Just happen to notice this running strict/enforcing:
hwbrowser produces the following avcs, and doesn't display anything for 'Hard Drives' (sorry, got hit with the truncated avc message...):
[Does it really need write access to fixed_device_t?]
tom
Oct 29 09:45:17 fedora kernel: audit(1099068317.291:0): avc: denied { write } for pid=14626 exe=/bin/bash path=pipe:[51083] dev=pipefs ino=51083 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:xdm_t tclass=fifo_file Oct 29 09:45:17 fedora kernel: audit(1099068317.291:0): avc: denied { write } for pid=14626 exe=/bin/bash path=pipe:[51083] dev=pipefs ino=51083 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:xdm_t tclass=fifo_file Oct 29 09:45:18 fedora kernel: audit(1099068318.321:0): avc: denied { unix_read unix_write } for pid=3299 exe=/usr/X11R6/bin/Xorg Oct 29 09:45:19 fedora kernel: audit(1099068319.206:0): avc: denied { read write } for pid=14627 exe=/usr/bin/python name=hda dev=tmpfs ino=1024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file Oct 29 09:45:19 fedora kernel: audit(1099068319.208:0): avc: denied { read } for pid=14627 exe=/usr/bin/python name=hda dev=tmpfs ino=1024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file
On Fri, 2004-10-29 at 09:53 -0700, Tom London wrote:
Just happen to notice this running strict/enforcing:
hwbrowser produces the following avcs, and doesn't display anything for 'Hard Drives' (sorry, got hit with the truncated avc message...):
We meant to kill hwbrowser; its functionality is subsumed by hal-device-manager (which itself has a bug that it needs to be moved to /usr/bin...).
Colin Walters wrote:
On Fri, 2004-10-29 at 09:53 -0700, Tom London wrote:
Just happen to notice this running strict/enforcing:
hwbrowser produces the following avcs, and doesn't display anything for 'Hard Drives' (sorry, got hit with the truncated avc message...):
We meant to kill hwbrowser; its functionality is subsumed by hal-device-manager (which itself has a bug that it needs to be moved to /usr/bin...).
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
One nice this is that it causes the audit problem to happen every time.
Dan
echo > /var/log/mesages hwbrowser more /var/log/messages
Oct 29 13:00:23 localhost kernel:
audit(1099069223.384:0): avc: denied { unix_read unix_write } for pid=23286 exe=/usr/X11R6/bin/Xorg Oct 29 13:00:25 localhost kernel: audit(1099069225.084:0): avc: denied { create } for pid=10483 exe=/usr/bin/python name=tmpdev-10483 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:tmp_t tclass=chr_file Oct 29 13:00:25 localhost kernel: audit(1099069225.207:0): avc: denied { read write } for pid=10483 exe=/usr/bin/python name=hda dev=tmpfs ino=1105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file Oct 29 13:00:25 localhost kernel: audit(1099069225.208:0): avc: denied { read } for pid=10483 exe=/usr/bin/python name=hda dev=tmpfs ino=1105 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file Oct 29 13:01:01 localhost crond(pam_unix)[10492]: session opened for user root by (uid=0) Oct 29 13:01:01 localhost crond(pam_unix)[10492]: session closed for user root
On Fri, 2004-10-29 at 13:06, Daniel J Walsh wrote:
Oct 29 13:00:23 localhost kernel:
audit(1099069223.384:0): avc: denied { unix_read unix_write } for pid=23286 exe=/usr/X11R6/bin/Xorg
Hmmm...I don't see this behavior upon running hwbrowser on FC3/rc1 (kernel 2.6.9-1.640) here.
Stephen Smalley wrote:
On Fri, 2004-10-29 at 13:06, Daniel J Walsh wrote:
Oct 29 13:00:23 localhost kernel:
audit(1099069223.384:0): avc: denied { unix_read unix_write } for pid=23286 exe=/usr/X11R6/bin/Xorg
Hmmm...I don't see this behavior upon running hwbrowser on FC3/rc1 (kernel 2.6.9-1.640) here.
I am running 2.6.9-1.643 on a laptop.
Happens every time.
lsmod shows Module Size Used by appletalk 31145 0 ipx 29545 0 p8022 2369 1 ipx psnap 4421 2 appletalk,ipx llc 7125 2 p8022,psnap radeon 120517 2 tun 8897 0 nfs 221765 0 nfsd 204641 1 exportfs 8001 1 nfsd lockd 63241 2 nfs,nfsd parport_pc 24705 1 lp 11565 0 parport 41737 2 parport_pc,lp deflate 3521 0 zlib_deflate 20697 1 deflate twofish 36929 0 serpent 13249 0 blowfish 10049 0 des 11713 0 sha256 9281 0 crypto_null 2241 0 ipcomp 7753 0 esp4 7745 0 ah4 6209 0 af_key 30673 0 irnet 24069 0 ppp_generic 35669 1 irnet slhc 7105 1 ppp_generic ircomm_tty 28617 0 ircomm 14021 1 ircomm_tty irda 122237 3 irnet,ircomm_tty,ircomm crc_ccitt 2113 1 irda autofs4 24005 0 i2c_dev 10433 0 i2c_core 22081 1 i2c_dev rfcomm 36701 0 l2cap 25285 3 rfcomm bluetooth 46917 2 rfcomm,l2cap sunrpc 160421 11 nfs,nfsd,lockd md5 4033 1 ipv6 232577 14 aes_i586 38325 0 ds 16965 4 ip_vs 88225 0 ipt_REJECT 6465 1 ipt_state 1857 6 ip_conntrack 40693 1 ipt_state iptable_filter 2753 1 ip_tables 16193 3 ipt_REJECT,ipt_state,iptable_filter microcode 6497 0 button 6481 0 battery 8517 0 ac 4805 0 yenta_socket 18753 0 pcmcia_core 59913 2 ds,yenta_socket uhci_hcd 31449 0 hw_random 5589 0 snd_intel8x0m 18185 2 snd_intel8x0 34829 2 snd_ac97_codec 64401 2 snd_intel8x0m,snd_intel8x0 snd_pcm_oss 47609 0 snd_mixer_oss 17217 3 snd_pcm_oss snd_pcm 97993 3 snd_intel8x0m,snd_intel8x0,snd_pcm_oss snd_timer 29765 1 snd_pcm snd_page_alloc 9673 3 snd_intel8x0m,snd_intel8x0,snd_pcm gameport 4801 1 snd_intel8x0 snd_mpu401_uart 8769 1 snd_intel8x0 snd_rawmidi 26725 1 snd_mpu401_uart snd_seq_device 8137 1 snd_rawmidi snd 54053 14 snd_intel8x0m,snd_intel8x0,snd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer,snd_mpu401_uart,snd_rawmidi,snd_seq_device soundcore 9889 3 snd e100 39365 0 mii 4673 1 e100 floppy 58609 0 dm_snapshot 17029 0 dm_zero 2369 0 dm_mirror 23341 2 ext3 116809 2 jbd 74969 1 ext3 dm_mod 54741 6 dm_snapshot,dm_zero,dm_mirror
On Fri, 2004-10-29 at 13:54, Daniel J Walsh wrote:
I am running 2.6.9-1.643 on a laptop.
Happens every time.
Hmm...updated to 1.643, rebooted, ran hwbrowser. Still no truncated audit messages.
As I said earlier, seems difficult to reproduce reliably. If you reboot the laptop, does it still occur? Or did you have to run it a while before it started doing this?
Stephen Smalley wrote:
On Fri, 2004-10-29 at 13:54, Daniel J Walsh wrote:
I am running 2.6.9-1.643 on a laptop.
Happens every time.
Hmm...updated to 1.643, rebooted, ran hwbrowser. Still no truncated audit messages.
As I said earlier, seems difficult to reproduce reliably. If you reboot the laptop, does it still occur? Or did you have to run it a while before it started doing this?
Yes went away on reboot, now hwbrowser and hal_device_manager seem to work. Could be something to do with doing lots of policy reloads, I have been doing a lot of policy development on this laptop.
Dan
selinux@lists.fedoraproject.org