Re: Permission denied during rpm installation

["Deepak Shrestha" <d88pak@xxxxxxxxx>]

On 7/28/06, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
> On Fri, 2006-07-28 at 10:48 +0100, Paul Howarth wrote:
> > Deepak Shrestha wrote:
> > >> Look in /var/log/messages, or if you're running the audit daemon
> > >> (default on in FC4), /var/log/audit/audit.log, for lines containing
> > >> "type=AVC".
> > >>
> > >> Paul.
> > >>
> > >
> > > I don't have audit directory or audit.log but issuing
> > > # cat /var/log/messages | grep AVC
> > >
> > > gives me blank result
> >
> > It's possible that any messages may have been rotated out. Try:
> >
> > $ fgrep type=AVC /var/log/messages*
> >
> > If there's nothing there then it's likely that your issue was not
> > SELinux-related.
>
> I think the type=AVC prefixes are only added if running auditd (in which
> case you'd be checking /var/log/audit/audit.log*).  Otherwise, you'd
> just get the raw audit message from the kernel in /var/log/messages.
> The safest thing is to just look for "avc:"; that will be present
> regardless.
>
> --
> Stephen Smalley
> National Security Agency
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

looking for "avc:", I found lots of entries with "denied" in /var/log/messages

the entry is rather long so posting only the fragment (hope this will
still make the point). Its is something like this
==============
Jul 24 23:39:53 webcomp kernel: audit(1153755580.824:2): avc:  denied
{ getattr } for  pid=1153 comm="mount" name="kcore" dev=proc
ino=-268435435 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file
Jul 24 23:39:54 webcomp kernel: audit(1153755580.856:3): avc:  denied
{ getattr } for  pid=1153 comm="mount" name="kcore" dev=proc
ino=-268435435 scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:proc_kcore_t:s0 tclass=file
Jul 25 11:45:16 webcomp kernel: audit(1153799116.610:8): avc:  denied
{ use } for  pid=2467 comm="bluez-pin" name="[7581]" dev=pipefs
ino=7581 scontext=user_u:system_r:bluetooth_helper_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fd
Jul 25 11:45:16 webcomp kernel: audit(1153799116.610:9): avc:  denied
{ use } for  pid=2467 comm="bluez-pin" name="[7581]" dev=pipefs
ino=7581 scontext=user_u:system_r:bluetooth_helper_t:s0
tcontext=system_u:system_r:xdm_t:s0-s0:c0.c255 tclass=fd
Jul 25 14:00:21 webcomp kernel: audit(1153807221.327:4): avc:  denied
{ use } for  pid=2291 comm="bluez-pin" name="[7243]" dev=pipefs
ino=7243 scontext=user_u:system_r:bluetooth_helper_t:s0
......
......
......
......
..... and so on
==============

What does this mean??? and most importantly why? and what is the solution?

Many thanks!