Re: Odd messages during bootup from gdm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Gene Heskett wrote:

Paul Howarth wrote:

Gene Heskett wrote:

2 Q's:
1.  Was that the right thing to do, and


No. The "allow" commands are not shell commands.
See: http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow


bookmarked for study when I get in tonight, thanks

2. Is this permanent
No, since it wouldn't have actually done anything. Loading a module using "semodule" as described in the link above is permanent though. 

Before doing any of this, I would bear in mind a few things:
1. The AVC messages you're getting appear to be for several different processes, suggesting that there are several different issues here. 


yes, there are several more "stanza's" of this in the logs.
2. Are any of these issues symptoms of an actual problem, other than annoying messages coming up on the screen?
It has since day one sprinkled messages throughout the logs about the dvdd/cd writer being confused.
ISTR something about this on the list not too long ago. Thought it might be a hardware problem actually. 

 > NDI if this is related, and it did work
for making dvd's under XP, and has read anything I put in it except audio disks, those the players go thru all the motions of playing, but no sound actually comes out.
3. The best solution might not be to "allow" these actions at all - some may be due to file contexts being wrong, others might be harmless and better off "dontaudit"ed instead,
Have you at any time booted with SELinux disabled and have not since done a full relabel? I'm guessing that you have. 
right, as  a test once


What's the output of:

$ ls -lZd /etc/localtime /var

I would expect:
 -rw-r--r--  root     root     system_u:object_r:locale_t /etc/localtime
drwxr-xr-x  root     root     system_u:object_r:var_t          /var


[root@diablo ~]# ls -lZd /etc/localtime /var
-rw-r--r-- root root root:object_r:etc_t /etc/localtime 
drwxr-xr-x  root     root     system_u:object_r:var_t          /var


You seem to have these as etc_t and file_t respectively.


I was right about one of them then :-)
I'd suggest relabelling the system before trying anything else. This will take a long time so schedule it at an appropriate time.
Set SELinux to permissive mode, reboot, and in the grub menu add "autorelabel" to the end of the "kernel" line.
After rebooting you can change SELinux back to enforcing mode if that's the setting you had before. 

That will probably fix most of the AVC issues you're seeing.

Paul.
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux