From: Justin Smith <jsmith@mcs.drexel.edu>
To: selinux@tycho.nsa.gov
Subject: boot messages
Date: 01 Dec 2001 08:15:36 -0500 [thread overview]
Message-ID: <1007212536.2059.0.camel@jsmith.org> (raw)
Part of my dmesg:
....................
usb-uhci.c: v1.268:USB Universal Host Controller Interface driver
avc: denied { search } for pid=93 exe=/bin/cat dev=00:08 ino=1
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:unlabeled_t
tclass=dir
avc: denied { read } for pid=93 exe=/bin/cat path=/devices dev=00:08
ino=2
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:unlabeled_t
tclass=file
avc: denied { getattr } for pid=93 exe=/bin/cat path=/devices
dev=00:08 ino=2
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:unlabeled_t
tclass=file
avc: denied { mounton } for pid=149 exe=/bin/mount path=/local
dev=03:0a ino=
32705
scontext=system_u:system_r:mount_t
tcontext=system_u:object_r:usr_t
tclass=dir
avc: denied { write } for pid=224 exe=/bin/mv path=/log dev=03:05
ino=96193
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:var_log_t
tclass=dir
avc: denied { remove_name } for pid=224 exe=/bin/mv path=/log/ksyms.5
dev=03:
05 ino=96389
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:var_log_t
tclass=dir
avc: denied { rename } for pid=224 exe=/bin/mv path=/log/ksyms.5
dev=03:05 in
o=96389
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:var_log_t
tclass=file
avc: denied { add_name } for pid=224 exe=/bin/mv path=/log/ksyms.6
dev=03:05
ino=96370
scontext=system_u:system_r:initrc_t
tcontext=system_u:object_r:var_log_t
tclass=dir
It looks as though the system doesn't allow basic maintenance of the
logs...
I'll try changing the policy slightly (in initrc.te)
# allow initrc_t var_log_t:file rw_file_perms;
allow initrc_t var_log_t:file
{ write read rename remove_name add_name unlink create search };
--
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next reply other threads:[~2001-12-01 13:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-12-01 13:15 Justin Smith [this message]
2001-12-03 14:33 ` boot messages Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2003-04-22 12:45 Andries.Brouwer
2003-04-22 13:01 ` Jeff Garzik
2003-04-22 14:20 ` Randy.Dunlap
2003-04-22 15:14 ` Jeff Garzik
2003-04-22 15:11 Andries.Brouwer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1007212536.2059.0.camel@jsmith.org \
--to=jsmith@mcs.drexel.edu \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.