[gentoo-hardened] SELinux Issues (Newbie) - gentoo-hardened

From:	gOA-pSY <goa-psy@×××.net>
To:	gentoo-hardened@g.o
Subject:	[gentoo-hardened] SELinux Issues (Newbie)
Date:	Sat, 01 Nov 2003 12:54:46
Message-Id:	`5280360859.20031101135437@gmx.net`

1

Hello all,

2

3

I'm new to SELinux and just upgraded to the new 2.4.22-hardened

4

sources and other new API stuff... then i found some messages...

5

6

dmesg

7

=====

8

9

Linux version 2.4.22-hardened (root@ipx10154) (gcc version 3.3.1 20030927 (Gentoo Linux 3.3.1-r5, propolice)) #2 Sat Nov 1

10

12:51:01 CET 2003

11

...

12

Security Scaffold v1.0.0 initialized

13

SELinux:  Initializing.

14

SELinux:  Starting in permissive mode

15

There is already a security framework initialized, register_security failed.

16

Failure registering capabilities with the kernel

17

selinux_register_security:  Registering secondary module capability

18

Capability LSM initialized

19

Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)

20

Inode cache hash table entries: 32768 (order: 6, 262144 bytes)

21

Mount cache hash table entries: 512 (order: 0, 4096 bytes)

22

Buffer cache hash table entries: 32768 (order: 5, 131072 bytes)

23

Page-cache hash table entries: 131072 (order: 7, 524288 bytes)

24

25

"There is already a security framework initialized, register_security failed.

26

Failure registering capabilities with the kernel", is this an error

27

that needs to be fixed? and when, how?

28

29

make relabel

30

============

31

32

is it normal that doing this creates the following kernel messages?

33

34

avc:  denied  { read } for  pid=1237 exe=/usr/sbin/setfiles dev=03:04 ino=966657 scontext=root:staff_r:staff_t tcontext=system_u:object_r:devfs_state_t tclass=dir

35

avc:  denied  { search } for  pid=1237 exe=/usr/sbin/setfiles dev=03:04 ino=966657 scontext=root:staff_r:staff_t tcontext=system_u:object_r:devfs_state_t tclass=dir

36

avc:  denied  { getattr } for  pid=1237 exe=/usr/sbin/setfiles dev=03:04 ino=1785864 scontext=root:staff_r:staff_t tcontext=system_u:object_r:devfs_state_t tclass=file

37

avc:  denied  { getattr } for  pid=1237 exe=/usr/sbin/setfiles dev=03:04 ino=950350 scontext=root:staff_r:staff_t tcontext=system_u:object_r:devfs_state_t tclass=chr_file

38

avc:  denied  { getattr } for  pid=1237 exe=/usr/sbin/setfiles dev=03:04 ino=2998639 scontext=root:staff_r:staff_t tcontext=system_u:object_r:modules_object_t tclass=dir

39

40

make initrd

41

===========

42

43

I am getting many many denieds when running this, but it seems that

44

everything runs fine, because i get a working initrd.gz...

45

46

avc:  denied  { execute } for  pid=1255 exe=/usr/bin/make dev=03:04 ino=3096789 scontext=root:staff_r:staff_t tcontext=system_u:object_r:mkinitrd_exec_t tclass=file

47

avc:  denied  { execute_no_trans } for  pid=1255 exe=/usr/bin/make path=/sbin/mkinitrd dev=03:04 ino=3096789 scontext=root:staff_r:staff_t tcontext=system_u:object_r:mkinitrd_exec_t tclass=file

48

avc:  denied  { read } for  pid=1255 exe=/bin/bash dev=03:04 ino=3096789 scontext=root:staff_r:staff_t tcontext=system_u:object_r:mkinitrd_exec_t tclass=file

49

avc:  denied  { ioctl } for  pid=1255 exe=/bin/bash path=/sbin/mkinitrd dev=03:04 ino=3096789 scontext=root:staff_r:staff_t tcontext=system_u:object_r:mkinitrd_exec_t tclass=file

50

avc:  denied  { read } for  pid=1272 exe=/bin/gawk-3.1.3 dev=03:04 ino=3473938 scontext=root:staff_r:staff_t tcontext=system_u:object_r:modules_dep_t tclass=file

51

avc:  denied  { ioctl } for  pid=1272 exe=/bin/gawk-3.1.3 path=/lib/modules/2.4.22-hardened/modules.dep dev=03:04 ino=3473938 scontext=root:staff_r:staff_t tcontext=system_u:object_r:modules_dep_t tclass=file

52

avc:  denied  { read } for  pid=1333 exe=/sbin/nash dev=03:04 ino=4063265 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file

53

loop: loaded (max 8 devices)

54

avc:  denied  { ioctl } for  pid=1333 exe=/sbin/nash path=/dev/loop0 dev=03:04 ino=4063265 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file

55

avc:  denied  { execute } for  pid=1335 exe=/bin/bash dev=03:04 ino=1327648 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fsadm_exec_t tclass=file

56

avc:  denied  { execute_no_trans } for  pid=1335 exe=/bin/bash path=/sbin/losetup dev=03:04 ino=1327648 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fsadm_exec_t tclass=file

57

avc:  denied  { read } for  pid=1335 dev=03:04 ino=1327648 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fsadm_exec_t tclass=file

58

avc:  denied  { write } for  pid=1335 exe=/sbin/losetup dev=03:04 ino=4063265 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file

59

avc:  denied  { ipc_lock } for  pid=1335 capability=14 scontext=root:staff_r:staff_t tcontext=root:staff_r:staff_t tclass=capability

60

avc:  denied  { mounton } for  pid=1341 exe=/bin/mount path=/tmp/initrd.mnt.FpPYhc dev=03:04 ino=2015491 scontext=root:staff_r:staff_t tcontext=root:object_r:staff_tmp_t tclass=dir

61

SELinux: initialized (dev 07:00, type ext2), uses xattr

62

avc:  denied  { rmdir } for  pid=1351 exe=/bin/rm dev=07:00 ino=11 scontext=root:staff_r:staff_t tcontext=system_u:object_r:file_t tclass=dir

63

avc:  denied  { read } for  pid=1353 exe=/bin/cp dev=03:04 ino=2883892 scontext=root:staff_r:staff_t tcontext=system_u:object_r:insmod_exec_t tclass=file

64

avc:  denied  { read } for  pid=1357 exe=/bin/cp dev=03:04 ino=180315 scontext=root:staff_r:staff_t tcontext=system_u:object_r:policy_config_t tclass=file

65

avc:  denied  { read } for  pid=1358 exe=/bin/cp dev=03:04 ino=3096678 scontext=root:staff_r:staff_t tcontext=system_u:object_r:load_policy_exec_t tclass=file

66

avc:  denied  { mknod } for  pid=1359 exe=/bin/mknod capability=27 scontext=root:staff_r:staff_t tcontext=root:staff_r:staff_t tclass=capability

67

avc:  denied  { create } for  pid=1359 exe=/bin/mknod scontext=root:staff_r:staff_t tcontext=root:object_r:staff_tmp_t tclass=chr_file

68

avc:  denied  { create } for  pid=1361 exe=/bin/mknod scontext=root:staff_r:staff_t tcontext=root:object_r:staff_tmp_t tclass=blk_file

69

avc:  denied  { add_name } for  pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=system_u:object_r:file_t tclass=dir

70

avc:  denied  { create } for  pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir

71

avc:  denied  { setattr } for  pid=1371 exe=/bin/tar dev=07:00 ino=11 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir

72

avc:  denied  { search } for  pid=1371 exe=/bin/tar dev=07:00 ino=12 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir

73

avc:  denied  { write } for  pid=1371 exe=/bin/tar dev=07:00 ino=12 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir

74

avc:  denied  { add_name } for  pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir

75

avc:  denied  { create } for  pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=file

76

avc:  denied  { write } for  pid=1371 exe=/bin/tar path=/tmp/initrd.mnt.FpPYhc/bin/nash dev=07:00 ino=13 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=file

77

avc:  denied  { setattr } for  pid=1371 exe=/bin/tar dev=07:00 ino=13 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=file

78

avc:  denied  { create } for  pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=chr_file

79

avc:  denied  { setattr } for  pid=1371 exe=/bin/tar dev=07:00 ino=22 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=chr_file

80

avc:  denied  { create } for  pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=blk_file

81

avc:  denied  { setattr } for  pid=1371 exe=/bin/tar dev=07:00 ino=24 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=blk_file

82

avc:  denied  { create } for  pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=lnk_file

83

avc:  denied  { setattr } for  pid=1371 exe=/bin/tar dev=07:00 ino=33 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=lnk_file

84

avc:  denied  { remove_name } for  pid=1371 exe=/bin/tar dev=07:00 ino=15 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir

85

avc:  denied  { unlink } for  pid=1371 exe=/bin/tar dev=07:00 ino=15 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=file

86

avc:  denied  { unmount } for  pid=1372 exe=/bin/umount scontext=root:staff_r:staff_t tcontext=system_u:object_r:fs_t tclass=filesystem

87

avc:  denied  { setattr } for  pid=1372 exe=/bin/umount dev=03:04 ino=66119 scontext=root:staff_r:staff_t tcontext=root:object_r:etc_t tclass=file

88

avc:  denied  { rename } for  pid=1372 exe=/bin/umount dev=03:04 ino=66119 scontext=root:staff_r:staff_t tcontext=root:object_r:etc_t tclass=file

89

avc:  denied  { unlink } for  pid=1372 exe=/bin/umount dev=03:04 ino=66118 scontext=root:staff_r:staff_t tcontext=system_u:object_r:etc_runtime_t tclass=file

90

avc:  denied  { write } for  pid=1374 exe=/bin/bash dev=03:01 ino=2 scontext=root:staff_r:staff_t tcontext=system_u:object_r:boot_t tclass=dir

91

avc:  denied  { add_name } for  pid=1374 exe=/bin/bash scontext=root:staff_r:staff_t tcontext=system_u:object_r:boot_t tclass=dir

92

avc:  denied  { create } for  pid=1374 exe=/bin/bash scontext=root:staff_r:staff_t tcontext=root:object_r:boot_t tclass=file

93

avc:  denied  { ioctl } for  pid=1374 exe=/bin/gzip path=/boot/initrd.gz dev=03:01 ino=30 scontext=root:staff_r:staff_t tcontext=root:object_r:boot_t tclass=file

94

avc:  denied  { write } for  pid=1374 exe=/bin/gzip path=/boot/initrd.gz dev=03:01 ino=30 scontext=root:staff_r:staff_t tcontext=root:object_r:boot_t tclass=file

95

avc:  denied  { unlink } for  pid=1375 exe=/bin/rm dev=03:04 ino=2015557 scontext=root:staff_r:staff_t tcontext=root:object_r:staff_tmp_t tclass=chr_file

96

avc:  denied  { unlink } for  pid=1375 exe=/bin/rm dev=03:04 ino=2015559 scontext=root:staff_r:staff_t tcontext=root:object_r:staff_tmp_t tclass=blk_file

97

98

can you help me with this?

99

100

gOA-pSY

Gentoo Archives: gentoo-hardened

Replies

1	Hello all,
2
3	I'm new to SELinux and just upgraded to the new 2.4.22-hardened
4	sources and other new API stuff... then i found some messages...
5
6	dmesg
7	=====
8
9	Linux version 2.4.22-hardened (root@ipx10154) (gcc version 3.3.1 20030927 (Gentoo Linux 3.3.1-r5, propolice)) #2 Sat Nov 1
10	12:51:01 CET 2003
11	...
12	Security Scaffold v1.0.0 initialized
13	SELinux: Initializing.
14	SELinux: Starting in permissive mode
15	There is already a security framework initialized, register_security failed.
16	Failure registering capabilities with the kernel
17	selinux_register_security: Registering secondary module capability
18	Capability LSM initialized
19	Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
20	Inode cache hash table entries: 32768 (order: 6, 262144 bytes)
21	Mount cache hash table entries: 512 (order: 0, 4096 bytes)
22	Buffer cache hash table entries: 32768 (order: 5, 131072 bytes)
23	Page-cache hash table entries: 131072 (order: 7, 524288 bytes)
24
25	"There is already a security framework initialized, register_security failed.
26	Failure registering capabilities with the kernel", is this an error
27	that needs to be fixed? and when, how?
28
29	make relabel
30	============
31
32	is it normal that doing this creates the following kernel messages?
33
34	avc: denied { read } for pid=1237 exe=/usr/sbin/setfiles dev=03:04 ino=966657 scontext=root:staff_r:staff_t tcontext=system_u:object_r:devfs_state_t tclass=dir
35	avc: denied { search } for pid=1237 exe=/usr/sbin/setfiles dev=03:04 ino=966657 scontext=root:staff_r:staff_t tcontext=system_u:object_r:devfs_state_t tclass=dir
36	avc: denied { getattr } for pid=1237 exe=/usr/sbin/setfiles dev=03:04 ino=1785864 scontext=root:staff_r:staff_t tcontext=system_u:object_r:devfs_state_t tclass=file
37	avc: denied { getattr } for pid=1237 exe=/usr/sbin/setfiles dev=03:04 ino=950350 scontext=root:staff_r:staff_t tcontext=system_u:object_r:devfs_state_t tclass=chr_file
38	avc: denied { getattr } for pid=1237 exe=/usr/sbin/setfiles dev=03:04 ino=2998639 scontext=root:staff_r:staff_t tcontext=system_u:object_r:modules_object_t tclass=dir
39
40	make initrd
41	===========
42
43	I am getting many many denieds when running this, but it seems that
44	everything runs fine, because i get a working initrd.gz...
45
46	avc: denied { execute } for pid=1255 exe=/usr/bin/make dev=03:04 ino=3096789 scontext=root:staff_r:staff_t tcontext=system_u:object_r:mkinitrd_exec_t tclass=file
47	avc: denied { execute_no_trans } for pid=1255 exe=/usr/bin/make path=/sbin/mkinitrd dev=03:04 ino=3096789 scontext=root:staff_r:staff_t tcontext=system_u:object_r:mkinitrd_exec_t tclass=file
48	avc: denied { read } for pid=1255 exe=/bin/bash dev=03:04 ino=3096789 scontext=root:staff_r:staff_t tcontext=system_u:object_r:mkinitrd_exec_t tclass=file
49	avc: denied { ioctl } for pid=1255 exe=/bin/bash path=/sbin/mkinitrd dev=03:04 ino=3096789 scontext=root:staff_r:staff_t tcontext=system_u:object_r:mkinitrd_exec_t tclass=file
50	avc: denied { read } for pid=1272 exe=/bin/gawk-3.1.3 dev=03:04 ino=3473938 scontext=root:staff_r:staff_t tcontext=system_u:object_r:modules_dep_t tclass=file
51	avc: denied { ioctl } for pid=1272 exe=/bin/gawk-3.1.3 path=/lib/modules/2.4.22-hardened/modules.dep dev=03:04 ino=3473938 scontext=root:staff_r:staff_t tcontext=system_u:object_r:modules_dep_t tclass=file
52	avc: denied { read } for pid=1333 exe=/sbin/nash dev=03:04 ino=4063265 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file
53	loop: loaded (max 8 devices)
54	avc: denied { ioctl } for pid=1333 exe=/sbin/nash path=/dev/loop0 dev=03:04 ino=4063265 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file
55	avc: denied { execute } for pid=1335 exe=/bin/bash dev=03:04 ino=1327648 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fsadm_exec_t tclass=file
56	avc: denied { execute_no_trans } for pid=1335 exe=/bin/bash path=/sbin/losetup dev=03:04 ino=1327648 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fsadm_exec_t tclass=file
57	avc: denied { read } for pid=1335 dev=03:04 ino=1327648 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fsadm_exec_t tclass=file
58	avc: denied { write } for pid=1335 exe=/sbin/losetup dev=03:04 ino=4063265 scontext=root:staff_r:staff_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file
59	avc: denied { ipc_lock } for pid=1335 capability=14 scontext=root:staff_r:staff_t tcontext=root:staff_r:staff_t tclass=capability
60	avc: denied { mounton } for pid=1341 exe=/bin/mount path=/tmp/initrd.mnt.FpPYhc dev=03:04 ino=2015491 scontext=root:staff_r:staff_t tcontext=root:object_r:staff_tmp_t tclass=dir
61	SELinux: initialized (dev 07:00, type ext2), uses xattr
62	avc: denied { rmdir } for pid=1351 exe=/bin/rm dev=07:00 ino=11 scontext=root:staff_r:staff_t tcontext=system_u:object_r:file_t tclass=dir
63	avc: denied { read } for pid=1353 exe=/bin/cp dev=03:04 ino=2883892 scontext=root:staff_r:staff_t tcontext=system_u:object_r:insmod_exec_t tclass=file
64	avc: denied { read } for pid=1357 exe=/bin/cp dev=03:04 ino=180315 scontext=root:staff_r:staff_t tcontext=system_u:object_r:policy_config_t tclass=file
65	avc: denied { read } for pid=1358 exe=/bin/cp dev=03:04 ino=3096678 scontext=root:staff_r:staff_t tcontext=system_u:object_r:load_policy_exec_t tclass=file
66	avc: denied { mknod } for pid=1359 exe=/bin/mknod capability=27 scontext=root:staff_r:staff_t tcontext=root:staff_r:staff_t tclass=capability
67	avc: denied { create } for pid=1359 exe=/bin/mknod scontext=root:staff_r:staff_t tcontext=root:object_r:staff_tmp_t tclass=chr_file
68	avc: denied { create } for pid=1361 exe=/bin/mknod scontext=root:staff_r:staff_t tcontext=root:object_r:staff_tmp_t tclass=blk_file
69	avc: denied { add_name } for pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=system_u:object_r:file_t tclass=dir
70	avc: denied { create } for pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir
71	avc: denied { setattr } for pid=1371 exe=/bin/tar dev=07:00 ino=11 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir
72	avc: denied { search } for pid=1371 exe=/bin/tar dev=07:00 ino=12 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir
73	avc: denied { write } for pid=1371 exe=/bin/tar dev=07:00 ino=12 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir
74	avc: denied { add_name } for pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir
75	avc: denied { create } for pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=file
76	avc: denied { write } for pid=1371 exe=/bin/tar path=/tmp/initrd.mnt.FpPYhc/bin/nash dev=07:00 ino=13 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=file
77	avc: denied { setattr } for pid=1371 exe=/bin/tar dev=07:00 ino=13 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=file
78	avc: denied { create } for pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=chr_file
79	avc: denied { setattr } for pid=1371 exe=/bin/tar dev=07:00 ino=22 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=chr_file
80	avc: denied { create } for pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=blk_file
81	avc: denied { setattr } for pid=1371 exe=/bin/tar dev=07:00 ino=24 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=blk_file
82	avc: denied { create } for pid=1371 exe=/bin/tar scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=lnk_file
83	avc: denied { setattr } for pid=1371 exe=/bin/tar dev=07:00 ino=33 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=lnk_file
84	avc: denied { remove_name } for pid=1371 exe=/bin/tar dev=07:00 ino=15 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=dir
85	avc: denied { unlink } for pid=1371 exe=/bin/tar dev=07:00 ino=15 scontext=root:staff_r:staff_t tcontext=root:object_r:file_t tclass=file
86	avc: denied { unmount } for pid=1372 exe=/bin/umount scontext=root:staff_r:staff_t tcontext=system_u:object_r:fs_t tclass=filesystem
87	avc: denied { setattr } for pid=1372 exe=/bin/umount dev=03:04 ino=66119 scontext=root:staff_r:staff_t tcontext=root:object_r:etc_t tclass=file
88	avc: denied { rename } for pid=1372 exe=/bin/umount dev=03:04 ino=66119 scontext=root:staff_r:staff_t tcontext=root:object_r:etc_t tclass=file
89	avc: denied { unlink } for pid=1372 exe=/bin/umount dev=03:04 ino=66118 scontext=root:staff_r:staff_t tcontext=system_u:object_r:etc_runtime_t tclass=file
90	avc: denied { write } for pid=1374 exe=/bin/bash dev=03:01 ino=2 scontext=root:staff_r:staff_t tcontext=system_u:object_r:boot_t tclass=dir
91	avc: denied { add_name } for pid=1374 exe=/bin/bash scontext=root:staff_r:staff_t tcontext=system_u:object_r:boot_t tclass=dir
92	avc: denied { create } for pid=1374 exe=/bin/bash scontext=root:staff_r:staff_t tcontext=root:object_r:boot_t tclass=file
93	avc: denied { ioctl } for pid=1374 exe=/bin/gzip path=/boot/initrd.gz dev=03:01 ino=30 scontext=root:staff_r:staff_t tcontext=root:object_r:boot_t tclass=file
94	avc: denied { write } for pid=1374 exe=/bin/gzip path=/boot/initrd.gz dev=03:01 ino=30 scontext=root:staff_r:staff_t tcontext=root:object_r:boot_t tclass=file
95	avc: denied { unlink } for pid=1375 exe=/bin/rm dev=03:04 ino=2015557 scontext=root:staff_r:staff_t tcontext=root:object_r:staff_tmp_t tclass=chr_file
96	avc: denied { unlink } for pid=1375 exe=/bin/rm dev=03:04 ino=2015559 scontext=root:staff_r:staff_t tcontext=root:object_r:staff_tmp_t tclass=blk_file
97
98	can you help me with this?
99
100	gOA-pSY