Tod Merley wrote:
On 9/22/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote:
Rick Bilonick wrote:
> OK, I rebooted but still get:
>
>> dmesg | grep swap
>
> Kernel command line: ro root=/dev/VolGroup00/LogVol00 rhgb quiet
> resume2=swap:/dev/hda6
> audit(1158902797.697:4): avc: denied { unlink } for pid=1852
> comm="swapon" name="blkid.tab.old" dev=dm-0 ino=1736154
> scontext=system_u:system_r:fsadm_t tcontext=root:object_r:etc_t
> tclass=file
> audit(1158902797.809:5): avc: denied { unlink } for pid=1852
> comm="swapon" name="blkid.tab.old" dev=dm-0 ino=1736154
> scontext=system_u:system_r:fsadm_t tcontext=root:object_r:etc_t
> tclass=file
/etc/blkid.tab.old appears to be labelled etc_t instead of etc_runtime_t.
This should fix the AVCs:
# restorecon -v /etc/blkid.*
Paul.
Hi Paul Howarth!
This looks like the very correct answer!
Any suggestions for those of us learning SELinux?
Lurk on fedora-selinux-list, have a read of the FC5 SELinux FAQ:
http://fedora.redhat.com/docs/selinux-faq-fc5/
Have a look at Dan Walsh's introduction:
http://fedoraproject.org/wiki/SELinux/Understanding
Best of all, run SELinux on your own boxes (even if only in permissive
mode to start with) and investigate and fix the SELinux denials you see
from your day to day usage. That's the best way of gaining understanding
IMHO.
Paul.
