AVC with today's rawhide

From: Tom London <selinux_at_nospam>
Date: Thu Dec 06 2007 - 17:42:30 GMT
To: fedora-selinux <fedora-selinux-list@redhat.com>

I think today's policykit update needs some more love....

Graphical login failed with 'respawn too fast' messages.

Here are the AVCs:

type=AVC msg=audit(1196960817.504:18): avc: denied { read } for pid=2324 comm="hald" name="PolicyKit.reload" dev=dm-0 ino=67633 scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:system_crond_var_lib_t:s0 tclass=file type=SYSCALL msg=audit(1196960817.504:18): arch=40000003 syscall=292 success=no exit=-13 a0=d a1=923400 a2=106 a3=9b25d88 items=0 ppid=2323 pid=2324 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="hald" exe="/usr/sbin/hald" subj=system_u:system_r:hald_t:s0 key=(null)

type=AVC msg=audit(1196961900.294:38): avc: denied { getattr } for pid=3308 comm="polkit-read-aut" scontext=root:system_r:hald_t:s0 tcontext=root:system_r:hald_t:s0 tclass=process type=SYSCALL msg=audit(1196961900.294:38): arch=40000003 syscall=3 success=yes exit=24 a0=4 a1=945f538 a2=fff a3=fff items=0 ppid=2833 pid=3308 auid=0 uid=68 gid=68 euid=68 suid=68 fsuid=68 egid=87 sgid=87 fsgid=87 tty=(none) comm="polkit-read-aut" exe="/usr/libexec/polkit-read-auth-helper" subj=root:system_r:hald_t:s0 key=(null)

'audit2allow -M'/etc. fixes:

#============= hald_t ==============
allow hald_t self:process getattr;
allow hald_t system_crond_var_lib_t:file read;

tom -- Tom London -- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list

This message: [ Message body ]
Next message: Matthew Gillen: "Re: home directory problems with Fedora 8"
Previous message: John Griffiths: "Re: home directory problems with Fedora 8"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]