Re: Odd messages during bootup from gdm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gene Heskett wrote:
Kam Leo wrote:
On 5/4/06, Gene Heskett <gene.heskett@xxxxxxxxxxx> wrote:
Greetings;
These do not appear to be effecting gdm, but they are startling when the
screen fills with them just before its cleared and the init=3 login is
presented.
=======================
May  4 02:49:10 diablo kernel: audit(1146728943.423:302): avc:  denied
{ read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
tclass=file
May  4 02:49:10 diablo kernel: audit(1146728943.423:303): avc:  denied
{ read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
tclass=file
May  4 02:49:10 diablo kernel: audit(1146728943.423:304): avc:  denied
{ read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
tclass=file
May  4 02:49:10 diablo kernel: audit(1146728943.423:305): avc:  denied
{ read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
tclass=file
May  4 02:49:10 diablo kernel: audit(1146728943.439:306): avc:  denied
{ read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
tclass=file
May  4 02:49:10 diablo kernel: audit(1146728943.443:307): avc:  denied
{ read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
tclass=file
May  4 02:49:10 diablo kernel: audit(1146728943.443:308): avc:  denied
{ read } for  pid=2195 comm="gpm" name="localtime" dev=hda5 ino=1289803
0 scontext=system_u:system_r:gpm_t:s0 tcontext=root:object_r:etc_t:s0
tclass=file
==================================
This is with:
root@diablo ~]# uname -a
Linux diablo.coyote.den 2.6.16-1.2096_FC5 #1 Wed Apr 19 05:14:36 EDT
2006 i686 athlon i386 GNU/Linux

I note also that earlier in the login:
===================
May  4 02:49:09 diablo kernel: md: Autodetecting RAID arrays.
May  4 02:49:09 diablo kernel: md: autorun ...
May  4 02:49:10 diablo kernel: md: ... autorun DONE.
May  4 02:49:10 diablo kernel: audit(1146728910.033:292): avc:  denied
{ search } for  pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
=3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
May  4 02:49:10 diablo kernel: audit(1146728910.033:293): avc:  denied
{ search } for  pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
=3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
May  4 02:49:10 diablo kernel: audit(1146728910.033:294): avc:  denied
{ search } for  pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
=3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
May  4 02:49:10 diablo kernel: audit(1146728910.033:295): avc:  denied
{ search } for  pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
=3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
May  4 02:49:10 diablo kernel: audit(1146728910.033:296): avc:  denied
{ search } for  pid=1173 comm="pam_console_app" name="var" dev=hda5 ino
=3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
May  4 02:49:10 diablo kernel: device-mapper: 4.5.0-ioctl (2005-10-04)
initialised: dm-devel@xxxxxxxxxx
May  4 02:49:10 diablo kernel: audit(1146728910.109:297): avc:  denied
{ search } for  pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
=3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
May  4 02:49:10 diablo kernel: audit(1146728910.113:298): avc:  denied
{ search } for  pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
=3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
May  4 02:49:10 diablo kernel: audit(1146728910.113:299): avc:  denied
{ search } for  pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
=3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
May  4 02:49:10 diablo kernel: audit(1146728910.113:300): avc:  denied
{ search } for  pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
=3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
May  4 02:49:10 diablo kernel: audit(1146728910.113:301): avc:  denied
{ search } for  pid=1181 comm="pam_console_app" name="var" dev=hda5 ino
=3208129 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c255
tcontext=system_u:object_r:file_t:s0 tclass=dir
May  4 02:49:10 diablo kernel: EXT3 FS on hda5, internal journal
May  4 02:49:10 diablo kernel: kjournald starting.  Commit interval 5
seconds
==============================
But the md related stuff has been turned off with chkconfig, so why am I
getting these messages at all?

--
Cheers, Gene


Install the policycoreutils package and pipe the errors to audit2why
to find out.
Thanks Kam.
That doesn't seem to be available for install via kyum. Since livna has been unavailable for several days now, can you suggest another repo that might have this package?
I found it was already installed.  Discovering the syntax gave very
verbose output, and that eventually led to doing this:

[root@diablo ~]# audit2allow </var/log/messages
allow crond_t self:process execheap;
allow gpm_t etc_t:file read;
allow pam_console_t file_t:dir search;
allow restorecon_t unconfined_t:unix_stream_socket { read write };
allow semanage_t unconfined_t:unix_stream_socket { read write };
allow unconfined_t lib_t:file execmod;
allow unconfined_t self:process execheap;
[root@diablo ~]# audit2allow </var/log/messages >sh
[root@diablo ~]#

2 Q's:
1.  Was that the right thing to do, and
2. Is this permanent

No reply? I note that nothing was changed in a new boot, and this is adding to the systems messages log by about 50kb per boot. What I posted above is only a small sample of a complete boot sequence.


--
Cheers, Gene




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux