Re: audit ... denied messages

[Lee <FriedBob@sbcglobal.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Timothy Wood wrote:

| Are you passing enforcing=1 to the kernel at boot time?

Yes, these errors/messages only occur when I pass "selinux=1" to the
kernel at boot, which I assume does the same thing as "enforcing=1" ?

| Those packages will give you basic system functionality while in
| enforcing mode.  Some services and other things will need the policy
| fixed, at least somewhat, in order for them to work in enforcing mode.

Well, I guess I need to find out where and what needs to be fixed. :)

| Can you include some of these messages?

I've got 5 pages of errors that I copied from dmesg.  One of them
changes the aspect of my problems, as I saw a line telling me my
reiserfs partition doesn't support labeling.  Here's a few select lines
from them.   Seems I need a kernel patch for the reiser issue, so I'll
look for that.


~ audit(1105370321.810:0): avc:  denied  { read } for  pid=446
exe=/sbin/ldconfig name=libartsc.so.0.0.0 dev=hdc1 ino=749412
scontext=system_u:system_r:ldconfig_t tcontext=system_u:object_r:usr_t
tclass=file
audit(1105370321.811:0): avc:  denied  { getattr } for  pid=446
exe=/sbin/ldconfig path=/opt/kde/lib/libartsc.so.0.0.0 dev=hdc1
ino=749412 scontext=system_u:system_r:ldconfig_t
tcontext=system_u:object_r:usr_t tclass=file
audit(1105370322.118:0): avc:  denied  { read } for  pid=446
exe=/sbin/ldconfig name=libmcop.so dev=hdc1 ino=749444
scontext=system_u:system_r:ldconfig_t tcontext=system_u:object_r:usr_t
tclass=lnk_file
audit(1105370322.511:0): avc:  denied  { read } for  pid=446
exe=/sbin/ldconfig name=libSegFault.so dev=hdc1 ino=650924
scontext=system_u:system_r:ldconfig_t tcontext=system_u:object_r:lib_t
tclass=file
audit(1105370322.512:0): avc:  denied  { getattr } for  pid=446
exe=/sbin/ldconfig path=/lib/libSegFault.so dev=hdc1 ino=650924
scontext=system_u:system_r:ldconfig_t tcontext=system_u:object_r:lib_t
tclass=file


And I've got some others along the same lines from after I log in, but
will spare you from them unless they are requested.
- --
~  == FriedBob ==

"Hence to fight and conquer in all your battles is not supreme
excellence; supreme excellence consists in breaking the enemy's
resistance without fighting."
~  - Sun Tzu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFB4zCpvxumKxmOCzIRAqgOAJ46N8OYAUn9Dg7cKKtgpwBYENF2TgCeNLRO
yMFpTlX6e8XVO64XYkuLqA8=
=J+Z2
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.