Re: setroub;eshoot problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Max,

To answer your question from yesterday, I had been getting the same errors even before I installed the policies yesterday which is strange because the messages indicate that a policy was loaded. Is there a built-in default policy? Where do I go from here?

Thanks,
Steve

>From /var/log/messages:

Jul  1 18:53:55 asa-ws-053 setroubleshoot: [program.ERROR] setroubleshoot generated AVC, exiting to avoid recursion, context=system_u:system_r:setroubleshootd_t:s0, AVC scontext=system_u:system_r:setroubleshootd_t:s0

and 

Jul  1 18:53:51 asa-ws-053 kernel: security:  class peer not defined in policy
Jul  1 18:53:51 asa-ws-053 kernel: security:  class capability2 not defined in policy
Jul  1 18:53:51 asa-ws-053 kernel: security:  permission recvfrom in class node not defined in policy
Jul  1 18:53:51 asa-ws-053 kernel: security:  permission sendto in class node not defined in policy
Jul  1 18:53:51 asa-ws-053 kernel: security:  permission ingress in class netif not defined in policy
Jul  1 18:53:51 asa-ws-053 kernel: security:  permission egress in class netif not defined in policy
Jul  1 18:53:51 asa-ws-053 kernel: security:  permission setfcap in class capability not defined in policy
Jul  1 18:53:51 asa-ws-053 kernel: security:  permission forward_in in class packet not defined in policy
Jul  1 18:53:51 asa-ws-053 kernel: security:  permission forward_out in class packet not defined in policy
Jul  1 18:53:51 asa-ws-053 kernel: SELinux: policy loaded with handle_unknown=deny
Jul  1 18:53:51 asa-ws-053 kernel: type=1403 audit(1214938405.305:2): policy loaded auid=4294967295 ses=4294967295
Jul  1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938406.918:3): avc:  denied  { read write } for  pid=505 comm="restorecon" path="/dev/console" dev=tmpfs ino=233 scontext=system_u:system_r:setfiles_t:s0 tcontext=system_u:object_r:tmpfs_t:s0 tclass=chr_file
Jul  1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.569:4): avc:  denied  { create } for  pid=739 comm="hwclock" scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tclass=netlink_audit_socket
Jul  1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.583:5): avc:  denied  { getattr } for  pid=739 comm="hwclock" path="/etc/adjtime" dev=dm-0 ino=36569532 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:adjtime_t:s0 tclass=file
Jul  1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.583:6): avc:  denied  { read } for  pid=739 comm="hwclock" name="adjtime" dev=dm-0 ino=36569532 scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 tcontext=system_u:object_r:adjtime_t:s0 tclass=file
Jul  1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.938:7): avc:  denied  { sys_nice } for  pid=611 comm="modprobe" capability=23 scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability
Jul  1 18:53:51 asa-ws-053 kernel: type=1400 audit(1214938408.938:8): avc:  denied  { setsched } for  pid=611 comm="modprobe" scontext=system_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=process

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux