clarifying what's been posted in a couple of other threads. SELinux *will* be included in Fedora Core 2 test 3 and the final Fedora Core 2 release. However, SELinux will be disabled by default. To install with SELinux support, pass 'selinux' to the installer on the command line. (Or, configure it appropriately in kickstart). This was done based on both internal and external testing and feedback of the current Fedora Core SELinux implementation and policy. At this point, we feel that it would be potentially damaging to the aims of both SELinux and Fedora to ship Fedora Core 2 with SELinux enabled by default. We're still committed to the integration of SELinux technology, and we're still working to fix all the bugs we find. Evaluation of when the right time isto switch it on by default will continue. What does this mean for those testing with SELinux? Please, continue! We're still looking to shake out all the issues and make it work. Thanks, The Fedora team

6 6

gpg avc
by Josh Boyer 22 Apr '04

22 Apr '04

Trying to generate a new gpg key fails with the latest policy updates. Below is the avc: audit(1082512578.827:0): avc: denied { read } for pid=2543 exe=/usr/bin/gpg name=random dev=hda5 ino=267501 scontext=user_u:user_r:user_gpg_t tcontext=system_u:object_r:random_device_t tclass=chr_file [jwboyer@localhost jwboyer]$ rpm -q policy policy-1.11.2-9 Any tips? thx, josh

4 7

newrole using SELinux user identity for password lookups
by Colin Walters 21 Apr '04

21 Apr '04

So on a default Fedora installation, as a regular user trying to run newrole -r sysadm_r, I get this: testuser@optimus-prime:~$ newrole -r sysadm_r cannot find your entry in the passwd file. Now, in newrole.c:364, there is the code: if( !(pw=getpwnam(context_user_get(context))) ) { fprintf(stderr,_("cannot find your entry in the passwd file.\n")); exit(-1); } context_user_get just returns the user identity portion of the security context of current process. Since I have no special user identity defined, it defaults to user_u, which is obviously not in the passwd file. This conflicts with our current default Fedora policy, we have in the SELinux users file: user user_u roles { user_r ifdef(`user_canbe_sysadm', `sysadm_r system_r') }; The user_canbe_sysadm tunable is on by default, but the user can't use newrole to get to that role - only su. So how to fix this bug? I understand the reason we're using the SELinux user identity - SELinux doesn't want to trust the Linux uid. But perhaps it would be good if we had a way to say that for particular SELinux user identities like user_u, newrole could just use the Linux uid for authentication.

2 6

Long XFS filesystem avc errors on boot
by Dennis Gilmore 21 Apr '04

21 Apr '04

Ok ill try again. first post was denied for being to big so ill cut it back. on a fully updated system that has XFS as the filesystem i reenabled selinux booted into single user mode and relabeled my filesystem. then rebooted. Postfix failed to start as did X. i am using kdm as my login manager seems its being denied access to some resources it needs. sorry is so long but i thought id show it in its context that is what was logged in /var/log/messages for the boot secqunce up until the point of x failing to start Dennis some of the messages for boot up are as follows Apr 15 11:26:06 asgard kernel: audit(1081992347.449:0): avc: denied { getattr } for pid=774 exe=/sbin/pam_console_apply path=/dev/input/js2 dev=hde2 ino=234962788 scontext=system_u:system_r:pam_console_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file Apr 15 11:26:06 asgard kernel: audit(1081992347.464:0): avc: denied { dac_override } for pid=774 exe=/sbin/pam_console_apply capability=1 scontext=system_u:system_r:pam_console_t tcontext=system_u:system_r:pam_console_t tclass=capability Apr 15 11:26:06 asgard kernel: audit(1081992347.464:0): avc: denied { dac_read_search } for pid=774 exe=/sbin/pam_console_apply capability=2 scontext=system_u:system_r:pam_console_t tcontext=system_u:system_r:pam_console_t tclass=capability Apr 15 11:26:06 asgard kernel: inode_doinit_with_dentry: getxattr returned 13 for dev=hde2 ino=234962799 Apr 15 11:26:06 asgard kernel: audit(1081992347.464:0): avc: denied { getattr } for pid=774 exe=/sbin/pam_console_apply path=/dev/input/js3 dev=hde2 ino=234962799 scontext=system_u:system_r:pam_console_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file Apr 15 11:26:06 asgard kernel: audit(1081992347.546:0): avc: denied { dac_override } for pid=774 exe=/sbin/pam_console_apply capability=1 scontext=system_u:system_r:pam_console_t tcontext=system_u:system_r:pam_console_t tclass=capability Apr 15 11:27:19 asgard /sbin/mingetty[1796]: tty1: Operation not permitted Apr 15 11:27:19 asgard /sbin/mingetty[1797]: tty2: Operation not permitted Apr 15 11:27:19 asgard /sbin/mingetty[1798]: tty3: Operation not permitted Apr 15 11:27:19 asgard kernel: audit(1081992439.217:0): avc: denied { fowner } for pid=1796 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:19 asgard kernel: audit(1081992439.221:0): avc: denied { fowner } for pid=1797 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:19 asgard kernel: audit(1081992439.225:0): avc: denied { fowner } for pid=1798 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:19 asgard kdm_config[1817]: Unrecognized section name [Desktop0] at /usr/share/config/kdm/kdmrc:42 Apr 15 11:27:19 asgard kdm_config[1817]: Unrecognized key 'SessionTypes' in section [X-*-Greeter] at /usr/share/config/kdm/kdmrc:266 Apr 15 11:27:19 asgard kernel: audit(1081992439.880:0): avc: denied { read } for pid=1802 exe=/usr/bin/kdm name=mem dev=hde2 ino=33580795 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:memory_device_t tclass=chr_file Apr 15 11:27:19 asgard kdm[1802]: Cannot read randomFile "/dev/mem"; X cookies may be easily guessable Apr 15 11:27:19 asgard kernel: audit(1081992439.921:0): avc: denied { getattr } for pid=1818 exe=/usr/X11R6/bin/Xorg path=/var/log/Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:19 asgard kernel: audit(1081992439.921:0): avc: denied { write } for pid=1818 exe=/usr/X11R6/bin/Xorg name=Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:21 asgard kdm[1802]: X server died during startup Apr 15 11:27:21 asgard kdm[1802]: X server for display :0 can't be started, session disabled Apr 15 11:27:22 asgard kdm_config[1834]: Unrecognized section name [Desktop0] at /usr/share/config/kdm/kdmrc:42 Apr 15 11:27:22 asgard kdm_config[1834]: Unrecognized key 'SessionTypes' in section [X-*-Greeter] at /usr/share/config/kdm/kdmrc:266 Apr 15 11:27:22 asgard kernel: audit(1081992442.419:0): avc: denied { read } for pid=1819 exe=/usr/bin/kdm name=mem dev=hde2 ino=33580795 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:memory_device_t tclass=chr_file Apr 15 11:27:22 asgard kdm[1819]: Cannot read randomFile "/dev/mem"; X cookies may be easily guessable Apr 15 11:27:22 asgard kernel: audit(1081992442.427:0): avc: denied { getattr } for pid=1835 exe=/usr/X11R6/bin/Xorg path=/var/log/Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:22 asgard kernel: audit(1081992442.427:0): avc: denied { write } for pid=1835 exe=/usr/X11R6/bin/Xorg name=Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:23 asgard kdm[1819]: X server died during startup Apr 15 11:27:23 asgard kdm[1819]: X server for display :0 can't be started, session disabled Apr 15 11:27:23 asgard kdm_config[1851]: Unrecognized section name [Desktop0] at /usr/share/config/kdm/kdmrc:42 Apr 15 11:27:23 asgard kdm_config[1851]: Unrecognized key 'SessionTypes' in section [X-*-Greeter] at /usr/share/config/kdm/kdmrc:266 Apr 15 11:27:23 asgard kernel: AVC: 1 messages suppressed. Apr 15 11:27:23 asgard kernel: audit(1081992443.946:0): avc: denied { read } for pid=1836 exe=/usr/bin/kdm name=mem dev=hde2 ino=33580795 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:memory_device_t tclass=chr_file Apr 15 11:27:23 asgard kdm[1836]: Cannot read randomFile "/dev/mem"; X cookies may be easily guessable Apr 15 11:27:23 asgard kernel: audit(1081992443.956:0): avc: denied { getattr } for pid=1852 exe=/usr/X11R6/bin/Xorg path=/var/log/Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:23 asgard kernel: audit(1081992443.957:0): avc: denied { write } for pid=1852 exe=/usr/X11R6/bin/Xorg name=Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:24 asgard /sbin/mingetty[1853]: tty1: Operation not permitted Apr 15 11:27:24 asgard kernel: audit(1081992444.224:0): avc: denied { fowner } for pid=1853 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:24 asgard kernel: audit(1081992444.230:0): avc: denied { fowner } for pid=1854 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:24 asgard /sbin/mingetty[1854]: tty2: Operation not permitted Apr 15 11:27:24 asgard kernel: audit(1081992444.237:0): avc: denied { fowner } for pid=1855 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:24 asgard /sbin/mingetty[1855]: tty3: Operation not permitted Apr 15 11:27:24 asgard kdm[1836]: X server died during startup Apr 15 11:27:24 asgard kdm[1836]: X server for display :0 can't be started, session disabled Apr 15 11:27:25 asgard kdm_config[1871]: Unrecognized section name [Desktop0] at /usr/share/config/kdm/kdmrc:42 Apr 15 11:27:25 asgard kdm_config[1871]: Unrecognized key 'SessionTypes' in section [X-*-Greeter] at /usr/share/config/kdm/kdmrc:266 Apr 15 11:27:25 asgard kernel: audit(1081992445.088:0): avc: denied { read } for pid=1856 exe=/usr/bin/kdm name=mem dev=hde2 ino=33580795 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:memory_device_t tclass=chr_file Apr 15 11:27:25 asgard kdm[1856]: Cannot read randomFile "/dev/mem"; X cookies may be easily guessable Apr 15 11:27:25 asgard kernel: audit(1081992445.098:0): avc: denied { getattr } for pid=1872 exe=/usr/X11R6/bin/Xorg path=/var/log/Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:25 asgard kernel: audit(1081992445.098:0): avc: denied { write } for pid=1872 exe=/usr/X11R6/bin/Xorg name=Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:26 asgard kdm[1856]: X server died during startup Apr 15 11:27:26 asgard kdm[1856]: X server for display :0 can't be started, session disabled Apr 15 11:27:26 asgard kdm_config[1888]: Unrecognized section name [Desktop0] at /usr/share/config/kdm/kdmrc:42 Apr 15 11:27:26 asgard kdm_config[1888]: Unrecognized key 'SessionTypes' in section [X-*-Greeter] at /usr/share/config/kdm/kdmrc:266 Apr 15 11:27:26 asgard kernel: audit(1081992446.224:0): avc: denied { read } for pid=1873 exe=/usr/bin/kdm name=mem dev=hde2 ino=33580795 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:memory_device_t tclass=chr_file Apr 15 11:27:26 asgard kdm[1873]: Cannot read randomFile "/dev/mem"; X cookies may be easily guessable Apr 15 11:27:26 asgard kernel: audit(1081992446.234:0): avc: denied { getattr } for pid=1889 exe=/usr/X11R6/bin/Xorg path=/var/log/Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:26 asgard kernel: audit(1081992446.234:0): avc: denied { write } for pid=1889 exe=/usr/X11R6/bin/Xorg name=Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:27 asgard kdm[1873]: X server died during startup Apr 15 11:27:27 asgard kdm[1873]: X server for display :0 can't be started, session disabled Apr 15 11:27:27 asgard kdm_config[1905]: Unrecognized section name [Desktop0] at /usr/share/config/kdm/kdmrc:42 Apr 15 11:27:27 asgard kdm_config[1905]: Unrecognized key 'SessionTypes' in section [X-*-Greeter] at /usr/share/config/kdm/kdmrc:266 Apr 15 11:27:27 asgard kernel: audit(1081992447.358:0): avc: denied { read } for pid=1890 exe=/usr/bin/kdm name=mem dev=hde2 ino=33580795 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:memory_device_t tclass=chr_file Apr 15 11:27:27 asgard kdm[1890]: Cannot read randomFile "/dev/mem"; X cookies may be easily guessable Apr 15 11:27:27 asgard kernel: audit(1081992447.368:0): avc: denied { getattr } for pid=1906 exe=/usr/X11R6/bin/Xorg path=/var/log/Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:27 asgard kernel: audit(1081992447.368:0): avc: denied { write } for pid=1906 exe=/usr/X11R6/bin/Xorg name=Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:28 asgard kdm[1890]: X server died during startup Apr 15 11:27:28 asgard kdm[1890]: X server for display :0 can't be started, session disabled Apr 15 11:27:28 asgard kdm_config[1922]: Unrecognized section name [Desktop0] at /usr/share/config/kdm/kdmrc:42 Apr 15 11:27:28 asgard kdm_config[1922]: Unrecognized key 'SessionTypes' in section [X-*-Greeter] at /usr/share/config/kdm/kdmrc:266 Apr 15 11:27:28 asgard kernel: audit(1081992448.495:0): avc: denied { read } for pid=1907 exe=/usr/bin/kdm name=mem dev=hde2 ino=33580795 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:memory_device_t tclass=chr_file Apr 15 11:27:28 asgard kdm[1907]: Cannot read randomFile "/dev/mem"; X cookies may be easily guessable Apr 15 11:27:28 asgard kernel: audit(1081992448.503:0): avc: denied { getattr } for pid=1923 exe=/usr/X11R6/bin/Xorg path=/var/log/Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:28 asgard kernel: audit(1081992448.504:0): avc: denied { write } for pid=1923 exe=/usr/X11R6/bin/Xorg name=Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:29 asgard /sbin/mingetty[1924]: tty1: Operation not permitted Apr 15 11:27:29 asgard kernel: AVC: 17 messages suppressed. Apr 15 11:27:29 asgard kernel: audit(1081992449.230:0): avc: denied { fowner } for pid=1924 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:29 asgard kernel: audit(1081992449.238:0): avc: denied { fowner } for pid=1925 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:29 asgard /sbin/mingetty[1925]: tty2: Operation not permitted Apr 15 11:27:29 asgard kernel: audit(1081992449.244:0): avc: denied { fowner } for pid=1926 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:29 asgard /sbin/mingetty[1926]: tty3: Operation not permitted Apr 15 11:27:29 asgard kdm[1907]: X server died during startup Apr 15 11:27:29 asgard kdm[1907]: X server for display :0 can't be started, session disabled Apr 15 11:27:29 asgard kdm_config[1942]: Unrecognized section name [Desktop0] at /usr/share/config/kdm/kdmrc:42 Apr 15 11:27:29 asgard kdm_config[1942]: Unrecognized key 'SessionTypes' in section [X-*-Greeter] at /usr/share/config/kdm/kdmrc:266 Apr 15 11:27:29 asgard kernel: audit(1081992449.635:0): avc: denied { read } for pid=1927 exe=/usr/bin/kdm name=mem dev=hde2 ino=33580795 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:memory_device_t tclass=chr_file Apr 15 11:27:29 asgard kdm[1927]: Cannot read randomFile "/dev/mem"; X cookies may be easily guessable Apr 15 11:27:29 asgard kernel: audit(1081992449.644:0): avc: denied { getattr } for pid=1943 exe=/usr/X11R6/bin/Xorg path=/var/log/Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:29 asgard kernel: audit(1081992449.646:0): avc: denied { write } for pid=1943 exe=/usr/X11R6/bin/Xorg name=Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:30 asgard kdm[1927]: X server died during startup Apr 15 11:27:30 asgard kdm[1927]: X server for display :0 can't be started, session disabled Apr 15 11:27:30 asgard kdm_config[1959]: Unrecognized section name [Desktop0] at /usr/share/config/kdm/kdmrc:42 Apr 15 11:27:30 asgard kdm_config[1959]: Unrecognized key 'SessionTypes' in section [X-*-Greeter] at /usr/share/config/kdm/kdmrc:266 Apr 15 11:27:30 asgard kernel: audit(1081992450.771:0): avc: denied { read } for pid=1944 exe=/usr/bin/kdm name=mem dev=hde2 ino=33580795 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:memory_device_t tclass=chr_file Apr 15 11:27:30 asgard kdm[1944]: Cannot read randomFile "/dev/mem"; X cookies may be easily guessable Apr 15 11:27:30 asgard kernel: audit(1081992450.781:0): avc: denied { getattr } for pid=1960 exe=/usr/X11R6/bin/Xorg path=/var/log/Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:30 asgard kernel: audit(1081992450.782:0): avc: denied { write } for pid=1960 exe=/usr/X11R6/bin/Xorg name=Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:31 asgard kdm[1944]: X server died during startup Apr 15 11:27:31 asgard kdm[1944]: X server for display :0 can't be started, session disabled Apr 15 11:27:31 asgard kdm_config[1976]: Unrecognized section name [Desktop0] at /usr/share/config/kdm/kdmrc:42 Apr 15 11:27:31 asgard kdm_config[1976]: Unrecognized key 'SessionTypes' in section [X-*-Greeter] at /usr/share/config/kdm/kdmrc:266 Apr 15 11:27:31 asgard kernel: audit(1081992451.907:0): avc: denied { read } for pid=1961 exe=/usr/bin/kdm name=mem dev=hde2 ino=33580795 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:memory_device_t tclass=chr_file Apr 15 11:27:31 asgard kdm[1961]: Cannot read randomFile "/dev/mem"; X cookies may be easily guessable Apr 15 11:27:31 asgard kernel: audit(1081992451.917:0): avc: denied { getattr } for pid=1977 exe=/usr/X11R6/bin/Xorg path=/var/log/Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:31 asgard kernel: audit(1081992451.918:0): avc: denied { write } for pid=1977 exe=/usr/X11R6/bin/Xorg name=Xorg.0.log dev=hde2 ino=302135865 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:var_log_t tclass=file Apr 15 11:27:32 asgard kdm[1961]: X server died during startup Apr 15 11:27:32 asgard kdm[1961]: X server for display :0 can't be started, session disabled Apr 15 11:27:32 asgard init: Id "x" respawning too fast: disabled for 5 minutes Apr 15 11:27:34 asgard /sbin/mingetty[1978]: tty1: Operation not permitted Apr 15 11:27:34 asgard kernel: AVC: 11 messages suppressed. Apr 15 11:27:34 asgard kernel: audit(1081992454.236:0): avc: denied { fowner } for pid=1978 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:34 asgard /sbin/mingetty[1979]: tty2: Operation not permitted Apr 15 11:27:34 asgard kernel: audit(1081992454.245:0): avc: denied { fowner } for pid=1979 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:34 asgard /sbin/mingetty[1980]: tty3: Operation not permitted Apr 15 11:27:34 asgard kernel: audit(1081992454.252:0): avc: denied { fowner } for pid=1980 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:39 asgard /sbin/mingetty[1981]: tty1: Operation not permitted Apr 15 11:27:39 asgard kernel: AVC: 2 messages suppressed. Apr 15 11:27:39 asgard kernel: audit(1081992459.242:0): avc: denied { fowner } for pid=1981 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:39 asgard /sbin/mingetty[1982]: tty2: Operation not permitted Apr 15 11:27:39 asgard kernel: audit(1081992459.251:0): avc: denied { fowner } for pid=1982 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:39 asgard /sbin/mingetty[1983]: tty3: Operation not permitted Apr 15 11:27:39 asgard kernel: audit(1081992459.258:0): avc: denied { fowner } for pid=1983 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:44 asgard /sbin/mingetty[1984]: tty1: Operation not permitted Apr 15 11:27:44 asgard kernel: AVC: 2 messages suppressed. Apr 15 11:27:44 asgard kernel: audit(1081992464.248:0): avc: denied { fowner } for pid=1984 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:44 asgard /sbin/mingetty[1985]: tty2: Operation not permitted Apr 15 11:27:44 asgard kernel: audit(1081992464.258:0): avc: denied { fowner } for pid=1985 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:44 asgard /sbin/mingetty[1986]: tty3: Operation not permitted Apr 15 11:27:44 asgard kernel: audit(1081992464.265:0): avc: denied { fowner } for pid=1986 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:49 asgard /sbin/mingetty[1987]: tty1: Operation not permitted Apr 15 11:27:49 asgard kernel: AVC: 2 messages suppressed. Apr 15 11:27:49 asgard kernel: audit(1081992469.255:0): avc: denied { fowner } for pid=1987 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:49 asgard /sbin/mingetty[1988]: tty2: Operation not permitted Apr 15 11:27:49 asgard kernel: audit(1081992469.265:0): avc: denied { fowner } for pid=1988 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:49 asgard /sbin/mingetty[1989]: tty3: Operation not permitted Apr 15 11:27:49 asgard kernel: audit(1081992469.272:0): avc: denied { fowner } for pid=1989 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:54 asgard /sbin/mingetty[1990]: tty1: Operation not permitted Apr 15 11:27:54 asgard kernel: AVC: 2 messages suppressed. Apr 15 11:27:54 asgard kernel: audit(1081992474.262:0): avc: denied { fowner } for pid=1990 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:54 asgard /sbin/mingetty[1991]: tty2: Operation not permitted Apr 15 11:27:54 asgard kernel: audit(1081992474.272:0): avc: denied { fowner } for pid=1991 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:54 asgard /sbin/mingetty[1992]: tty3: Operation not permitted Apr 15 11:27:54 asgard kernel: audit(1081992474.279:0): avc: denied { fowner } for pid=1992 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:59 asgard /sbin/mingetty[1993]: tty1: Operation not permitted Apr 15 11:27:59 asgard kernel: AVC: 2 messages suppressed. Apr 15 11:27:59 asgard kernel: audit(1081992479.269:0): avc: denied { fowner } for pid=1993 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:59 asgard /sbin/mingetty[1994]: tty2: Operation not permitted Apr 15 11:27:59 asgard kernel: audit(1081992479.279:0): avc: denied { fowner } for pid=1994 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:59 asgard kernel: audit(1081992479.287:0): avc: denied { fowner } for pid=1995 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:27:59 asgard /sbin/mingetty[1995]: tty3: Operation not permitted Apr 15 11:28:04 asgard kernel: AVC: 2 messages suppressed. Apr 15 11:28:04 asgard kernel: audit(1081992484.277:0): avc: denied { fowner } for pid=1996 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:28:04 asgard /sbin/mingetty[1996]: tty1: Operation not permitted Apr 15 11:28:04 asgard kernel: audit(1081992484.286:0): avc: denied { fowner } for pid=1997 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:28:04 asgard /sbin/mingetty[1997]: tty2: Operation not permitted Apr 15 11:28:04 asgard /sbin/mingetty[1998]: tty3: Operation not permitted Apr 15 11:28:04 asgard kernel: audit(1081992484.295:0): avc: denied { fowner } for pid=1998 exe=/sbin/mingetty capability=3 scontext=system_u:system_r:getty_t tcontext=system_u:system_r:getty_t tclass=capability Apr 15 11:28:09 asgard init: Id "1" respawning too fast: disabled for 5 minutes Apr 15 11:28:09 asgard init: Id "2" respawning too fast: disabled for 5 minutes Apr 15 11:28:09 asgard init: Id "3" respawning too fast: disabled for 5 minutes

5 5

SELinux denies setrlimit during user login
by Udo Christ 21 Apr '04

21 Apr '04

Hello, the current policies still seem to deny the setting of limits during user login (local and remote, but not during gdm-login). The settings get established using the pam module and its configuration. (Raising file limits and such) Right now i have to run in permissive mode in order to be able to log in as root and users. Could someone change the policies accordingly or tell me what to try to be able to log on in enforcing mode ? Regards, Udo

1 0

SELinux impact on performance
by André Goddard Rosa 20 Apr '04

20 Apr '04

Even with SELinux turned off it still has losing of performance? Thanks, Andre

2 1

← Newer
1
2
3
4
5
6
7
8
9
10
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux April 2004