Deepak Shrestha wrote:
These are probably not the relevant denials. Try to find ones from around the time you were trying the RPM install. There should be a log entry corresponding to when you did the "setenforce 0" (search for "setenforce" in /var/log/messages), and the denials of interest should be in the minutes preceding that. Paul.Thanks paul, looking for the setenforce and preceding logs, I found this, which from the point I use setenforce, installed rpm, setenforce back and reboot the computer: ============== Jul 27 12:17:47 webcomp kernel: audit(1153973867.873:11): avc: granted { setenforce } for pid=2726 comm="setenforce" scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security Jul 27 12:17:47 webcomp kernel: audit(1153973867.873:11): avc: granted { setenforce } for pid=2726 comm="setenforce" scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security Jul 27 12:17:47 webcomp kernel: audit(1153973867.873:12): enforcing=0 old_enforcing=1 auid=4294967295 Jul 27 12:18:05 webcomp kernel: audit(1153973885.002:13): avc: denied { unlink } for pid=2731 comm="depmod" name="modules.dep" dev=dm-0 ino=1147086 scontext=user_u:system_r:depmod_t:s0 tcontext=root:object_r:modules_object_t:s0 tclass=file Jul 27 12:18:10 webcomp kernel: audit(1153973890.638:14): avc: granted { setenforce } for pid=2733 comm="setenforce" scontext=user_u:system_r:unconfined_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=security Jul 27 12:18:10 webcomp kernel: audit(1153973890.638:15): enforcing=1 old_enforcing=0 auid=4294967295 Jul 27 12:22:05 webcomp smartd[1789]: System clock time adjusted to the past. Resetting next wakeup time. Jul 27 13:18:28 webcomp kernel: NTFS driver 2.1.27 [Flags: R/W MODULE]. Jul 27 13:18:28 webcomp kernel: NTFS volume version 3.1. Jul 27 13:18:28 webcomp kernel: SELinux: initialized (dev hdb1, type ntfs), uses genfs_contexts Jul 27 13:20:37 webcomp gconfd (deepak-2534): GConf server is not in use, shutting down. Jul 27 13:20:37 webcomp gconfd (deepak-2534): Exiting Jul 27 13:22:19 webcomp gdm[2264]: Restarting computer... ========================== I gues this will be useful.
The problem appears to be depmod trying to unlink (delete) a file of context type modules_object_t. I can't see any need for it to delete anything that's actually a kernel module, so perhaps you have a labelling problem?
Can you post the output of the following commands: $ ls -lZ /lib/modules//2.6.17-1.2157_FC5 $ rpm -q --scripts kernel-module-ntfs-2.6.17-1.2157_FC5 Paul.
