Max,
To answer your question from yesterday, I had been getting the same errors even
before I installed the policies yesterday which is strange because the messages
indicate that a policy was loaded. Is there a built-in default policy? Where do
I go from here?
Thanks,
Steve
>From /var/log/messages:
Jul 1 18:53:55 asa-ws-053 setroubleshoot: [program.ERROR] setroubleshoot
generated AVC, exiting to avoid recursion,
context=system_u:system_r:setroubleshootd_t:s0, AVC
scontext=system_u:system_r:setroubleshootd_t:s0
and
Jul 1 18:53:51 asa-ws-053 kernel: security: class peer not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: class capability2 not defined in
policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission recvfrom in class node
not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission sendto in class node
not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission ingress in class netif
not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission egress in class netif
not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission setfcap in class
capability not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission forward_in in class
packet not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: security: permission forward_out in class
packet not defined in policy
Jul 1 18:53:51 asa-ws-053 kernel: SELinux: policy loaded with
handle_unknown=deny
Jul 1 18:53:51 asa-ws-053 kernel: type=1403 audit(1214938405.305:2): policy
loaded auid=4294967295 ses=4294967295
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938406.918:3): avc:
denied { read write } for pid=505 comm="restorecon" path="/dev/console"
dev=tmpfs ino=233 scontext=system_u:system_r:setfiles_t:s0
tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.569:4): avc:
denied { create } for pid=739 comm="hwclock"
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=netlink_audit_socket
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.583:5): avc:
denied { getattr } for pid=739 comm="hwclock" path="/etc/adjtime" dev=dm-0
ino=36569532 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:adjtime_t:s0 tclass=file
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.583:6): avc:
denied { read } for pid=739 comm="hwclock" name="adjtime" dev=dm-0
ino=36569532 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023
tcontext=system_u:object_r:adjtime_t:s0 tclass=file
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.938:7): avc:
denied { sys_nice } for pid=611 comm="modprobe" capability=23
scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability
Jul 1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.938:8): avc:
denied { setsched } for pid=611 comm="modprobe"
scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023
tcontext=system_u:system_r:kernel_t:s0 tclass=process
--
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
