On Sat, Aug 05, 2006 at 10:54:56AM +0100, Paul Howarth wrote:
> > audit(1154723141.305.3): avc : denied {relabel} for pid=2044
> > comm="login" name="tty1" dev=tmpfs ino=727
> > scontext=system_u:system_r:kernel_t
> > tcontext=root:object_r:tty_device_t tclass=chr_file
>
> This looks like a similar problem to that reported by Axel Thimm on
> fedora-selinux-list last week, namely regular user processes running in
> kernel_t.
Yes, that was because there was a missing reboot after the full
relabeling, and init initiated daemons were running in kernel_t, and
their children (including bash root logins) in hotplug_t. But the OP
reports having done several reboots since the relabelling, and his
children processes are kernel_t, not hotplug_t, so perhaps the issue
is something different.
(or maybe just different because of FC4 vs FC5 differences, I was
having my troubles under FC5)
--
Axel.Thimm at ATrpms.net
Attachment:
pgpopkMS6j3Jw.pgp
Description: PGP signature
