| Main Archive Page > Month Archives > fedora-selinux archives |
Re: Many selinux complaints about ps after video card failure caused nouveou to fill /var
From: Daniel J Walsh <dwalsh_at_nospam>Date: Mon Aug 03 2009 - 12:07:06 GMT
To: Edward Kuns <ekuns@kilroy.chi.il.us>
On 08/01/2009 12:16 AM, Edward Kuns wrote:
> I don't know if selinux was misbehaving or was just doing the best it
> could on a crippled system. Apparently, my video card failed this
> morning, causing nouveou to write 3.5 Gig of logs to /var/log/messages
> in a matter of minutes -- the same text over and over and over. This
> filled /var. I came upon the computer many hours later. The hard drive
> light was flickering, so the computer was busy, but the computer was
> basically crashed. Unreachable from the keyboard, unreachable from the
> network.
>
> To make a long story short, after I replaced the video card and moved an
> enormous /var/log/messages to another partition for later review, then
> rebooted, everything came up fine. And the tail end of the logs (when I
> started cleaning things up) is full of selinux denials, almost all to
> ps. I look at setroubleshoot and it has 50/50 complaints, almost all
> about ps running in the context mysqld_safe_t, complaints such as:
>
> SELinux is preventing ps (mysqld_safe_t) "getattr" hald_t.
> SELinux is preventing ps (mysqld_safe_t) "getattr" initrc_t.
> SELinux is preventing ps (mysqld_safe_t) "getattr" crond_t.
>
> Is it worth my sending the full details for these AVCs to this list, or
> is this an expected or understood misbehavior during /var-full
> situations? (Or some 3rd option)
>
> Thanks
>
> Eddie
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
It probably should be allowed.
Adding
domain_getattr_all_domains(mysqld_safe_t)
To Rawhide. -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list