On Wed, 2005-06-29 at 09:55 -0400, Stephen Smalley wrote: > On Tue, 2005-06-28 at 12:41 -0700, Ankit Jain wrote: > > i updated the new kernel 2.6.11-1.35_FC3 and new selinux policy. The > > only error I am getting is: > > audit(1119984375.342:0): avc: denied { execmod } for pid=4185 > > comm=kdm path=/usr/bin/kdm dev=hda7 ino=49541 > > scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:bin_t > > tclass=file > > and because of this I am unable to start the X-server unless I make > > enforcing=0 while booting or change /etc/selinux/config. > > Is this some problem with KDE? I updated my system to KDE 3.4 from kde-redhat. > > Are you running the new kernel? uname -r > If not, then see if you still have a problem after booting it. Other > users have reported that they do not encounter such denials with > 1.35_FC3, only with older kernels. I have seen the following denials with 1.35_FC3: Jun 27 21:46:10 epo kernel: audit(1119901570.501:0): avc: denied { execmod } for pid=20186 comm=gpg path=/usr/bin/gpg dev=hdb8 ino=328924 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:bin_t tclass=file Jun 27 21:46:36 epo kernel: audit(1119901596.637:0): avc: denied { execmod } for pid=20201 comm=gpg path=/usr/bin/gpg dev=hdb8 ino=328924 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:bin_t tclass=file Jun 27 21:46:36 epo kernel: audit(1119901596.639:0): avc: denied { execmod } for pid=20202 comm=gpg path=/usr/bin/gpg dev=hdb8 ino=328924 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:bin_t tclass=file Jun 27 21:46:36 epo kernel: audit(1119901596.673:0): avc: denied { execmod } for pid=20203 comm=gpg path=/usr/bin/gpg dev=hdb8 ino=328924 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:bin_t tclass=file Jun 27 21:46:58 epo kernel: audit(1119901618.120:0): avc: denied { execmod } for pid=20207 comm=gpg path=/usr/bin/gpg dev=hdb8 ino=328924 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:bin_t tclass=file Jun 27 21:46:58 epo kernel: audit(1119901618.178:0): avc: denied { execmod } for pid=20208 comm=gpg path=/usr/bin/gpg dev=hdb8 ino=328924 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:bin_t tclass=file Jun 27 21:46:58 epo kernel: audit(1119901618.233:0): avc: denied { execmod } for pid=20209 comm=gpg path=/usr/bin/gpg dev=hdb8 ino=328924 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:bin_t tclass=file Jun 27 21:47:56 epo kernel: audit(1119901676.202:0): avc: denied { execmod } for pid=20211 comm=gpg path=/usr/bin/gpg dev=hdb8 ino=328924 scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:bin_t tclass=file I am now running in permissive mode otherwise I get too many problems that I can't solve. > > -- > Stephen Smalley > National Security Agency > -- Regards, Erik P. Olsen GPG http://pgp.mit.edu 0x71375E63
Attachment:
signature.asc
Description: This is a digitally signed message part