Re: Permission denied during rpm installation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Deepak Shrestha wrote:
These are probably not the relevant denials. Try to find ones from
around the time you were trying the RPM install. There should be a log
entry corresponding to when you did the "setenforce 0" (search for
"setenforce" in /var/log/messages), and the denials of interest should
be in the minutes preceding that.

Paul.

Thanks paul,

looking for the setenforce and preceding logs, I found this, which
from the point I use setenforce, installed rpm, setenforce back and
reboot the computer:

==============
Jul 27 12:17:47 webcomp kernel: audit(1153973867.873:11): avc:
granted  { setenforce } for  pid=2726 comm="setenforce"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
Jul 27 12:17:47 webcomp kernel: audit(1153973867.873:11): avc:
granted  { setenforce } for  pid=2726 comm="setenforce"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
Jul 27 12:17:47 webcomp kernel: audit(1153973867.873:12): enforcing=0
old_enforcing=1 auid=4294967295
Jul 27 12:18:05 webcomp kernel: audit(1153973885.002:13): avc:  denied
{ unlink } for  pid=2731 comm="depmod" name="modules.dep" dev=dm-0
ino=1147086 scontext=user_u:system_r:depmod_t:s0
tcontext=root:object_r:modules_object_t:s0 tclass=file
Jul 27 12:18:10 webcomp kernel: audit(1153973890.638:14): avc:
granted  { setenforce } for  pid=2733 comm="setenforce"
scontext=user_u:system_r:unconfined_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=security
Jul 27 12:18:10 webcomp kernel: audit(1153973890.638:15): enforcing=1
old_enforcing=0 auid=4294967295
Jul 27 12:22:05 webcomp smartd[1789]: System clock time adjusted to
the past. Resetting next wakeup time.
Jul 27 13:18:28 webcomp kernel: NTFS driver 2.1.27 [Flags: R/W MODULE].
Jul 27 13:18:28 webcomp kernel: NTFS volume version 3.1.
Jul 27 13:18:28 webcomp kernel: SELinux: initialized (dev hdb1, type
ntfs), uses genfs_contexts
Jul 27 13:20:37 webcomp gconfd (deepak-2534): GConf server is not in
use, shutting down.
Jul 27 13:20:37 webcomp gconfd (deepak-2534): Exiting
Jul 27 13:22:19 webcomp gdm[2264]: Restarting computer...
==========================

I gues this will be useful.

The problem appears to be depmod trying to unlink (delete) a file of context type modules_object_t. I can't see any need for it to delete anything that's actually a kernel module, so perhaps you have a labelling problem?

Can you post the output of the following commands:

$ ls -lZ /lib/modules//2.6.17-1.2157_FC5

$ rpm -q --scripts kernel-module-ntfs-2.6.17-1.2157_FC5

Paul.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux