* [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
@ 2009-09-12 22:09 ` Justin Mattock
0 siblings, 0 replies; 14+ messages in thread
From: Justin Mattock @ 2009-09-12 22:09 UTC (permalink / raw)
To: SE-Linux; +Cc: tresys, Eric Paris, James Morris, Serge Hallyn
[-- Attachment #1: Type: text/plain, Size: 4436 bytes --]
attached is dmesg of the latest
Head giving me an avc denial that
is giving me an error with checkpolicy:
/usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
/usr/bin/checkpolicy: loading policy configuration from policy.conf
policy/modules/services/xserver.te":1138:ERROR 'permission
module_request is not defined for class system' at token ';' on line
2904222:
allow NetworkManager_t kernel_t:system module_request;
#============= NetworkManager_t ==============
policy/modules/services/xserver.te":1141:ERROR 'permission
module_request is not defined for class system' at token ';' on line
2904225:
#============= insmod_t ==============
allow insmod_t kernel_t:system module_request;
policy/modules/services/xserver.te":1144:ERROR 'permission
module_request is not defined for class system' at token ';' on line
2904228:
allow iptables_t kernel_t:system module_request;
#============= iptables_t ==============
checkpolicy: error(s) encountered while parsing configuration
make: *** [policy.22] Error 1
(please ignore the xserver.te, as a quick way using a monolithic
policy, I just randomly throw the allow rules anywhere, before
individually locating the right location).
here is what git bisect is showing me:
25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
commit 25354c4fee169710fd9da15f3bb2abaa24dcf933
Author: Eric Paris <eparis@redhat.com>
Date: Thu Aug 13 09:45:03 2009 -0400
SELinux: add selinux_kernel_module_request
This patch adds a new selinux hook so SELinux can arbitrate if a given
process should be allowed to trigger a request for the kernel to try to
load a module. This is a different operation than a process trying to load
a module itself, which is already protected by CAP_SYS_MODULE.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
:040000 040000 0585d8667e7c54b9b3e07f419dc8eff62b32fe96
f63f56f137352a90a909d11d37e8f5462f4306ff M security
and FWIW git bisect log:
git bisect start
# bad: [332a3392188e0ad966543c87b8da2b9d246f301d] Merge
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
git bisect bad 332a3392188e0ad966543c87b8da2b9d246f301d
# good: [ed680c4ad478d0fee9740f7d029087f181346564] Linux 2.6.31-rc5
git bisect good ed680c4ad478d0fee9740f7d029087f181346564
# good: [f415c413f458837bd0c27086b79aca889f9435e4] Merge
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
git bisect good f415c413f458837bd0c27086b79aca889f9435e4
# good: [6a0f4021469727675b83d85ac91d106bfae0e2c3] Merge branch
'topic/dummy' into for-linus
git bisect good 6a0f4021469727675b83d85ac91d106bfae0e2c3
# bad: [a12e4d304ce701844c639541d90df86e165d03f9] Merge branch
'writeback' of git://git.kernel.dk/linux-2.6-block
git bisect bad a12e4d304ce701844c639541d90df86e165d03f9
# bad: [2490138cb785d299d898b579fa2874a59a3d321a] Merge branch
'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband
git bisect bad 2490138cb785d299d898b579fa2874a59a3d321a
# bad: [9f0ab4a3f0fdb1ff404d150618ace2fa069bb2e1] binfmt_elf: fix
PT_INTERP bss handling
git bisect bad 9f0ab4a3f0fdb1ff404d150618ace2fa069bb2e1
# good: [896a6de40ef3814525632609799af909338f50c3] mm_for_maps: take
->cred_guard_mutex to fix the race with exec
git bisect good 896a6de40ef3814525632609799af909338f50c3
# bad: [0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76] KEYS: Allow
keyctl_revoke() on keys that have SETATTR but not WRITE perm [try #6]
git bisect bad 0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76
# bad: [ece13879e74313e62109e0755dd3d4f172df89e2] Merge branch
'master' into next
git bisect bad ece13879e74313e62109e0755dd3d4f172df89e2
# bad: [25354c4fee169710fd9da15f3bb2abaa24dcf933] SELinux: add
selinux_kernel_module_request
git bisect bad 25354c4fee169710fd9da15f3bb2abaa24dcf933
# good: [a8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c] Networking: use
CAP_NET_ADMIN when deciding to call request_module
git bisect good a8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c
# good: [9188499cdb117d86a1ea6b04374095b098d56936] security:
introducing security_request_module
git bisect good 9188499cdb117d86a1ea6b04374095b098d56936
The system is an LFS,
there is no proprietary modules
at all with this kernel.
I have another machine running
rc-8 and it seems to not be producing
this avc.(keep in mind it does have
two proprietary modules: nvidia wl).
--
Justin P. Mattock
[-- Attachment #2: dmesg --]
[-- Type: application/octet-stream, Size: 52105 bytes --]
[ 0.000000] Linux version 2.6.31-00749-g332a339 (name@name) (gcc version 4.4.0 (GCC) ) #4 SMP Fri Sep 11 11:25:41 PDT 2009
[ 0.000000] KERNEL supported cpus:
[ 0.000000] Intel GenuineIntel
[ 0.000000] AMD AuthenticAMD
[ 0.000000] NSC Geode by NSC
[ 0.000000] Cyrix CyrixInstead
[ 0.000000] Centaur CentaurHauls
[ 0.000000] Transmeta GenuineTMx86
[ 0.000000] Transmeta TransmetaCPU
[ 0.000000] UMC UMC UMC UMC
[ 0.000000] BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
[ 0.000000] BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
[ 0.000000] BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
[ 0.000000] BIOS-e820: 0000000000100000 - 000000003f0ea000 (usable)
[ 0.000000] BIOS-e820: 000000003f0ea000 - 000000003f2eb000 (ACPI NVS)
[ 0.000000] BIOS-e820: 000000003f2eb000 - 000000003febe000 (ACPI data)
[ 0.000000] BIOS-e820: 000000003febe000 - 000000003feef000 (ACPI NVS)
[ 0.000000] BIOS-e820: 000000003feef000 - 000000003ff00000 (ACPI data)
[ 0.000000] BIOS-e820: 000000003ff00000 - 0000000040000000 (reserved)
[ 0.000000] BIOS-e820: 00000000f0000000 - 00000000f4000000 (reserved)
[ 0.000000] BIOS-e820: 00000000fec00000 - 00000000fec01000 (reserved)
[ 0.000000] BIOS-e820: 00000000fed14000 - 00000000fed1a000 (reserved)
[ 0.000000] BIOS-e820: 00000000fed1c000 - 00000000fed20000 (reserved)
[ 0.000000] BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
[ 0.000000] BIOS-e820: 00000000ffe00000 - 0000000100000000 (reserved)
[ 0.000000] PAT support disabled.
[ 0.000000] DMI 2.4 present.
[ 0.000000] last_pfn = 0x3f0ea max_arch_pfn = 0x100000
[ 0.000000] MTRR default type: uncachable
[ 0.000000] MTRR fixed ranges enabled:
[ 0.000000] 00000-9FFFF write-back
[ 0.000000] A0000-BFFFF uncachable
[ 0.000000] C0000-CFFFF write-protect
[ 0.000000] D0000-DFFFF uncachable
[ 0.000000] E0000-FFFFF write-protect
[ 0.000000] MTRR variable ranges enabled:
[ 0.000000] 0 base 0FFE00000 mask FFFE00000 write-protect
[ 0.000000] 1 base 000000000 mask FC0000000 write-back
[ 0.000000] 2 base 03FF00000 mask FFFF00000 uncachable
[ 0.000000] 3 disabled
[ 0.000000] 4 disabled
[ 0.000000] 5 disabled
[ 0.000000] 6 disabled
[ 0.000000] 7 disabled
[ 0.000000] e820 update range: 0000000000002000 - 0000000000006000 (usable) ==> (reserved)
[ 0.000000] Scanning 1 areas for low memory corruption
[ 0.000000] modified physical RAM map:
[ 0.000000] modified: 0000000000000000 - 0000000000002000 (usable)
[ 0.000000] modified: 0000000000002000 - 0000000000006000 (reserved)
[ 0.000000] modified: 0000000000006000 - 000000000009fc00 (usable)
[ 0.000000] modified: 000000000009fc00 - 00000000000a0000 (reserved)
[ 0.000000] modified: 00000000000e0000 - 0000000000100000 (reserved)
[ 0.000000] modified: 0000000000100000 - 000000003f0ea000 (usable)
[ 0.000000] modified: 000000003f0ea000 - 000000003f2eb000 (ACPI NVS)
[ 0.000000] modified: 000000003f2eb000 - 000000003febe000 (ACPI data)
[ 0.000000] modified: 000000003febe000 - 000000003feef000 (ACPI NVS)
[ 0.000000] modified: 000000003feef000 - 000000003ff00000 (ACPI data)
[ 0.000000] modified: 000000003ff00000 - 0000000040000000 (reserved)
[ 0.000000] modified: 00000000f0000000 - 00000000f4000000 (reserved)
[ 0.000000] modified: 00000000fec00000 - 00000000fec01000 (reserved)
[ 0.000000] modified: 00000000fed14000 - 00000000fed1a000 (reserved)
[ 0.000000] modified: 00000000fed1c000 - 00000000fed20000 (reserved)
[ 0.000000] modified: 00000000fee00000 - 00000000fee01000 (reserved)
[ 0.000000] modified: 00000000ffe00000 - 0000000100000000 (reserved)
[ 0.000000] initial memory mapped : 0 - 01800000
[ 0.000000] init_memory_mapping: 0000000000000000-00000000377fe000
[ 0.000000] 0000000000 - 0000400000 page 4k
[ 0.000000] 0000400000 - 0037400000 page 2M
[ 0.000000] 0037400000 - 00377fe000 page 4k
[ 0.000000] kernel direct mapping tables up to 377fe000 @ 7000-c000
[ 0.000000] init_ohci1394_dma: initializing OHCI-1394 at 0c:03.0
[ 0.000000] init_ohci1394_dma: finished initializing OHCI DMA
[ 0.000000] ACPI: RSDP 000fe020 00024 (v02 APPLE )
[ 0.000000] ACPI: XSDT 3fefd1c0 00074 (v01 APPLE Apple00 000000A5 01000013)
[ 0.000000] ACPI: FACP 3fefb000 000F4 (v03 APPLE Apple00 000000A5 Loki 0000005F)
[ 0.000000] ACPI: DSDT 3fef0000 048D1 (v01 APPLE MacBookP 00020002 INTL 20050309)
[ 0.000000] ACPI: FACS 3fec0000 00040
[ 0.000000] ACPI: HPET 3fefa000 00038 (v01 APPLE Apple00 00000001 Loki 0000005F)
[ 0.000000] ACPI: APIC 3fef9000 00068 (v01 APPLE Apple00 00000001 Loki 0000005F)
[ 0.000000] ACPI: MCFG 3fef8000 0003C (v01 APPLE Apple00 00000001 Loki 0000005F)
[ 0.000000] ACPI: ASF! 3fef7000 000A0 (v32 APPLE Apple00 00000001 Loki 0000005F)
[ 0.000000] ACPI: SBST 3fef6000 00030 (v01 APPLE Apple00 00000001 Loki 0000005F)
[ 0.000000] ACPI: ECDT 3fef5000 00053 (v01 APPLE Apple00 00000001 Loki 0000005F)
[ 0.000000] ACPI: SSDT 3feef000 004DC (v01 APPLE CpuPm 00003000 INTL 20050309)
[ 0.000000] ACPI: SSDT 3febd000 0064F (v01 SataRe SataPri 00001000 INTL 20050309)
[ 0.000000] ACPI: SSDT 3febc000 0069C (v01 SataRe SataSec 00001000 INTL 20050309)
[ 0.000000] ACPI: Local APIC address 0xfee00000
[ 0.000000] 120MB HIGHMEM available.
[ 0.000000] 887MB LOWMEM available.
[ 0.000000] mapped low ram: 0 - 377fe000
[ 0.000000] low ram: 0 - 377fe000
[ 0.000000] node 0 low ram: 00000000 - 377fe000
[ 0.000000] node 0 bootmap 00008000 - 0000ef00
[ 0.000000] (8 early reservations) ==> bootmem [0000000000 - 00377fe000]
[ 0.000000] #0 [0000000000 - 0000001000] BIOS data page ==> [0000000000 - 0000001000]
[ 0.000000] #1 [0000001000 - 0000002000] EX TRAMPOLINE ==> [0000001000 - 0000002000]
[ 0.000000] #2 [0000006000 - 0000007000] TRAMPOLINE ==> [0000006000 - 0000007000]
[ 0.000000] #3 [0001000000 - 00015c9e20] TEXT DATA BSS ==> [0001000000 - 00015c9e20]
[ 0.000000] #4 [000009fc00 - 0000100000] BIOS reserved ==> [000009fc00 - 0000100000]
[ 0.000000] #5 [00015ca000 - 00015d01f9] BRK ==> [00015ca000 - 00015d01f9]
[ 0.000000] #6 [0000007000 - 0000008000] PGTABLE ==> [0000007000 - 0000008000]
[ 0.000000] #7 [0000008000 - 000000f000] BOOTMAP ==> [0000008000 - 000000f000]
[ 0.000000] Zone PFN ranges:
[ 0.000000] DMA 0x00000000 -> 0x00001000
[ 0.000000] Normal 0x00001000 -> 0x000377fe
[ 0.000000] HighMem 0x000377fe -> 0x0003f0ea
[ 0.000000] Movable zone start PFN for each node
[ 0.000000] early_node_map[3] active PFN ranges
[ 0.000000] 0: 0x00000000 -> 0x00000002
[ 0.000000] 0: 0x00000006 -> 0x0000009f
[ 0.000000] 0: 0x00000100 -> 0x0003f0ea
[ 0.000000] On node 0 totalpages: 258181
[ 0.000000] free_area_init_node: node 0, pgdat c14b13c0, node_mem_map c15d1000
[ 0.000000] DMA zone: 32 pages used for memmap
[ 0.000000] DMA zone: 0 pages reserved
[ 0.000000] DMA zone: 3963 pages, LIFO batch:0
[ 0.000000] Normal zone: 1744 pages used for memmap
[ 0.000000] Normal zone: 221486 pages, LIFO batch:31
[ 0.000000] HighMem zone: 242 pages used for memmap
[ 0.000000] HighMem zone: 30714 pages, LIFO batch:7
[ 0.000000] Using APIC driver default
[ 0.000000] ACPI: PM-Timer IO Port: 0x408
[ 0.000000] ACPI: Local APIC address 0xfee00000
[ 0.000000] ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x01] lapic_id[0x01] enabled)
[ 0.000000] ACPI: LAPIC_NMI (acpi_id[0x00] high edge lint[0x1])
[ 0.000000] ACPI: LAPIC_NMI (acpi_id[0x01] high edge lint[0x1])
[ 0.000000] ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0])
[ 0.000000] IOAPIC[0]: apic_id 1, version 32, address 0xfec00000, GSI 0-23
[ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
[ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level)
[ 0.000000] ACPI: IRQ0 used by override.
[ 0.000000] ACPI: IRQ2 used by override.
[ 0.000000] ACPI: IRQ9 used by override.
[ 0.000000] Enabling APIC mode: Flat. Using 1 I/O APICs
[ 0.000000] Using ACPI (MADT) for SMP configuration information
[ 0.000000] ACPI: HPET id: 0x8086a201 base: 0xfed00000
[ 0.000000] SMP: Allowing 2 CPUs, 0 hotplug CPUs
[ 0.000000] nr_irqs_gsi: 24
[ 0.000000] PM: Registered nosave memory: 0000000000002000 - 0000000000006000
[ 0.000000] PM: Registered nosave memory: 000000000009f000 - 00000000000a0000
[ 0.000000] PM: Registered nosave memory: 00000000000a0000 - 00000000000e0000
[ 0.000000] PM: Registered nosave memory: 00000000000e0000 - 0000000000100000
[ 0.000000] Allocating PCI resources starting at 40000000 (gap: 40000000:b0000000)
[ 0.000000] NR_CPUS:2 nr_cpumask_bits:2 nr_cpu_ids:2 nr_node_ids:1
[ 0.000000] PERCPU: Embedded 14 pages at c1dc1000, static data 35804 bytes
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 256163
[ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-2.6.31-00749-g332a339 root=/dev/sda1 vga=790 ohci1394_dma=early debug pnpacpi=off pci=routeirq audit=1 selinux=1 enforcing=0 nopat
[ 0.000000] audit: enabled (after initialization)
[ 0.000000] PID hash table entries: 4096 (order: 12, 16384 bytes)
[ 0.000000] Dentry cache hash table entries: 131072 (order: 7, 524288 bytes)
[ 0.000000] Inode-cache hash table entries: 65536 (order: 6, 262144 bytes)
[ 0.000000] Enabling fast FPU save and restore... done.
[ 0.000000] Enabling unmasked SIMD FPU exception support... done.
[ 0.000000] Initializing CPU#0
[ 0.000000] Initializing HighMem for node 0 (000377fe:0003f0ea)
[ 0.000000] Memory: 1017316k/1033128k available (3099k kernel code, 15016k reserved, 1726k data, 416k init, 123824k highmem)
[ 0.000000] virtual kernel memory layout:
[ 0.000000] fixmap : 0xfff92000 - 0xfffff000 ( 436 kB)
[ 0.000000] pkmap : 0xff800000 - 0xffc00000 (4096 kB)
[ 0.000000] vmalloc : 0xf7ffe000 - 0xff7fe000 ( 120 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xf77fe000 ( 887 MB)
[ 0.000000] .init : 0xc14b7000 - 0xc151f000 ( 416 kB)
[ 0.000000] .data : 0xc1306ce5 - 0xc14b6834 (1726 kB)
[ 0.000000] .text : 0xc1000000 - 0xc1306ce5 (3099 kB)
[ 0.000000] Checking if this processor honours the WP bit even in supervisor mode...Ok.
[ 0.000000] SLUB: Genslabs=13, HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[ 0.000000] NR_IRQS:320
[ 0.000000] Extended CMOS year: 2000
[ 0.000000] Fast TSC calibration using PIT
[ 0.000000] Detected 2185.694 MHz processor.
[ 0.000048] Console: colour dummy device 80x25
[ 0.000051] console [tty0] enabled
[ 0.000544] hpet clockevent registered
[ 0.000550] HPET: 3 timers in total, 0 timers will be used for per-cpu timer
[ 0.000558] Calibrating delay loop (skipped), value calculated using timer frequency.. 4371.38 BogoMIPS (lpj=21856940)
[ 0.000592] Security Framework initialized
[ 0.000597] SELinux: Initializing.
[ 0.000608] SELinux: Starting in permissive mode
[ 0.000622] Mount-cache hash table entries: 512
[ 0.000902] CPU: L1 I cache: 32K, L1 D cache: 32K
[ 0.000907] CPU: L2 cache: 4096K
[ 0.000911] CPU: Physical Processor ID: 0
[ 0.000914] CPU: Processor Core ID: 0
[ 0.000919] mce: CPU supports 6 MCE banks
[ 0.000927] CPU0: Thermal monitoring enabled (TM2)
[ 0.000932] using mwait in idle threads.
[ 0.000946] Checking 'hlt' instruction... OK.
[ 0.040323] ACPI: Core revision 20090521
[ 0.058726] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
[ 0.159864] CPU0: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz stepping 06
[ 0.160000] Booting processor 1 APIC 0x1 ip 0x6000
[ 0.010000] Initializing CPU#1
[ 0.010000] Calibrating delay using timer specific routine.. 4322.51 BogoMIPS (lpj=21612580)
[ 0.010000] CPU: L1 I cache: 32K, L1 D cache: 32K
[ 0.010000] CPU: L2 cache: 4096K
[ 0.010000] CPU: Physical Processor ID: 0
[ 0.010000] CPU: Processor Core ID: 1
[ 0.010000] mce: CPU supports 6 MCE banks
[ 0.010000] CPU1: Thermal monitoring enabled (TM2)
[ 0.310575] CPU1: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz stepping 06
[ 0.310605] checking TSC synchronization [CPU#0 -> CPU#1]: passed.
[ 0.320038] Brought up 2 CPUs
[ 0.320044] Total of 2 processors activated (8693.90 BogoMIPS).
[ 0.320109] CPU0 attaching sched-domain:
[ 0.320114] domain 0: span 0-1 level MC
[ 0.320118] groups: 0 1
[ 0.320125] CPU1 attaching sched-domain:
[ 0.320128] domain 0: span 0-1 level MC
[ 0.320132] groups: 1 0
[ 0.320477] NET: Registered protocol family 16
[ 0.320477] EISA bus registered
[ 0.320477] ACPI: bus type pci registered
[ 0.320477] PCI: Using configuration type 1 for base access
[ 0.330106] bio: create slab <bio-0> at 0
[ 0.330994] ACPI: EC: EC description table is found, configuring boot EC
[ 0.331232] ACPI: EC: non-query interrupt received, switching to interrupt mode
[ 0.354556] ACPI: BIOS _OSI(Linux) query ignored
[ 0.355546] ACPI: Interpreter enabled
[ 0.355556] ACPI: (supports S0 S3 S4 S5)
[ 0.355632] ACPI: Using IOAPIC for interrupt routing
[ 0.386991] ACPI: EC: GPE = 0x17, I/O: command/status = 0x66, data = 0x62
[ 0.386991] ACPI: EC: driver started in interrupt mode
[ 0.386991] ACPI: No dock devices found.
[ 0.391912] ACPI: PCI Root Bridge [PCI0] (0000:00)
[ 0.392271] pci 0000:00:01.0: PME# supported from D0 D3hot D3cold
[ 0.392277] pci 0000:00:01.0: PME# disabled
[ 0.392312] pci 0000:00:07.0: reg 10 32bit mmio: [0x50404000-0x50404fff]
[ 0.392424] pci 0000:00:1b.0: reg 10 64bit mmio: [0x50400000-0x50403fff]
[ 0.392487] pci 0000:00:1b.0: PME# supported from D0 D3hot D3cold
[ 0.392494] pci 0000:00:1b.0: PME# disabled
[ 0.392581] pci 0000:00:1c.0: PME# supported from D0 D3hot D3cold
[ 0.392588] pci 0000:00:1c.0: PME# disabled
[ 0.392677] pci 0000:00:1c.1: PME# supported from D0 D3hot D3cold
[ 0.392684] pci 0000:00:1c.1: PME# disabled
[ 0.392773] pci 0000:00:1c.2: PME# supported from D0 D3hot D3cold
[ 0.392780] pci 0000:00:1c.2: PME# disabled
[ 0.392849] pci 0000:00:1d.0: reg 20 io port: [0x4080-0x409f]
[ 0.392918] pci 0000:00:1d.1: reg 20 io port: [0x4060-0x407f]
[ 0.392986] pci 0000:00:1d.2: reg 20 io port: [0x4040-0x405f]
[ 0.393055] pci 0000:00:1d.3: reg 20 io port: [0x4020-0x403f]
[ 0.393127] pci 0000:00:1d.7: reg 10 32bit mmio: [0x50405400-0x504057ff]
[ 0.393193] pci 0000:00:1d.7: PME# supported from D0 D3hot D3cold
[ 0.393201] pci 0000:00:1d.7: PME# disabled
[ 0.393373] pci 0000:00:1f.0: quirk: region 0400-047f claimed by ICH6 ACPI/GPIO/TCO
[ 0.393381] pci 0000:00:1f.0: quirk: region 0500-053f claimed by ICH6 GPIO
[ 0.393387] pci 0000:00:1f.0: ICH7 LPC Generic IO decode 1 PIO at 0680 (mask 000f)
[ 0.393395] pci 0000:00:1f.0: ICH7 LPC Generic IO decode 2 PIO at 1640 (mask 000f)
[ 0.393404] pci 0000:00:1f.0: ICH7 LPC Generic IO decode 4 PIO at 0300 (mask 001f)
[ 0.393461] pci 0000:00:1f.1: reg 10 io port: [0x40d8-0x40df]
[ 0.393471] pci 0000:00:1f.1: reg 14 io port: [0x40ec-0x40ef]
[ 0.393481] pci 0000:00:1f.1: reg 18 io port: [0x40d0-0x40d7]
[ 0.393491] pci 0000:00:1f.1: reg 1c io port: [0x40e8-0x40eb]
[ 0.393501] pci 0000:00:1f.1: reg 20 io port: [0x40b0-0x40bf]
[ 0.393561] pci 0000:00:1f.2: reg 10 io port: [0x40c8-0x40cf]
[ 0.393571] pci 0000:00:1f.2: reg 14 io port: [0x40e4-0x40e7]
[ 0.393581] pci 0000:00:1f.2: reg 18 io port: [0x40c0-0x40c7]
[ 0.393591] pci 0000:00:1f.2: reg 1c io port: [0x40e0-0x40e3]
[ 0.393601] pci 0000:00:1f.2: reg 20 io port: [0x40a0-0x40af]
[ 0.393611] pci 0000:00:1f.2: reg 24 32bit mmio: [0x50405000-0x504053ff]
[ 0.393643] pci 0000:00:1f.2: PME# supported from D3hot
[ 0.393650] pci 0000:00:1f.2: PME# disabled
[ 0.393715] pci 0000:00:1f.3: reg 20 io port: [0xefa0-0xefbf]
[ 0.393788] pci 0000:01:00.0: reg 10 32bit mmio: [0x40000000-0x47ffffff]
[ 0.393798] pci 0000:01:00.0: reg 14 io port: [0x3000-0x30ff]
[ 0.393809] pci 0000:01:00.0: reg 18 32bit mmio: [0x50300000-0x5030ffff]
[ 0.393830] pci 0000:01:00.0: reg 30 32bit mmio: [0xfffe0000-0xffffffff]
[ 0.393854] pci 0000:01:00.0: supports D1 D2
[ 0.393916] pci 0000:00:01.0: bridge io port: [0x3000-0x3fff]
[ 0.393921] pci 0000:00:01.0: bridge 32bit mmio: [0x50300000-0x503fffff]
[ 0.393928] pci 0000:00:01.0: bridge 64bit mmio pref: [0x40000000-0x47ffffff]
[ 0.394019] pci 0000:02:00.0: reg 10 64bit mmio: [0x50200000-0x50203fff]
[ 0.394032] pci 0000:02:00.0: reg 18 io port: [0x2000-0x20ff]
[ 0.394070] pci 0000:02:00.0: reg 30 32bit mmio: [0xfffe0000-0xffffffff]
[ 0.394126] pci 0000:02:00.0: supports D1 D2
[ 0.394130] pci 0000:02:00.0: PME# supported from D0 D1 D2 D3hot D3cold
[ 0.394139] pci 0000:02:00.0: PME# disabled
[ 0.394203] pci 0000:00:1c.0: bridge io port: [0x2000-0x2fff]
[ 0.394210] pci 0000:00:1c.0: bridge 32bit mmio: [0x50200000-0x502fffff]
[ 0.394290] pci 0000:03:00.0: reg 10 64bit mmio: [0x50100000-0x5010ffff]
[ 0.394384] pci 0000:03:00.0: supports D1
[ 0.394388] pci 0000:03:00.0: PME# supported from D0 D1 D3hot
[ 0.394396] pci 0000:03:00.0: PME# disabled
[ 0.394473] pci 0000:00:1c.1: bridge 32bit mmio: [0x50100000-0x501fffff]
[ 0.394548] pci 0000:00:1c.2: bridge io port: [0x1000-0x1fff]
[ 0.394555] pci 0000:00:1c.2: bridge 32bit mmio: [0x4c100000-0x500fffff]
[ 0.394565] pci 0000:00:1c.2: bridge 64bit mmio pref: [0x48000000-0x4bffffff]
[ 0.394626] pci 0000:0c:03.0: reg 10 32bit mmio: [0x4c004000-0x4c0047ff]
[ 0.394638] pci 0000:0c:03.0: reg 14 32bit mmio: [0x4c000000-0x4c003fff]
[ 0.394704] pci 0000:0c:03.0: supports D1 D2
[ 0.394708] pci 0000:0c:03.0: PME# supported from D0 D1 D2 D3hot
[ 0.394715] pci 0000:0c:03.0: PME# disabled
[ 0.394777] pci 0000:00:1e.0: transparent bridge
[ 0.394787] pci 0000:00:1e.0: bridge 32bit mmio: [0x4c000000-0x4c0fffff]
[ 0.394824] pci_bus 0000:00: on NUMA node 0
[ 0.394834] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
[ 0.395742] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.PEGP._PRT]
[ 0.396062] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.RP01._PRT]
[ 0.396377] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.RP02._PRT]
[ 0.396692] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.RP03._PRT]
[ 0.397060] ACPI: PCI Interrupt Routing Table [\_SB_.PCI0.PCIB._PRT]
[ 0.420213] ACPI: PCI Interrupt Link [LNKA] (IRQs 1 3 4 5 6 7 10 12 14 15) *11
[ 0.420475] ACPI: PCI Interrupt Link [LNKB] (IRQs 1 3 4 5 6 7 *11 12 14 15)
[ 0.420733] ACPI: PCI Interrupt Link [LNKC] (IRQs 1 3 4 5 6 7 10 12 14 15) *11
[ 0.420991] ACPI: PCI Interrupt Link [LNKD] (IRQs 1 3 4 5 6 7 *11 12 14 15)
[ 0.421247] ACPI: PCI Interrupt Link [LNKE] (IRQs 1 3 4 5 6 7 10 12 14 15) *0, disabled.
[ 0.421504] ACPI: PCI Interrupt Link [LNKF] (IRQs 1 3 4 5 6 7 11 12 14 15) *0, disabled.
[ 0.421760] ACPI: PCI Interrupt Link [LNKG] (IRQs 1 3 4 5 6 7 *10 12 14 15)
[ 0.422014] ACPI: PCI Interrupt Link [LNKH] (IRQs 3 4 5 6 7 *11 12 14 15)
[ 0.422117] SCSI subsystem initialized
[ 0.422117] libata version 3.00 loaded.
[ 0.422117] usbcore: registered new interface driver usbfs
[ 0.422117] usbcore: registered new interface driver hub
[ 0.422117] usbcore: registered new device driver usb
[ 0.422117] PCI: Using ACPI for IRQ routing
[ 0.422117] PCI: Routing PCI interrupts for all devices because "pci=routeirq" specified
[ 0.422117] pci 0000:00:01.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
[ 0.422117] pci 0000:00:07.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
[ 0.422117] pci 0000:00:1b.0: PCI INT A -> GSI 22 (level, low) -> IRQ 22
[ 0.422117] pci 0000:00:1c.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
[ 0.422117] pci 0000:00:1c.1: PCI INT B -> GSI 16 (level, low) -> IRQ 16
[ 0.422117] pci 0000:00:1c.2: PCI INT C -> GSI 18 (level, low) -> IRQ 18
[ 0.422117] pci 0000:00:1d.0: PCI INT A -> GSI 23 (level, low) -> IRQ 23
[ 0.422117] pci 0000:00:1d.1: PCI INT B -> GSI 19 (level, low) -> IRQ 19
[ 0.422117] pci 0000:00:1d.2: PCI INT C -> GSI 18 (level, low) -> IRQ 18
[ 0.422117] pci 0000:00:1d.3: PCI INT D -> GSI 16 (level, low) -> IRQ 16
[ 0.422117] pci 0000:00:1d.7: PCI INT A -> GSI 23 (level, low) -> IRQ 23
[ 0.422117] pci 0000:00:1f.1: PCI INT A -> GSI 18 (level, low) -> IRQ 18
[ 0.422117] pci 0000:00:1f.2: PCI INT B -> GSI 19 (level, low) -> IRQ 19
[ 0.422117] pci 0000:00:1f.3: PCI INT B -> GSI 19 (level, low) -> IRQ 19
[ 0.422117] pci 0000:01:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
[ 0.422117] pci 0000:02:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
[ 0.422117] pci 0000:03:00.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
[ 0.422117] pci 0000:0c:03.0: PCI INT A -> GSI 19 (level, low) -> IRQ 19
[ 0.610073] cfg80211: Using static regulatory domain info
[ 0.610073] cfg80211: Regulatory domain: US
[ 0.610073] (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
[ 0.610073] (2402000 KHz - 2472000 KHz @ 40000 KHz), (600 mBi, 2700 mBm)
[ 0.610073] (5170000 KHz - 5190000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
[ 0.610076] (5190000 KHz - 5210000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
[ 0.610080] (5210000 KHz - 5230000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
[ 0.610085] (5230000 KHz - 5330000 KHz @ 40000 KHz), (600 mBi, 2300 mBm)
[ 0.610090] (5735000 KHz - 5835000 KHz @ 40000 KHz), (600 mBi, 3000 mBm)
[ 0.610099] cfg80211: Calling CRDA for country: US
[ 0.610127] NetLabel: Initializing
[ 0.610127] NetLabel: domain hash size = 128
[ 0.610127] NetLabel: protocols = UNLABELED CIPSOv4
[ 0.610140] NetLabel: unlabeled traffic allowed by default
[ 0.610153] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
[ 0.610161] hpet0: 3 comparators, 64-bit 14.318180 MHz counter
[ 0.630006] Switched to high resolution mode on CPU 0
[ 0.630859] Switched to high resolution mode on CPU 1
[ 0.660031] pnp: PnP ACPI: disabled
[ 0.695641] pci 0000:01:00.0: BAR 6: no parent found for of device [0xfffe0000-0xffffffff]
[ 0.695650] pci 0000:02:00.0: BAR 6: no parent found for of device [0xfffe0000-0xffffffff]
[ 0.695709] pci 0000:00:01.0: PCI bridge, secondary bus 0000:01
[ 0.695714] pci 0000:00:01.0: IO window: 0x3000-0x3fff
[ 0.695720] pci 0000:00:01.0: MEM window: 0x50300000-0x503fffff
[ 0.695726] pci 0000:00:01.0: PREFETCH window: 0x00000040000000-0x00000047ffffff
[ 0.695736] pci 0000:00:1c.0: PCI bridge, secondary bus 0000:02
[ 0.695741] pci 0000:00:1c.0: IO window: 0x2000-0x2fff
[ 0.695750] pci 0000:00:1c.0: MEM window: 0x50200000-0x502fffff
[ 0.695757] pci 0000:00:1c.0: PREFETCH window: 0x50500000-0x505fffff
[ 0.695765] pci 0000:00:1c.1: PCI bridge, secondary bus 0000:03
[ 0.695769] pci 0000:00:1c.1: IO window: disabled
[ 0.695777] pci 0000:00:1c.1: MEM window: 0x50100000-0x501fffff
[ 0.695784] pci 0000:00:1c.1: PREFETCH window: disabled
[ 0.695790] pci 0000:00:1c.2: PCI bridge, secondary bus 0000:04
[ 0.695796] pci 0000:00:1c.2: IO window: 0x1000-0x1fff
[ 0.695805] pci 0000:00:1c.2: MEM window: 0x4c100000-0x500fffff
[ 0.695812] pci 0000:00:1c.2: PREFETCH window: 0x00000048000000-0x0000004bffffff
[ 0.695823] pci 0000:00:1e.0: PCI bridge, secondary bus 0000:0c
[ 0.695827] pci 0000:00:1e.0: IO window: disabled
[ 0.695835] pci 0000:00:1e.0: MEM window: 0x4c000000-0x4c0fffff
[ 0.695842] pci 0000:00:1e.0: PREFETCH window: disabled
[ 0.695855] pci 0000:00:01.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
[ 0.695862] pci 0000:00:01.0: setting latency timer to 64
[ 0.695872] pci 0000:00:1c.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
[ 0.695879] pci 0000:00:1c.0: setting latency timer to 64
[ 0.695890] pci 0000:00:1c.1: PCI INT B -> GSI 16 (level, low) -> IRQ 16
[ 0.695898] pci 0000:00:1c.1: setting latency timer to 64
[ 0.695908] pci 0000:00:1c.2: PCI INT C -> GSI 18 (level, low) -> IRQ 18
[ 0.695916] pci 0000:00:1c.2: setting latency timer to 64
[ 0.696072] pci 0000:00:1e.0: power state changed by ACPI to D0
[ 0.696081] pci 0000:00:1e.0: setting latency timer to 64
[ 0.696088] pci_bus 0000:00: resource 0 io: [0x00-0xffff]
[ 0.696092] pci_bus 0000:00: resource 1 mem: [0x000000-0xffffffff]
[ 0.696097] pci_bus 0000:01: resource 0 io: [0x3000-0x3fff]
[ 0.696101] pci_bus 0000:01: resource 1 mem: [0x50300000-0x503fffff]
[ 0.696106] pci_bus 0000:01: resource 2 pref mem [0x40000000-0x47ffffff]
[ 0.696110] pci_bus 0000:02: resource 0 io: [0x2000-0x2fff]
[ 0.696115] pci_bus 0000:02: resource 1 mem: [0x50200000-0x502fffff]
[ 0.696119] pci_bus 0000:02: resource 2 pref mem [0x50500000-0x505fffff]
[ 0.696124] pci_bus 0000:03: resource 1 mem: [0x50100000-0x501fffff]
[ 0.696128] pci_bus 0000:04: resource 0 io: [0x1000-0x1fff]
[ 0.696133] pci_bus 0000:04: resource 1 mem: [0x4c100000-0x500fffff]
[ 0.696137] pci_bus 0000:04: resource 2 pref mem [0x48000000-0x4bffffff]
[ 0.696142] pci_bus 0000:0c: resource 1 mem: [0x4c000000-0x4c0fffff]
[ 0.696147] pci_bus 0000:0c: resource 3 io: [0x00-0xffff]
[ 0.696151] pci_bus 0000:0c: resource 4 mem: [0x000000-0xffffffff]
[ 0.696189] NET: Registered protocol family 2
[ 0.696283] IP route cache hash table entries: 32768 (order: 5, 131072 bytes)
[ 0.696661] TCP established hash table entries: 131072 (order: 8, 1048576 bytes)
[ 0.697149] TCP bind hash table entries: 65536 (order: 8, 1310720 bytes)
[ 0.697787] TCP: Hash tables configured (established 131072 bind 65536)
[ 0.697792] TCP reno registered
[ 0.697927] NET: Registered protocol family 1
[ 0.698823] platform rtc_cmos: registered platform RTC device (no PNP device found)
[ 0.701200] microcode: CPU0 sig=0x6f6, pf=0x20, revision=0xc7
[ 0.701212] microcode: CPU1 sig=0x6f6, pf=0x20, revision=0xc7
[ 0.701337] Microcode Update Driver: v2.00 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
[ 0.701344] Scanning for low memory corruption every 60 seconds
[ 0.702876] Initializing RT-Tester: OK
[ 0.703005] audit: initializing netlink socket (enabled)
[ 0.703033] type=2000 audit(1252696088.700:1): initialized
[ 0.712473] highmem bounce pool size: 64 pages
[ 0.712482] HugeTLB registered 4 MB page size, pre-allocated 0 pages
[ 0.730152] ROMFS MTD (C) 2007 Red Hat, Inc.
[ 0.730456] fuse init (API version 7.12)
[ 0.731128] msgmni has been set to 1745
[ 0.731386] SELinux: Registering netfilter hooks
[ 0.732442] alg: No test for stdrng (krng)
[ 0.732461] io scheduler noop registered
[ 0.732809] io scheduler cfq registered (default)
[ 0.732951] pci 0000:01:00.0: Boot video device
[ 0.733746] vesafb: framebuffer at 0x40000000, mapped to 0xf8100000, using 3072k, total 16384k
[ 0.733753] vesafb: mode is 1024x768x16, linelength=2048, pages=9
[ 0.733757] vesafb: protected mode interface info at c000:ad0c
[ 0.733762] vesafb: pmi: set display start = c00cad94, set palette = c00cae50
[ 0.733766] vesafb: scrolling: redraw
[ 0.733770] vesafb: Truecolor: size=0:5:5:5, shift=0:10:5:0
[ 0.757891] Console: switching to colour frame buffer device 128x48
[ 0.779845] fb0: VESA VGA frame buffer device
[ 0.796815] loop: module loaded
[ 0.797137] input: Macintosh mouse button emulation as /devices/virtual/input/input0
[ 0.798307] ata_piix 0000:00:1f.1: version 2.13
[ 0.798604] ata_piix 0000:00:1f.1: power state changed by ACPI to D0
[ 0.798899] ata_piix 0000:00:1f.1: PCI INT A -> GSI 18 (level, low) -> IRQ 18
[ 0.799267] ata_piix 0000:00:1f.1: setting latency timer to 64
[ 0.799619] scsi0 : ata_piix
[ 0.800446] scsi1 : ata_piix
[ 0.802584] ata1: PATA max UDMA/100 cmd 0x1f0 ctl 0x3f6 bmdma 0x40b0 irq 14
[ 0.802900] ata2: PATA max UDMA/100 cmd 0x170 ctl 0x376 bmdma 0x40b8 irq 15
[ 0.803239] ata_piix 0000:00:1f.2: PCI INT B -> GSI 19 (level, low) -> IRQ 19
[ 0.803566] ata_piix 0000:00:1f.2: MAP [ P0 P2 -- -- ]
[ 0.960018] ata_piix 0000:00:1f.2: setting latency timer to 64
[ 0.971751] scsi2 : ata_piix
[ 0.972206] scsi3 : ata_piix
[ 0.975770] ata3: SATA max UDMA/133 cmd 0x40c8 ctl 0x40e4 bmdma 0x40a0 irq 19
[ 0.976094] ata4: SATA max UDMA/133 cmd 0x40c0 ctl 0x40e0 bmdma 0x40a8 irq 19
[ 0.984649] usbcore: registered new interface driver usblcd
[ 0.993294] ata1.00: ATAPI: MATSHITADVD-R UJ-857D, KCV9, max UDMA/66
[ 1.001592] usbcore: registered new interface driver usbled
[ 1.010086] PNP: No PS/2 controller found. Probing ports directly.
[ 1.019098] i8042.c: No controller found.
[ 1.027661] mice: PS/2 mouse device common for all mice
[ 1.035907] Linux video capture interface: v2.00
[ 1.044408] ata1.00: configured for UDMA/66
[ 1.053861] device-mapper: ioctl: 4.15.0-ioctl (2009-04-01) initialised: dm-devel@redhat.com
[ 1.062197] EDAC MC: Ver: 2.1.0 Sep 11 2009
[ 1.062212] scsi 0:0:0:0: CD-ROM MATSHITA DVD-R UJ-857D KCV9 PQ: 0 ANSI: 5
[ 1.079894] EISA: Probing bus 0 at eisa.0
[ 1.088620] cpuidle: using governor ladder
[ 1.097157] cpuidle: using governor menu
[ 1.107691] sr0: scsi3-mmc drive: 24x/24x writer cd/rw xa/form2 cdda tray
[ 1.116490] Uniform CD-ROM driver Revision: 3.20
[ 1.125543] sr 0:0:0:0: Attached scsi CD-ROM sr0
[ 1.126407] usbcore: registered new interface driver hiddev
[ 1.126511] usbcore: registered new interface driver usbhid
[ 1.126514] usbhid: v2.6:USB HID core driver
[ 1.126632] Advanced Linux Sound Architecture Driver Version 1.0.21.
[ 1.126634] ALSA device list:
[ 1.126635] No soundcards found.
[ 1.126829] oprofile: using NMI interrupt.
[ 1.127098] IPVS: Registered protocols (TCP, AH, ESP)
[ 1.127283] IPVS: Connection hash table configured (size=4096, memory=32Kbytes)
[ 1.127313] IPVS: ipvs loaded.
[ 1.127656] Initializing XFRM netlink socket
[ 1.127670] NET: Registered protocol family 17
[ 1.127677] NET: Registered protocol family 15
[ 1.127693] lib80211: common routines for IEEE802.11 drivers
[ 1.127696] lib80211_crypt: registered algorithm 'NULL'
[ 1.127698] lib80211_crypt: registered algorithm 'WEP'
[ 1.127700] lib80211_crypt: registered algorithm 'CCMP'
[ 1.127702] lib80211_crypt: registered algorithm 'TKIP'
[ 1.127726] Using IPI No-Shortcut mode
[ 1.286179] sr 0:0:0:0: Attached scsi generic sg0 type 5
[ 1.330499] ata3.01: ATA-8: FUJITSU MHW2120BH, 00810013, max UDMA/100
[ 1.338198] ata3.01: 234441648 sectors, multi 16: LBA48 NCQ (depth 0/32)
[ 1.390518] ata3.01: configured for UDMA/100
[ 1.398432] scsi 2:0:1:0: Direct-Access ATA FUJITSU MHW2120B 0081 PQ: 0 ANSI: 5
[ 1.406926] sd 2:0:1:0: [sda] 234441648 512-byte logical blocks: (120 GB/111 GiB)
[ 1.412714] sd 2:0:1:0: Attached scsi generic sg1 type 0
[ 1.423294] sd 2:0:1:0: [sda] Write Protect is off
[ 1.431256] sd 2:0:1:0: [sda] Mode Sense: 00 3a 00 00
[ 1.439116] sd 2:0:1:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
[ 1.447400] sda: sda1 sda2
[ 1.456221] sd 2:0:1:0: [sda] Attached SCSI disk
[ 1.466533] kjournald starting. Commit interval 5 seconds
[ 1.474540] EXT3-fs: mounted filesystem with writeback data mode.
[ 1.482654] VFS: Mounted root (ext3 filesystem) readonly on device 8:1.
[ 1.490728] Freeing unused kernel memory: 416k freed
[ 2.167453] SELinux: 8192 avtab hash slots, 163855 rules.
[ 2.273533] SELinux: 8192 avtab hash slots, 163855 rules.
[ 2.479072] SELinux: 7 users, 13 roles, 2948 types, 104 bools
[ 2.486784] SELinux: 75 classes, 163855 rules
[ 2.501296] SELinux: permission module_request in class system not defined in policy
[ 2.509304] SELinux: the above unknown classes and permissions will be denied
[ 2.517168] SELinux: Completing initialization.
[ 2.524975] SELinux: Setting up existing superblocks.
[ 2.568640] SELinux: initialized (dev sda1, type ext3), uses xattr
[ 2.576806] SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts
[ 2.584902] SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs
[ 2.592941] SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses genfs_contexts
[ 2.600979] SELinux: initialized (dev devpts, type devpts), uses transition SIDs
[ 2.609100] SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts
[ 2.617323] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 2.625553] SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses genfs_contexts
[ 2.633811] SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
[ 2.641989] SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts
[ 2.650454] SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
[ 2.658725] SELinux: initialized (dev proc, type proc), uses genfs_contexts
[ 2.667171] SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
[ 2.675467] SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
[ 2.683802] SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
[ 2.806496] type=1403 audit(1252696090.800:2): policy loaded auid=4294967295 ses=4294967295
[ 3.603799] ohci1394 0000:0c:03.0: PCI INT A -> GSI 19 (level, low) -> IRQ 19
[ 3.671039] ohci1394: fw-host0: OHCI-1394 1.1 (PCI): IRQ=[19] MMIO=[4c004000-4c0047ff] Max Packet=[4096] IR/IT contexts=[4/8]
[ 3.699954] ieee1394: raw1394: /dev/raw1394 device initialized
[ 3.728483] applesmc: Apple MacBook Pro detected:
[ 3.738148] applesmc: - Model with accelerometer
[ 3.747792] applesmc: - Model with light sensors and backlight
[ 3.757472] applesmc: - Model with 12 temperature sensors
[ 3.767996] applesmc: device has already been initialized (0xe0, 0x00).
[ 3.767998] applesmc: device successfully initialized.
[ 3.778109] applesmc: 2 fans found.
[ 3.788872] input: applesmc as /devices/platform/applesmc.768/input/input1
[ 3.798610] Registered led device: smc::kbd_backlight
[ 3.808314] applesmc: driver successfully loaded.
[ 3.834509] usbcore: registered new interface driver appletouch
[ 3.851832] ACPI: SSDT 3feb8c10 002AE (v01 APPLE Cpu0Ist 00003000 INTL 20050309)
[ 3.862695] ACPI: SSDT 3feb8910 002A0 (v01 APPLE Cpu0Cst 00003001 INTL 20050309)
[ 3.873438] Monitor-Mwait will be used to enter C-1 state
[ 3.873475] Monitor-Mwait will be used to enter C-2 state
[ 3.873510] Monitor-Mwait will be used to enter C-3 state
[ 3.873522] Marking TSC unstable due to TSC halts in idle
[ 3.884151] ACPI: CPU0 (power states: C1[C1] C2[C2] C3[C3])
[ 3.894475] processor LNXCPU:00: registered as cooling_device0
[ 3.904767] ACPI: Processor [CPU0] (supports 8 throttling states)
[ 3.916531] ACPI: SSDT 3feb8f10 00087 (v01 APPLE Cpu1Ist 00003000 INTL 20050309)
[ 3.927821] ACPI: SSDT 3feb7f10 00085 (v01 APPLE Cpu1Cst 00003000 INTL 20050309)
[ 3.939608] ACPI: CPU1 (power states: C1[C1] C2[C2] C3[C3])
[ 3.950086] processor LNXCPU:01: registered as cooling_device1
[ 3.960347] ACPI: Processor [CPU1] (supports 8 throttling states)
[ 4.068444] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 4.132864] nf_conntrack version 0.5.0 (16142 buckets, 64568 max)
[ 4.147725] CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
[ 4.158626] nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
[ 4.169611] sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
[ 4.188657] arp_tables: (C) 2002 David S. Miller
[ 4.248323] usbcore: registered new interface driver isight_firmware
[ 4.302559] usbcore: registered new interface driver uvcvideo
[ 4.317790] USB Video Class driver (v0.1.0)
[ 4.379452] ipmi message handler version 39.2
[ 4.412416] IPMI Watchdog: driver initialized
[ 4.452469] Bluetooth: Core ver 2.15
[ 4.468360] NET: Registered protocol family 31
[ 4.480134] Bluetooth: HCI device and connection manager initialized
[ 4.491893] Bluetooth: HCI socket layer initialized
[ 4.521871] Bluetooth: L2CAP ver 2.13
[ 4.536935] Bluetooth: L2CAP socket layer initialized
[ 4.559590] Bluetooth: HIDP (Human Interface Emulation) ver 1.2
[ 4.591212] Bluetooth: Generic Bluetooth USB driver ver 0.5
[ 4.606000] usbcore: registered new interface driver btusb
[ 4.632094] Bluetooth: RFCOMM TTY layer initialized
[ 4.646280] Bluetooth: RFCOMM socket layer initialized
[ 4.660436] Bluetooth: RFCOMM ver 1.11
[ 4.692175] Bluetooth: HCI UART driver ver 2.2
[ 4.706310] Bluetooth: HCI H4 protocol initialized
[ 4.720743] Bluetooth: HCI BCSP protocol initialized
[ 4.739769] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 4.754382] ehci_hcd 0000:00:1d.7: PCI INT A -> GSI 23 (level, low) -> IRQ 23
[ 4.769049] ehci_hcd 0000:00:1d.7: setting latency timer to 64
[ 4.769057] ehci_hcd 0000:00:1d.7: EHCI Host Controller
[ 4.783502] ehci_hcd 0000:00:1d.7: new USB bus registered, assigned bus number 1
[ 4.801950] ehci_hcd 0000:00:1d.7: debug port 1
[ 4.816253] ehci_hcd 0000:00:1d.7: cache line size of 32 is not supported
[ 4.816306] ehci_hcd 0000:00:1d.7: irq 23, io mem 0x50405400
[ 4.852698] ehci_hcd 0000:00:1d.7: USB 2.0 started, EHCI 1.00
[ 4.866977] usb usb1: configuration #1 chosen from 1 choice
[ 4.877477] hub 1-0:1.0: USB hub found
[ 4.887673] hub 1-0:1.0: 8 ports detected
[ 4.916649] uhci_hcd: USB Universal Host Controller Interface driver
[ 4.930721] uhci_hcd 0000:00:1d.0: PCI INT A -> GSI 23 (level, low) -> IRQ 23
[ 4.944424] uhci_hcd 0000:00:1d.0: setting latency timer to 64
[ 4.944433] uhci_hcd 0000:00:1d.0: UHCI Host Controller
[ 4.958147] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 2
[ 4.971917] uhci_hcd 0000:00:1d.0: irq 23, io base 0x00004080
[ 4.986075] usb usb2: configuration #1 chosen from 1 choice
[ 4.996519] hub 2-0:1.0: USB hub found
[ 5.006555] hub 2-0:1.0: 2 ports detected
[ 5.016496] uhci_hcd 0000:00:1d.1: PCI INT B -> GSI 19 (level, low) -> IRQ 19
[ 5.026186] uhci_hcd 0000:00:1d.1: setting latency timer to 64
[ 5.026191] uhci_hcd 0000:00:1d.1: UHCI Host Controller
[ 5.035675] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 3
[ 5.045189] uhci_hcd 0000:00:1d.1: irq 19, io base 0x00004060
[ 5.054750] usb usb3: configuration #1 chosen from 1 choice
[ 5.063963] hub 3-0:1.0: USB hub found
[ 5.072716] hub 3-0:1.0: 2 ports detected
[ 5.073077] ieee1394: Host added: ID:BUS[0-00:1023] GUID[0019e3fffe2ad87e]
[ 5.081520] uhci_hcd 0000:00:1d.2: PCI INT C -> GSI 18 (level, low) -> IRQ 18
[ 5.090228] uhci_hcd 0000:00:1d.2: setting latency timer to 64
[ 5.090233] uhci_hcd 0000:00:1d.2: UHCI Host Controller
[ 5.098704] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 4
[ 5.107499] uhci_hcd 0000:00:1d.2: irq 18, io base 0x00004040
[ 5.116305] usb usb4: configuration #1 chosen from 1 choice
[ 5.124941] hub 4-0:1.0: USB hub found
[ 5.133383] hub 4-0:1.0: 2 ports detected
[ 5.142006] uhci_hcd 0000:00:1d.3: PCI INT D -> GSI 16 (level, low) -> IRQ 16
[ 5.150675] uhci_hcd 0000:00:1d.3: setting latency timer to 64
[ 5.150679] uhci_hcd 0000:00:1d.3: UHCI Host Controller
[ 5.159291] uhci_hcd 0000:00:1d.3: new USB bus registered, assigned bus number 5
[ 5.168036] uhci_hcd 0000:00:1d.3: irq 16, io base 0x00004020
[ 5.176746] usb usb5: configuration #1 chosen from 1 choice
[ 5.185294] hub 5-0:1.0: USB hub found
[ 5.193568] hub 5-0:1.0: 2 ports detected
[ 5.226015] Linux agpgart interface v0.103
[ 5.279848] [drm] Initialized drm 1.1.0 20060810
[ 5.362697] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 5.392615] usb 1-4: new high speed USB device using ehci_hcd and address 4
[ 5.551682] usb 1-4: configuration #1 chosen from 1 choice
[ 5.563154] uvcvideo: Found UVC 1.00 device Built-in iSight (05ac:8501)
[ 5.574047] uvcvideo: UVC non compliance - GET_DEF(PROBE) not supported. Enabling workaround.
[ 5.809635] udev: starting version 145
[ 6.048794] i801_smbus 0000:00:1f.3: PCI INT B -> GSI 19 (level, low) -> IRQ 19
[ 6.058577] ACPI: I/O resource 0000:00:1f.3 [0xefa0-0xefbf] conflicts with ACPI region SMBI [0xefa0-0xefaf]
[ 6.068465] ACPI: Device needs an ACPI driver
[ 6.078252] i801_smbus: probe of 0000:00:1f.3 failed with error -16
[ 6.111718] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input2
[ 6.121846] ACPI: Power Button [PWRF]
[ 6.131841] input: Lid Switch as /devices/LNXSYSTM:00/device:00/PNP0C0D:00/input/input3
[ 6.150067] usb 2-2: new full speed USB device using uhci_hcd and address 2
[ 6.276410] ACPI: Lid Switch [LID0]
[ 6.288083] power_supply ADP1: uevent
[ 6.288085] power_supply ADP1: No power supply yet
[ 6.288108] power_supply ADP1: power_supply_changed
[ 6.288112] ACPI: AC Adapter [ADP1] (on-line)
[ 6.298541] power_supply ADP1: power_supply_changed_work
[ 6.298545] power_supply ADP1: power_supply_update_gen_leds 1
[ 6.298561] power_supply ADP1: uevent
[ 6.298563] power_supply ADP1: POWER_SUPPLY_NAME=ADP1
[ 6.298567] power_supply ADP1: Static prop TYPE=Mains
[ 6.298571] power_supply ADP1: 1 dynamic props
[ 6.298574] power_supply ADP1: prop ONLINE=1
[ 6.303537] ath9k 0000:03:00.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
[ 6.313171] ath9k 0000:03:00.0: setting latency timer to 64
[ 6.445516] ath: EEPROM regdomain: 0x64
[ 6.445517] ath: EEPROM indicates we should expect a direct regpair map
[ 6.445521] ath: Country alpha2 being used: 00
[ 6.445522] ath: Regpair used: 0x64
[ 6.463629] usb 2-2: configuration #1 chosen from 1 choice
[ 6.475277] type=1400 audit(1252696094.297:3): avc: denied { module_request } for pid=965 comm="modprobe" scontext=system_u:system_r:insmod_t tcontext=system_u:system_r:kernel_t tclass=system
[ 6.498630] sky2 driver version 1.23
[ 6.500221] phy0: Selected rate control algorithm 'ath9k_rate_control'
[ 6.500780] Registered led device: ath9k-phy0::radio
[ 6.500825] Registered led device: ath9k-phy0::assoc
[ 6.500868] Registered led device: ath9k-phy0::tx
[ 6.500912] Registered led device: ath9k-phy0::rx
[ 6.500939] phy0: Atheros AR5418 MAC/BB Rev:2 AR5133 RF Rev:81: mem=0xf8b40000, irq=17
[ 6.559396] sky2 0000:02:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
[ 6.569665] sky2 0000:02:00.0: setting latency timer to 64
[ 6.569707] sky2 0000:02:00.0: Yukon-2 EC chip revision 2
[ 6.570096] input: Apple Computer Apple Internal Keyboard / Trackpad as /devices/pci0000:00/0000:00:1d.0/usb2/2-2/2-2:1.0/input/input4
[ 6.570181] apple 0003:05AC:021A.0001: input: USB HID v1.11 Keyboard [Apple Computer Apple Internal Keyboard / Trackpad] on usb-0000:00:1d.0-2/input0
[ 6.623516] sky2 0000:02:00.0: irq 24 for MSI/MSI-X
[ 6.624903] sky2 eth0: addr 00:17:f2:cb:e3:71
[ 6.637588] appletouch: Geyser mode initialized.
[ 6.649070] input: appletouch as /devices/pci0000:00/0000:00:1d.0/usb2/2-2/2-2:1.1/input/input5
[ 6.667771] input: Apple Computer Apple Internal Keyboard / Trackpad as /devices/pci0000:00/0000:00:1d.0/usb2/2-2/2-2:1.2/input/input6
[ 6.691655] apple 0003:05AC:021A.0002: input: USB HID v1.11 Device [Apple Computer Apple Internal Keyboard / Trackpad] on usb-0000:00:1d.0-2/input2
[ 6.779662] power_supply BAT0: uevent
[ 6.779669] power_supply BAT0: No power supply yet
[ 6.779767] power_supply BAT0: power_supply_changed
[ 6.780218] power_supply BAT0: power_supply_changed_work
[ 6.859994] ACPI: Battery Slot [BAT0] (battery present)
[ 6.873350] type=1300 audit(1252696094.297:3): arch=40000003 syscall=128 success=yes exit=0 a0=b7e64008 a1=36eb8 a2=805e458 a3=0 items=0 ppid=863 pid=965 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="modprobe" exe="/sbin/modprobe" subj=system_u:system_r:insmod_t key=(null)
[ 6.873501] input: Power Button as /devices/LNXSYSTM:00/device:00/PNP0C0C:00/input/input7
[ 6.873593] ACPI: Power Button [PWRB]
[ 6.873709] input: Sleep Button as /devices/LNXSYSTM:00/device:00/PNP0C0E:00/input/input8
[ 6.873764] ACPI: Sleep Button [SLPB]
[ 7.008345] HDA Intel 0000:00:1b.0: PCI INT A -> GSI 22 (level, low) -> IRQ 22
[ 7.021900] HDA Intel 0000:00:1b.0: setting latency timer to 64
[ 7.030279] usb 3-1: new low speed USB device using uhci_hcd and address 2
[ 7.054565] power_supply BAT0: power_supply_update_bat_leds 0
[ 7.054592] power_supply BAT0: uevent
[ 7.054595] power_supply BAT0: POWER_SUPPLY_NAME=BAT0
[ 7.054603] power_supply BAT0: Static prop TYPE=Battery
[ 7.054608] power_supply BAT0: 13 dynamic props
[ 7.054613] power_supply BAT0: prop STATUS=Unknown
[ 7.054620] power_supply BAT0: prop PRESENT=1
[ 7.054627] power_supply BAT0: prop TECHNOLOGY=Unknown
[ 7.054633] power_supply BAT0: prop VOLTAGE_MIN_DESIGN=10800000
[ 7.054640] power_supply BAT0: prop VOLTAGE_NOW=12446000
[ 7.054646] power_supply BAT0: prop CURRENT_NOW=0
[ 7.054652] power_supply BAT0: prop POWER_NOW=0
[ 7.054658] power_supply BAT0: prop ENERGY_FULL_DESIGN=55000000
[ 7.054664] power_supply BAT0: prop ENERGY_FULL=49570000
[ 7.054670] power_supply BAT0: prop ENERGY_NOW=47980000
[ 7.054677] power_supply BAT0: prop MODEL_NAME=ASMB012
[ 7.054683] power_supply BAT0: prop MANUFACTURER=SMPN012
[ 7.054689] power_supply BAT0: prop SERIAL_NUMBER=
[ 7.054886] power_supply BAT0: uevent
[ 7.054890] power_supply BAT0: POWER_SUPPLY_NAME=BAT0
[ 7.054897] power_supply BAT0: Static prop TYPE=Battery
[ 7.054902] power_supply BAT0: 13 dynamic props
[ 7.054907] power_supply BAT0: prop STATUS=Unknown
[ 7.054913] power_supply BAT0: prop PRESENT=1
[ 7.054920] power_supply BAT0: prop TECHNOLOGY=Unknown
[ 7.054926] power_supply BAT0: prop VOLTAGE_MIN_DESIGN=10800000
[ 7.054933] power_supply BAT0: prop VOLTAGE_NOW=12446000
[ 7.054939] power_supply BAT0: prop CURRENT_NOW=0
[ 7.054945] power_supply BAT0: prop POWER_NOW=0
[ 7.054951] power_supply BAT0: prop ENERGY_FULL_DESIGN=55000000
[ 7.054958] power_supply BAT0: prop ENERGY_FULL=49570000
[ 7.054964] power_supply BAT0: prop ENERGY_NOW=47980000
[ 7.054970] power_supply BAT0: prop MODEL_NAME=ASMB012
[ 7.054976] power_supply BAT0: prop MANUFACTURER=SMPN012
[ 7.054982] power_supply BAT0: prop SERIAL_NUMBER=
[ 7.143408] udev: renamed network interface eth0 to eth1
[ 7.198944] hda_codec: STAC922x, Apple subsys_id=106b1e00
[ 7.243291] usb 3-1: configuration #1 chosen from 1 choice
[ 7.273221] input: Hewlett-Packard HP USB Trval Mouse as /devices/pci0000:00/0000:00:1d.1/usb3/3-1/3-1:1.0/input/input9
[ 7.291637] generic-usb 0003:03F0:041D.0003: input: USB HID v1.10 Mouse [Hewlett-Packard HP USB Trval Mouse] on usb-0000:00:1d.1-1/input0
[ 7.600091] usb 4-2: new full speed USB device using uhci_hcd and address 2
[ 7.784353] Adding 2982500k swap on /dev/sda2. Priority:1 extents:1 across:2982500k
[ 7.843378] usb 4-2: configuration #1 chosen from 1 choice
[ 7.852356] generic-usb 0003:05AC:8240.0004: hiddev0: USB HID v1.11 Device [Apple Computer, Inc. IR Receiver] on usb-0000:00:1d.2-2/input0
[ 8.130019] usb 5-1: new full speed USB device using uhci_hcd and address 2
[ 8.348556] usb 5-1: configuration #1 chosen from 1 choice
[ 8.366618] usbhid 5-1:1.0: couldn't find an input interrupt endpoint
[ 8.702670] type=1111 audit(1252696097.000:4): user pid=1084 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:hwclock_t msg='changing system time: exe="/sbin/hwclock" (hostname=?, addr=?, terminal=console res=success)'
[ 8.982746] usb 5-1: USB disconnect, address 2
[ 9.009934] EXT3 FS on sda1, internal journal
[ 9.135342] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs
[ 9.262613] usb 5-1: new full speed USB device using uhci_hcd and address 3
[ 9.506835] usb 5-1: configuration #1 chosen from 1 choice
[ 10.827847] type=1400 audit(1252696099.118:5): avc: denied { module_request } for pid=1190 comm="iptables" scontext=system_u:system_r:iptables_t tcontext=system_u:system_r:kernel_t tclass=system
[ 10.862800] type=1300 audit(1252696099.118:5): arch=40000003 syscall=102 success=yes exit=0 a0=f a1=bf94e040 a2=b80aeabc a3=0 items=0 ppid=1177 pid=1190 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="iptables" exe="/usr/sbin/iptables" subj=system_u:system_r:iptables_t key=(null)
[ 12.000119] Clocksource tsc unstable (delta = -477933740 ns)
[ 12.222698] applesmc: light sensor data length set to 6
[ 18.504584] type=1400 audit(1252696106.798:6): avc: denied { module_request } for pid=1242 comm="wpa_supplicant" scontext=system_u:system_r:NetworkManager_t tcontext=system_u:system_r:kernel_t tclass=system
[ 18.508275] type=1300 audit(1252696106.798:6): arch=40000003 syscall=54 success=no exit=-19 a0=5 a1=8933 a2=bfc4d880 a3=5 items=0 ppid=1221 pid=1242 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="wpa_supplicant" exe="/sbin/wpa_supplicant" subj=system_u:system_r:NetworkManager_t key=(null)
[ 21.893810] wlan0: authenticate with AP 00:1e:2a:00:67:f0
[ 21.901165] wlan0: authenticated
[ 21.901172] wlan0: associate with AP 00:1e:2a:00:67:f0
[ 21.903606] wlan0: RX AssocResp from 00:1e:2a:00:67:f0 (capab=0x431 status=0 aid=2)
[ 21.903612] wlan0: associated
[ 22.901989] type=1100 audit(1252696111.198:7): user pid=1225 uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:local_login_t msg='op=PAM:authentication acct="name" exe="/bin/login" (hostname=?, addr=?, terminal=/dev/tty1 res=success)'
[ 22.902254] type=1101 audit(1252696111.198:8): user pid=1225 uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:local_login_t msg='op=PAM:accounting acct="name" exe="/bin/login" (hostname=?, addr=?, terminal=/dev/tty1 res=success)'
[ 22.956267] type=1006 audit(1252696111.248:9): login pid=1225 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=1
[ 23.008984] type=2300 audit(1252696111.298:10): user pid=1225 uid=0 auid=1000 ses=1 subj=system_u:system_r:local_login_t
msg='pam: default-context=name:sysadm_r:sysadm_t selected-context=name:sysadm_r:sysadm_t: exe="/bin/login" (hostname=?, addr=?, terminal=tty1 res=success)'
[ 23.015511] type=1105 audit(1252696111.308:11): user pid=1225 uid=0 auid=1000 ses=1 subj=system_u:system_r:local_login_t
msg='op=PAM:session_open acct="name" exe="/bin/login" (hostname=?, addr=?, terminal=/dev/tty1 res=success)'
[ 23.029742] type=1103 audit(1252696111.318:12): user pid=1225 uid=0 auid=1000 ses=1 subj=system_u:system_r:local_login_t
msg='op=PAM:setcred acct="name" exe="/bin/login" (hostname=?, addr=?, terminal=/dev/tty1 res=success)'
[ 23.029920] type=1112 audit(1252696111.318:13): user pid=1225 uid=0 auid=1000 ses=1 subj=system_u:system_r:local_login_t
msg='op=login acct="name" exe="/bin/login" (hostname=?, addr=?, terminal=/dev/tty1 res=success)'
[ 26.049770] pci 0000:01:00.0: PCI INT A -> GSI 16 (level, low) -> IRQ 16
[ 26.118789] pci 0000:01:00.0: setting latency timer to 64
[ 26.119272] [drm] Initialized radeon 1.31.0 20080528 for 0000:01:00.0 on minor 0
[ 26.484733] [drm] Setting GART location based on new memory map
[ 26.486033] [drm] Loading R500 Microcode
[ 26.486103] [drm] Num pipes: 1
[ 26.486119] [drm] writeback test succeeded in 1 usecs
^ permalink raw reply [flat|nested] 14+ messages in thread
* [refpolicy] [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
@ 2009-09-12 22:09 ` Justin Mattock
0 siblings, 0 replies; 14+ messages in thread
From: Justin Mattock @ 2009-09-12 22:09 UTC (permalink / raw)
To: refpolicy
attached is dmesg of the latest
Head giving me an avc denial that
is giving me an error with checkpolicy:
/usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
/usr/bin/checkpolicy: loading policy configuration from policy.conf
policy/modules/services/xserver.te":1138:ERROR 'permission
module_request is not defined for class system' at token ';' on line
2904222:
allow NetworkManager_t kernel_t:system module_request;
#============= NetworkManager_t ==============
policy/modules/services/xserver.te":1141:ERROR 'permission
module_request is not defined for class system' at token ';' on line
2904225:
#============= insmod_t ==============
allow insmod_t kernel_t:system module_request;
policy/modules/services/xserver.te":1144:ERROR 'permission
module_request is not defined for class system' at token ';' on line
2904228:
allow iptables_t kernel_t:system module_request;
#============= iptables_t ==============
checkpolicy: error(s) encountered while parsing configuration
make: *** [policy.22] Error 1
(please ignore the xserver.te, as a quick way using a monolithic
policy, I just randomly throw the allow rules anywhere, before
individually locating the right location).
here is what git bisect is showing me:
25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
commit 25354c4fee169710fd9da15f3bb2abaa24dcf933
Author: Eric Paris <eparis@redhat.com>
Date: Thu Aug 13 09:45:03 2009 -0400
SELinux: add selinux_kernel_module_request
This patch adds a new selinux hook so SELinux can arbitrate if a given
process should be allowed to trigger a request for the kernel to try to
load a module. This is a different operation than a process trying to load
a module itself, which is already protected by CAP_SYS_MODULE.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
:040000 040000 0585d8667e7c54b9b3e07f419dc8eff62b32fe96
f63f56f137352a90a909d11d37e8f5462f4306ff M security
and FWIW git bisect log:
git bisect start
# bad: [332a3392188e0ad966543c87b8da2b9d246f301d] Merge
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
git bisect bad 332a3392188e0ad966543c87b8da2b9d246f301d
# good: [ed680c4ad478d0fee9740f7d029087f181346564] Linux 2.6.31-rc5
git bisect good ed680c4ad478d0fee9740f7d029087f181346564
# good: [f415c413f458837bd0c27086b79aca889f9435e4] Merge
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
git bisect good f415c413f458837bd0c27086b79aca889f9435e4
# good: [6a0f4021469727675b83d85ac91d106bfae0e2c3] Merge branch
'topic/dummy' into for-linus
git bisect good 6a0f4021469727675b83d85ac91d106bfae0e2c3
# bad: [a12e4d304ce701844c639541d90df86e165d03f9] Merge branch
'writeback' of git://git.kernel.dk/linux-2.6-block
git bisect bad a12e4d304ce701844c639541d90df86e165d03f9
# bad: [2490138cb785d299d898b579fa2874a59a3d321a] Merge branch
'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband
git bisect bad 2490138cb785d299d898b579fa2874a59a3d321a
# bad: [9f0ab4a3f0fdb1ff404d150618ace2fa069bb2e1] binfmt_elf: fix
PT_INTERP bss handling
git bisect bad 9f0ab4a3f0fdb1ff404d150618ace2fa069bb2e1
# good: [896a6de40ef3814525632609799af909338f50c3] mm_for_maps: take
->cred_guard_mutex to fix the race with exec
git bisect good 896a6de40ef3814525632609799af909338f50c3
# bad: [0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76] KEYS: Allow
keyctl_revoke() on keys that have SETATTR but not WRITE perm [try #6]
git bisect bad 0c2c9a3fc77e8b60d43d9bd2ca46eb4dddb0ff76
# bad: [ece13879e74313e62109e0755dd3d4f172df89e2] Merge branch
'master' into next
git bisect bad ece13879e74313e62109e0755dd3d4f172df89e2
# bad: [25354c4fee169710fd9da15f3bb2abaa24dcf933] SELinux: add
selinux_kernel_module_request
git bisect bad 25354c4fee169710fd9da15f3bb2abaa24dcf933
# good: [a8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c] Networking: use
CAP_NET_ADMIN when deciding to call request_module
git bisect good a8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c
# good: [9188499cdb117d86a1ea6b04374095b098d56936] security:
introducing security_request_module
git bisect good 9188499cdb117d86a1ea6b04374095b098d56936
The system is an LFS,
there is no proprietary modules
at all with this kernel.
I have another machine running
rc-8 and it seems to not be producing
this avc.(keep in mind it does have
two proprietary modules: nvidia wl).
--
Justin P. Mattock
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dmesg
Type: application/octet-stream
Size: 52104 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090912/4a835a73/attachment-0001.obj
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
2009-09-12 22:09 ` [refpolicy] " Justin Mattock
@ 2009-09-12 22:28 ` Eric Paris
-1 siblings, 0 replies; 14+ messages in thread
From: Eric Paris @ 2009-09-12 22:28 UTC (permalink / raw)
To: Justin Mattock
Cc: SE-Linux, tresys, Eric Paris, James Morris, Serge Hallyn, dwalsh,
sds
On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
> attached is dmesg of the latest
> Head giving me an avc denial that
> is giving me an error with checkpolicy:
>
> /usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> policy/modules/services/xserver.te":1138:ERROR 'permission
> module_request is not defined for class system' at token ';' on line
> 2904222:
> allow NetworkManager_t kernel_t:system module_request;
> #============= NetworkManager_t ==============
> policy/modules/services/xserver.te":1141:ERROR 'permission
> module_request is not defined for class system' at token ';' on line
> 2904225:
> #============= insmod_t ==============
> allow insmod_t kernel_t:system module_request;
> policy/modules/services/xserver.te":1144:ERROR 'permission
> module_request is not defined for class system' at token ';' on line
It's because you are using the -U deny. You are telling the kernel to
deny unknown permissions and then you are trying to define an unknown
permission. There is nothing wrong with the kernel.
I do need to submit the policy path to define it, but that's not a good
idea until we know more or all of the places it is needed. I hoped to
work on that with dwalsh in rawhide before we push the policy patch
upstream. You can help there! In your base policy module you need to
define 'request_module' in the system class in
policy/flash/access_vectors rebuild and load the base policy policy
module. Then you can use the request_module permission.
-Eric
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [refpolicy] [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
@ 2009-09-12 22:28 ` Eric Paris
0 siblings, 0 replies; 14+ messages in thread
From: Eric Paris @ 2009-09-12 22:28 UTC (permalink / raw)
To: refpolicy
On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
> attached is dmesg of the latest
> Head giving me an avc denial that
> is giving me an error with checkpolicy:
>
> /usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> policy/modules/services/xserver.te":1138:ERROR 'permission
> module_request is not defined for class system' at token ';' on line
> 2904222:
> allow NetworkManager_t kernel_t:system module_request;
> #============= NetworkManager_t ==============
> policy/modules/services/xserver.te":1141:ERROR 'permission
> module_request is not defined for class system' at token ';' on line
> 2904225:
> #============= insmod_t ==============
> allow insmod_t kernel_t:system module_request;
> policy/modules/services/xserver.te":1144:ERROR 'permission
> module_request is not defined for class system' at token ';' on line
It's because you are using the -U deny. You are telling the kernel to
deny unknown permissions and then you are trying to define an unknown
permission. There is nothing wrong with the kernel.
I do need to submit the policy path to define it, but that's not a good
idea until we know more or all of the places it is needed. I hoped to
work on that with dwalsh in rawhide before we push the policy patch
upstream. You can help there! In your base policy module you need to
define 'request_module' in the system class in
policy/flash/access_vectors rebuild and load the base policy policy
module. Then you can use the request_module permission.
-Eric
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
2009-09-12 22:28 ` [refpolicy] " Eric Paris
@ 2009-09-12 23:06 ` Justin Mattock
-1 siblings, 0 replies; 14+ messages in thread
From: Justin Mattock @ 2009-09-12 23:06 UTC (permalink / raw)
To: Eric Paris
Cc: SE-Linux, tresys, Eric Paris, James Morris, Serge Hallyn, dwalsh,
sds
On Sat, Sep 12, 2009 at 3:28 PM, Eric Paris <eparis@redhat.com> wrote:
> On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
>> attached is dmesg of the latest
>> Head giving me an avc denial that
>> is giving me an error with checkpolicy:
>>
>> /usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
>> /usr/bin/checkpolicy: loading policy configuration from policy.conf
>> policy/modules/services/xserver.te":1138:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>> 2904222:
>> allow NetworkManager_t kernel_t:system module_request;
>> #============= NetworkManager_t ==============
>> policy/modules/services/xserver.te":1141:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>> 2904225:
>> #============= insmod_t ==============
>> allow insmod_t kernel_t:system module_request;
>> policy/modules/services/xserver.te":1144:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>
> It's because you are using the -U deny. You are telling the kernel to
> deny unknown permissions and then you are trying to define an unknown
> permission. There is nothing wrong with the kernel.
>
> I do need to submit the policy path to define it, but that's not a good
> idea until we know more or all of the places it is needed. I hoped to
> work on that with dwalsh in rawhide before we push the policy patch
> upstream. You can help there! In your base policy module you need to
> define 'request_module' in the system class in
> policy/flash/access_vectors rebuild and load the base policy policy
> module. Then you can use the request_module permission.
>
> -Eric
>
>
Cool,
I can try and see if I can create
a class for the policy(good learning here)
but just keep in mind, don't wait up for me,
for it could take a while.
Anyways I went in and commented out the
unknown permissions option in build.conf(then
make clean make conf etc..) and
it seems to keep triggering this error.
>From what it seems, maybe I have something
wrong with my userspace tools.
(ill update tomorrow, and see if it compiles
through).
--
Justin P. Mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [refpolicy] [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
@ 2009-09-12 23:06 ` Justin Mattock
0 siblings, 0 replies; 14+ messages in thread
From: Justin Mattock @ 2009-09-12 23:06 UTC (permalink / raw)
To: refpolicy
On Sat, Sep 12, 2009 at 3:28 PM, Eric Paris <eparis@redhat.com> wrote:
> On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
>> attached is dmesg of the latest
>> Head giving me an avc denial that
>> is giving me an error with checkpolicy:
>>
>> /usr/bin/checkpolicy -c 22 ?-U deny policy.conf -o policy.22
>> /usr/bin/checkpolicy: ?loading policy configuration from policy.conf
>> policy/modules/services/xserver.te":1138:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>> 2904222:
>> allow NetworkManager_t kernel_t:system module_request;
>> #============= NetworkManager_t ==============
>> policy/modules/services/xserver.te":1141:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>> 2904225:
>> #============= insmod_t ==============
>> allow insmod_t kernel_t:system module_request;
>> policy/modules/services/xserver.te":1144:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>
> It's because you are using the -U deny. ?You are telling the kernel to
> deny unknown permissions and then you are trying to define an unknown
> permission. ?There is nothing wrong with the kernel.
>
> I do need to submit the policy path to define it, but that's not a good
> idea until we know more or all of the places it is needed. ?I hoped to
> work on that with dwalsh in rawhide before we push the policy patch
> upstream. ?You can help there! ?In your base policy module you need to
> define 'request_module' in the system class in
> policy/flash/access_vectors rebuild and load the base policy policy
> module. ?Then you can use the request_module permission.
>
> -Eric
>
>
Cool,
I can try and see if I can create
a class for the policy(good learning here)
but just keep in mind, don't wait up for me,
for it could take a while.
Anyways I went in and commented out the
unknown permissions option in build.conf(then
make clean make conf etc..) and
it seems to keep triggering this error.
>From what it seems, maybe I have something
wrong with my userspace tools.
(ill update tomorrow, and see if it compiles
through).
--
Justin P. Mattock
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
2009-09-12 23:06 ` [refpolicy] " Justin Mattock
@ 2009-09-12 23:10 ` Eric Paris
-1 siblings, 0 replies; 14+ messages in thread
From: Eric Paris @ 2009-09-12 23:10 UTC (permalink / raw)
To: Justin Mattock; +Cc: SE-Linux, tresys, James Morris, Serge Hallyn, dwalsh, sds
On Sat, 2009-09-12 at 16:06 -0700, Justin Mattock wrote:
> On Sat, Sep 12, 2009 at 3:28 PM, Eric Paris <eparis@redhat.com> wrote:
> > On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
> >> attached is dmesg of the latest
> >> Head giving me an avc denial that
> >> is giving me an error with checkpolicy:
> >>
> >> /usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
> >> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> >> policy/modules/services/xserver.te":1138:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >> 2904222:
> >> allow NetworkManager_t kernel_t:system module_request;
> >> #============= NetworkManager_t ==============
> >> policy/modules/services/xserver.te":1141:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >> 2904225:
> >> #============= insmod_t ==============
> >> allow insmod_t kernel_t:system module_request;
> >> policy/modules/services/xserver.te":1144:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >
> > It's because you are using the -U deny. You are telling the kernel to
> > deny unknown permissions and then you are trying to define an unknown
> > permission. There is nothing wrong with the kernel.
> >
> > I do need to submit the policy path to define it, but that's not a good
> > idea until we know more or all of the places it is needed. I hoped to
> > work on that with dwalsh in rawhide before we push the policy patch
> > upstream. You can help there! In your base policy module you need to
> > define 'request_module' in the system class in
> > policy/flash/access_vectors rebuild and load the base policy policy
> > module. Then you can use the request_module permission.
> >
> > -Eric
> >
> >
>
> Cool,
> I can try and see if I can create
> a class for the policy(good learning here)
> but just keep in mind, don't wait up for me,
> for it could take a while.
>
> Anyways I went in and commented out the
> unknown permissions option in build.conf(then
> make clean make conf etc..) and
> it seems to keep triggering this error.
>
> From what it seems, maybe I have something
> wrong with my userspace tools.
> (ill update tomorrow, and see if it compiles
> through).
Ah no, sorry, I wasn't clear. The -U dney is what causes the kernel to
audit the denial. Without that the kernel won't complain and will work
just fine without those rules. With the deny you are going to have to
add the one line to the file I indicated and include those rules.
Thanks
-Eric
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [refpolicy] [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
@ 2009-09-12 23:10 ` Eric Paris
0 siblings, 0 replies; 14+ messages in thread
From: Eric Paris @ 2009-09-12 23:10 UTC (permalink / raw)
To: refpolicy
On Sat, 2009-09-12 at 16:06 -0700, Justin Mattock wrote:
> On Sat, Sep 12, 2009 at 3:28 PM, Eric Paris <eparis@redhat.com> wrote:
> > On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
> >> attached is dmesg of the latest
> >> Head giving me an avc denial that
> >> is giving me an error with checkpolicy:
> >>
> >> /usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
> >> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> >> policy/modules/services/xserver.te":1138:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >> 2904222:
> >> allow NetworkManager_t kernel_t:system module_request;
> >> #============= NetworkManager_t ==============
> >> policy/modules/services/xserver.te":1141:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >> 2904225:
> >> #============= insmod_t ==============
> >> allow insmod_t kernel_t:system module_request;
> >> policy/modules/services/xserver.te":1144:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >
> > It's because you are using the -U deny. You are telling the kernel to
> > deny unknown permissions and then you are trying to define an unknown
> > permission. There is nothing wrong with the kernel.
> >
> > I do need to submit the policy path to define it, but that's not a good
> > idea until we know more or all of the places it is needed. I hoped to
> > work on that with dwalsh in rawhide before we push the policy patch
> > upstream. You can help there! In your base policy module you need to
> > define 'request_module' in the system class in
> > policy/flash/access_vectors rebuild and load the base policy policy
> > module. Then you can use the request_module permission.
> >
> > -Eric
> >
> >
>
> Cool,
> I can try and see if I can create
> a class for the policy(good learning here)
> but just keep in mind, don't wait up for me,
> for it could take a while.
>
> Anyways I went in and commented out the
> unknown permissions option in build.conf(then
> make clean make conf etc..) and
> it seems to keep triggering this error.
>
> From what it seems, maybe I have something
> wrong with my userspace tools.
> (ill update tomorrow, and see if it compiles
> through).
Ah no, sorry, I wasn't clear. The -U dney is what causes the kernel to
audit the denial. Without that the kernel won't complain and will work
just fine without those rules. With the deny you are going to have to
add the one line to the file I indicated and include those rules.
Thanks
-Eric
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
2009-09-12 22:28 ` [refpolicy] " Eric Paris
@ 2009-09-12 23:46 ` Justin Mattock
-1 siblings, 0 replies; 14+ messages in thread
From: Justin Mattock @ 2009-09-12 23:46 UTC (permalink / raw)
To: Eric Paris
Cc: SE-Linux, tresys, Eric Paris, James Morris, Serge Hallyn, dwalsh,
sds
On Sat, Sep 12, 2009 at 3:28 PM, Eric Paris <eparis@redhat.com> wrote:
> On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
>> attached is dmesg of the latest
>> Head giving me an avc denial that
>> is giving me an error with checkpolicy:
>>
>> /usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
>> /usr/bin/checkpolicy: loading policy configuration from policy.conf
>> policy/modules/services/xserver.te":1138:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>> 2904222:
>> allow NetworkManager_t kernel_t:system module_request;
>> #============= NetworkManager_t ==============
>> policy/modules/services/xserver.te":1141:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>> 2904225:
>> #============= insmod_t ==============
>> allow insmod_t kernel_t:system module_request;
>> policy/modules/services/xserver.te":1144:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>
> It's because you are using the -U deny. You are telling the kernel to
> deny unknown permissions and then you are trying to define an unknown
> permission. There is nothing wrong with the kernel.
>
> I do need to submit the policy path to define it, but that's not a good
> idea until we know more or all of the places it is needed. I hoped to
> work on that with dwalsh in rawhide before we push the policy patch
> upstream. You can help there! In your base policy module you need to
> define 'request_module' in the system class in
> policy/flash/access_vectors rebuild and load the base policy policy
> module. Then you can use the request_module permission.
>
> -Eric
>
>
O.K. this was just a hit and a miss
(I don't know what I'm doing but am willing to try)
below fixes the error from checkpolicy,
but I'm not sure if it's correct.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [refpolicy] [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
@ 2009-09-12 23:46 ` Justin Mattock
0 siblings, 0 replies; 14+ messages in thread
From: Justin Mattock @ 2009-09-12 23:46 UTC (permalink / raw)
To: refpolicy
On Sat, Sep 12, 2009 at 3:28 PM, Eric Paris <eparis@redhat.com> wrote:
> On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
>> attached is dmesg of the latest
>> Head giving me an avc denial that
>> is giving me an error with checkpolicy:
>>
>> /usr/bin/checkpolicy -c 22 ?-U deny policy.conf -o policy.22
>> /usr/bin/checkpolicy: ?loading policy configuration from policy.conf
>> policy/modules/services/xserver.te":1138:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>> 2904222:
>> allow NetworkManager_t kernel_t:system module_request;
>> #============= NetworkManager_t ==============
>> policy/modules/services/xserver.te":1141:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>> 2904225:
>> #============= insmod_t ==============
>> allow insmod_t kernel_t:system module_request;
>> policy/modules/services/xserver.te":1144:ERROR 'permission
>> module_request is not defined for class system' at token ';' on line
>
> It's because you are using the -U deny. ?You are telling the kernel to
> deny unknown permissions and then you are trying to define an unknown
> permission. ?There is nothing wrong with the kernel.
>
> I do need to submit the policy path to define it, but that's not a good
> idea until we know more or all of the places it is needed. ?I hoped to
> work on that with dwalsh in rawhide before we push the policy patch
> upstream. ?You can help there! ?In your base policy module you need to
> define 'request_module' in the system class in
> policy/flash/access_vectors rebuild and load the base policy policy
> module. ?Then you can use the request_module permission.
>
> -Eric
>
>
O.K. this was just a hit and a miss
(I don't know what I'm doing but am willing to try)
below fixes the error from checkpolicy,
but I'm not sure if it's correct.
>From 4095a245f8a4a75d8ab2f94d816159d8b180ed1f Mon Sep 17 00:00:00 2001
From: Justin P. Mattock <justinmattock@gmail.com>
Date: Sat, 12 Sep 2009 16:42:06 -0700
Subject: [PATCH] add module_request support
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
---
policy/flask/access_vectors | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 3998b77..67ab292 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -349,6 +349,7 @@ class system
syslog_read
syslog_mod
syslog_console
+ module_request
}
#
--
1.6.3.2
--
Justin P. Mattock
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
2009-09-12 23:46 ` [refpolicy] " Justin Mattock
@ 2009-09-13 0:29 ` Eric Paris
-1 siblings, 0 replies; 14+ messages in thread
From: Eric Paris @ 2009-09-13 0:29 UTC (permalink / raw)
To: Justin Mattock; +Cc: SE-Linux, tresys, James Morris, Serge Hallyn, dwalsh, sds
On Sat, 2009-09-12 at 16:46 -0700, Justin Mattock wrote:
> On Sat, Sep 12, 2009 at 3:28 PM, Eric Paris <eparis@redhat.com> wrote:
> > On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
> >> attached is dmesg of the latest
> >> Head giving me an avc denial that
> >> is giving me an error with checkpolicy:
> >>
> >> /usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
> >> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> >> policy/modules/services/xserver.te":1138:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >> 2904222:
> >> allow NetworkManager_t kernel_t:system module_request;
> >> #============= NetworkManager_t ==============
> >> policy/modules/services/xserver.te":1141:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >> 2904225:
> >> #============= insmod_t ==============
> >> allow insmod_t kernel_t:system module_request;
> >> policy/modules/services/xserver.te":1144:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >
> > It's because you are using the -U deny. You are telling the kernel to
> > deny unknown permissions and then you are trying to define an unknown
> > permission. There is nothing wrong with the kernel.
> >
> > I do need to submit the policy path to define it, but that's not a good
> > idea until we know more or all of the places it is needed. I hoped to
> > work on that with dwalsh in rawhide before we push the policy patch
> > upstream. You can help there! In your base policy module you need to
> > define 'request_module' in the system class in
> > policy/flash/access_vectors rebuild and load the base policy policy
> > module. Then you can use the request_module permission.
> >
> > -Eric
> >
> >
>
> O.K. this was just a hit and a miss
> (I don't know what I'm doing but am willing to try)
> below fixes the error from checkpolicy,
> but I'm not sure if it's correct.
>
>
> From 4095a245f8a4a75d8ab2f94d816159d8b180ed1f Mon Sep 17 00:00:00 2001
> From: Justin P. Mattock <justinmattock@gmail.com>
> Date: Sat, 12 Sep 2009 16:42:06 -0700
> Subject: [PATCH] add module_request support
>
> Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
> ---
> policy/flask/access_vectors | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
> index 3998b77..67ab292 100644
> --- a/policy/flask/access_vectors
> +++ b/policy/flask/access_vectors
> @@ -349,6 +349,7 @@ class system
> syslog_read
> syslog_mod
> syslog_console
> + module_request
> }
Yes that is correct (outside of the fact you used eight spaces instead
of a tab)
But upstream should not commit this until a number of people have tried
to run kernels with it defined and flushed out some reasonable number of
the necessary allow rules (because just defining it will cause people
with -U allow to start getting denials).
-Eric
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [refpolicy] [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
@ 2009-09-13 0:29 ` Eric Paris
0 siblings, 0 replies; 14+ messages in thread
From: Eric Paris @ 2009-09-13 0:29 UTC (permalink / raw)
To: refpolicy
On Sat, 2009-09-12 at 16:46 -0700, Justin Mattock wrote:
> On Sat, Sep 12, 2009 at 3:28 PM, Eric Paris <eparis@redhat.com> wrote:
> > On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
> >> attached is dmesg of the latest
> >> Head giving me an avc denial that
> >> is giving me an error with checkpolicy:
> >>
> >> /usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
> >> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> >> policy/modules/services/xserver.te":1138:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >> 2904222:
> >> allow NetworkManager_t kernel_t:system module_request;
> >> #============= NetworkManager_t ==============
> >> policy/modules/services/xserver.te":1141:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >> 2904225:
> >> #============= insmod_t ==============
> >> allow insmod_t kernel_t:system module_request;
> >> policy/modules/services/xserver.te":1144:ERROR 'permission
> >> module_request is not defined for class system' at token ';' on line
> >
> > It's because you are using the -U deny. You are telling the kernel to
> > deny unknown permissions and then you are trying to define an unknown
> > permission. There is nothing wrong with the kernel.
> >
> > I do need to submit the policy path to define it, but that's not a good
> > idea until we know more or all of the places it is needed. I hoped to
> > work on that with dwalsh in rawhide before we push the policy patch
> > upstream. You can help there! In your base policy module you need to
> > define 'request_module' in the system class in
> > policy/flash/access_vectors rebuild and load the base policy policy
> > module. Then you can use the request_module permission.
> >
> > -Eric
> >
> >
>
> O.K. this was just a hit and a miss
> (I don't know what I'm doing but am willing to try)
> below fixes the error from checkpolicy,
> but I'm not sure if it's correct.
>
>
> From 4095a245f8a4a75d8ab2f94d816159d8b180ed1f Mon Sep 17 00:00:00 2001
> From: Justin P. Mattock <justinmattock@gmail.com>
> Date: Sat, 12 Sep 2009 16:42:06 -0700
> Subject: [PATCH] add module_request support
>
> Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
> ---
> policy/flask/access_vectors | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
> index 3998b77..67ab292 100644
> --- a/policy/flask/access_vectors
> +++ b/policy/flask/access_vectors
> @@ -349,6 +349,7 @@ class system
> syslog_read
> syslog_mod
> syslog_console
> + module_request
> }
Yes that is correct (outside of the fact you used eight spaces instead
of a tab)
But upstream should not commit this until a number of people have tried
to run kernels with it defined and flushed out some reasonable number of
the necessary allow rules (because just defining it will cause people
with -U allow to start getting denials).
-Eric
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
2009-09-13 0:29 ` [refpolicy] " Eric Paris
@ 2009-09-13 0:44 ` Justin P. Mattock
-1 siblings, 0 replies; 14+ messages in thread
From: Justin P. Mattock @ 2009-09-13 0:44 UTC (permalink / raw)
To: Eric Paris; +Cc: SE-Linux, tresys, James Morris, Serge Hallyn, dwalsh, sds
Eric Paris wrote:
> On Sat, 2009-09-12 at 16:46 -0700, Justin Mattock wrote:
>
>> On Sat, Sep 12, 2009 at 3:28 PM, Eric Paris<eparis@redhat.com> wrote:
>>
>>> On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
>>>
>>>> attached is dmesg of the latest
>>>> Head giving me an avc denial that
>>>> is giving me an error with checkpolicy:
>>>>
>>>> /usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
>>>> /usr/bin/checkpolicy: loading policy configuration from policy.conf
>>>> policy/modules/services/xserver.te":1138:ERROR 'permission
>>>> module_request is not defined for class system' at token ';' on line
>>>> 2904222:
>>>> allow NetworkManager_t kernel_t:system module_request;
>>>> #============= NetworkManager_t ==============
>>>> policy/modules/services/xserver.te":1141:ERROR 'permission
>>>> module_request is not defined for class system' at token ';' on line
>>>> 2904225:
>>>> #============= insmod_t ==============
>>>> allow insmod_t kernel_t:system module_request;
>>>> policy/modules/services/xserver.te":1144:ERROR 'permission
>>>> module_request is not defined for class system' at token ';' on line
>>>>
>>> It's because you are using the -U deny. You are telling the kernel to
>>> deny unknown permissions and then you are trying to define an unknown
>>> permission. There is nothing wrong with the kernel.
>>>
>>> I do need to submit the policy path to define it, but that's not a good
>>> idea until we know more or all of the places it is needed. I hoped to
>>> work on that with dwalsh in rawhide before we push the policy patch
>>> upstream. You can help there! In your base policy module you need to
>>> define 'request_module' in the system class in
>>> policy/flash/access_vectors rebuild and load the base policy policy
>>> module. Then you can use the request_module permission.
>>>
>>> -Eric
>>>
>>>
>>>
>> O.K. this was just a hit and a miss
>> (I don't know what I'm doing but am willing to try)
>> below fixes the error from checkpolicy,
>> but I'm not sure if it's correct.
>>
>>
>> From 4095a245f8a4a75d8ab2f94d816159d8b180ed1f Mon Sep 17 00:00:00 2001
>> From: Justin P. Mattock<justinmattock@gmail.com>
>> Date: Sat, 12 Sep 2009 16:42:06 -0700
>> Subject: [PATCH] add module_request support
>>
>> Signed-off-by: Justin P. Mattock<justinmattock@gmail.com>
>> ---
>> policy/flask/access_vectors | 1 +
>> 1 files changed, 1 insertions(+), 0 deletions(-)
>>
>> diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
>> index 3998b77..67ab292 100644
>> --- a/policy/flask/access_vectors
>> +++ b/policy/flask/access_vectors
>> @@ -349,6 +349,7 @@ class system
>> syslog_read
>> syslog_mod
>> syslog_console
>> + module_request
>> }
>>
>
>
> Yes that is correct (outside of the fact you used eight spaces instead
> of a tab)
>
> But upstream should not commit this until a number of people have tried
> to run kernels with it defined and flushed out some reasonable number of
> the necessary allow rules (because just defining it will cause people
> with -U allow to start getting denials).
>
> -Eric
>
>
>
Hey alright.(id have to say a lucky
guess on my part).
In this case either you can take the
patch(If I need to redu it I will)
sign off on it, then store it somewhere
until people start hitting this
then go from there.
As a backup I'll leave it on my facebook
account(so I don't forget and loose it).
Overall Thanks for helping me on this.
Justin P. Mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [refpolicy] [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit
@ 2009-09-13 0:44 ` Justin P. Mattock
0 siblings, 0 replies; 14+ messages in thread
From: Justin P. Mattock @ 2009-09-13 0:44 UTC (permalink / raw)
To: refpolicy
Eric Paris wrote:
> On Sat, 2009-09-12 at 16:46 -0700, Justin Mattock wrote:
>
>> On Sat, Sep 12, 2009 at 3:28 PM, Eric Paris<eparis@redhat.com> wrote:
>>
>>> On Sat, 2009-09-12 at 15:09 -0700, Justin Mattock wrote:
>>>
>>>> attached is dmesg of the latest
>>>> Head giving me an avc denial that
>>>> is giving me an error with checkpolicy:
>>>>
>>>> /usr/bin/checkpolicy -c 22 -U deny policy.conf -o policy.22
>>>> /usr/bin/checkpolicy: loading policy configuration from policy.conf
>>>> policy/modules/services/xserver.te":1138:ERROR 'permission
>>>> module_request is not defined for class system' at token ';' on line
>>>> 2904222:
>>>> allow NetworkManager_t kernel_t:system module_request;
>>>> #============= NetworkManager_t ==============
>>>> policy/modules/services/xserver.te":1141:ERROR 'permission
>>>> module_request is not defined for class system' at token ';' on line
>>>> 2904225:
>>>> #============= insmod_t ==============
>>>> allow insmod_t kernel_t:system module_request;
>>>> policy/modules/services/xserver.te":1144:ERROR 'permission
>>>> module_request is not defined for class system' at token ';' on line
>>>>
>>> It's because you are using the -U deny. You are telling the kernel to
>>> deny unknown permissions and then you are trying to define an unknown
>>> permission. There is nothing wrong with the kernel.
>>>
>>> I do need to submit the policy path to define it, but that's not a good
>>> idea until we know more or all of the places it is needed. I hoped to
>>> work on that with dwalsh in rawhide before we push the policy patch
>>> upstream. You can help there! In your base policy module you need to
>>> define 'request_module' in the system class in
>>> policy/flash/access_vectors rebuild and load the base policy policy
>>> module. Then you can use the request_module permission.
>>>
>>> -Eric
>>>
>>>
>>>
>> O.K. this was just a hit and a miss
>> (I don't know what I'm doing but am willing to try)
>> below fixes the error from checkpolicy,
>> but I'm not sure if it's correct.
>>
>>
>> From 4095a245f8a4a75d8ab2f94d816159d8b180ed1f Mon Sep 17 00:00:00 2001
>> From: Justin P. Mattock<justinmattock@gmail.com>
>> Date: Sat, 12 Sep 2009 16:42:06 -0700
>> Subject: [PATCH] add module_request support
>>
>> Signed-off-by: Justin P. Mattock<justinmattock@gmail.com>
>> ---
>> policy/flask/access_vectors | 1 +
>> 1 files changed, 1 insertions(+), 0 deletions(-)
>>
>> diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
>> index 3998b77..67ab292 100644
>> --- a/policy/flask/access_vectors
>> +++ b/policy/flask/access_vectors
>> @@ -349,6 +349,7 @@ class system
>> syslog_read
>> syslog_mod
>> syslog_console
>> + module_request
>> }
>>
>
>
> Yes that is correct (outside of the fact you used eight spaces instead
> of a tab)
>
> But upstream should not commit this until a number of people have tried
> to run kernels with it defined and flushed out some reasonable number of
> the necessary allow rules (because just defining it will cause people
> with -U allow to start getting denials).
>
> -Eric
>
>
>
Hey alright.(id have to say a lucky
guess on my part).
In this case either you can take the
patch(If I need to redu it I will)
sign off on it, then store it somewhere
until people start hitting this
then go from there.
As a backup I'll leave it on my facebook
account(so I don't forget and loose it).
Overall Thanks for helping me on this.
Justin P. Mattock
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2009-09-13 0:44 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-09-12 22:09 [git bisected] 25354c4fee169710fd9da15f3bb2abaa24dcf933 is first bad commit Justin Mattock
2009-09-12 22:09 ` [refpolicy] " Justin Mattock
2009-09-12 22:28 ` Eric Paris
2009-09-12 22:28 ` [refpolicy] " Eric Paris
2009-09-12 23:06 ` Justin Mattock
2009-09-12 23:06 ` [refpolicy] " Justin Mattock
2009-09-12 23:10 ` Eric Paris
2009-09-12 23:10 ` [refpolicy] " Eric Paris
2009-09-12 23:46 ` Justin Mattock
2009-09-12 23:46 ` [refpolicy] " Justin Mattock
2009-09-13 0:29 ` Eric Paris
2009-09-13 0:29 ` [refpolicy] " Eric Paris
2009-09-13 0:44 ` Justin P. Mattock
2009-09-13 0:44 ` [refpolicy] " Justin P. Mattock
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.