-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I haven't really looked very long, but there seems to be a bunch of
file_t labels in those audit messages which would indicate that the
files aren't labeled properly. What's dev mounted as? tmpfs, udev?

Antoine

guo walter wrote:
> Hi,
> 
> Any idea?
> 
> Thanks/Walter
> 
> On 9/8/07, guo walter <walter.d.guo.newsgroup@...> wrote:
>> Hi, guys, I got lots of avc lines (more than 700 lines) when running
>> dmesg, How to deal with it?
>>
>>
>> #dmesg
>> ......
>> SELinux: initialized (dev pipefs, type pipefs), uses task SIDs
>> SELinux: initialized (dev sockfs, type sockfs), uses task SIDs
>> SELinux: initialized (dev cpuset, type cpuset), not configured for
>> labeling
>> SELinux: initialized (dev proc, type proc), uses genfs_contexts
>> SELinux: initialized (dev bdev, type bdev), uses genfs_contexts
>> SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts
>> SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts
>> audit(1188994315.739:2): policy loaded auid=4294967295
>> audit(1188994315.739:3): avc:  denied  { read write } for  pid=1
>> comm="init" name="console" dev=sda5 ino=13470 scontext=system_u:system_r:init_t
>> tcontext=system_u:object_r:file_t tclass=chr_file
>> audit(1188994315.739:4): avc:  denied  { ioctl } for  pid=1 comm="init"
>> name="tty0" dev=sda5 ino=13339 scontext=system_u:system_r:init_t
>> tcontext=system_u:object_r:file_t tclass=chr_file
>> audit(1188994316.239 :5): avc:  denied  { read write } for  pid=523
>> comm="rc" name="console" dev=sda5 ino=13470
>> scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:file_t
>> tclass=chr_file
>> audit(1188994316.739 :6): avc:  denied  { read write } for  pid=525
>> comm="consoletype" name="console" dev=sda5 ino=13470
>> scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t
>> tclass=chr_file
>> audit(1188994316.739:7): avc:  denied  { search } foraudit(1188994316.739:8):
>> avc:  denied  { getattr } for  pid=525 comm="consoletype" name="console"
>> dev=sda5 ino=13470 scontext=system_u:system_r:consoletype_t
>> tcontext=system_u:object_r:file_t tclass=chr_file
>> audit(1188994316.739:9): avc:  denied  { ioctl } for  pid=525
>> comm="consoletype" name="console" dev=sda5 ino=13470
>> scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t
>> tclass=chr_file
>> audit(1188994316.739:10): avc:  denied  { ioctl } for  pid=528 comm="stty"
>> name="console" dev=sda5 ino=13470 scontext=system_u:system_r:initrc_t
>> tcontext=system_u:object_r:file_t tclass=chr_file
>> audit(1188994317.239:11): avc:  denied  { getattr } for  pid=523
>> comm="bash" name="null" dev=sda5 ino=13139
>> scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:file_t
>> tclass=chr_file
>> audit( 1188994317.239:12): avc:  denied  { read write } for  pid=532
>> comm="dmesg" name="console" dev=sda5 ino=13470
>> scontext=system_u:system_r:dmesg_t tcontext=system_u:object_r:file_t
>> tclass=chr_file
>> audit( 1188994317.239:13): avc:  denied  { read write } for  pid=535
>> comm="mount" name="console" dev=sda5 ino=13470
>> scontext=system_u:system_r:mount_t tcontext=system_u:object_r:file_t
>> tclass=chr_file
>> audit( 1188994317.239:14): avc:  denied  { read write } for  pid=580
>> comm="restorecon" name="console" dev=sda5 ino=13470
>> scontext=system_u:system_r:restorecon_t tcontext=system_u:object_r:file_t
>> tclass=chr_file
>>   pid=525 comm="consoletype" name="dev" dev=sda5 ino=12288
>> scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t
>> tclass=dir
>> audit(1188994316.739:8): avc:  denied  { getattr } for  pid=525
>> comm="consoletype" name="console" dev=sda5 ino=13470
>> scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t
>> tclass=chr_file
>> audit(1188994316.739:9): avc:  denied  { ioctl } for  pid=525
>> comm="consoletype" name="console" dev=sda5 ino=13470
>> scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t
>> tclass=chr_file
>> ......
>>
>> Thanks,
>> Walter.
>>
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG5VHEGK2zHPGK1rsRCikrAJ9nahLPL6yF7pxOpsSOg0BXqmwLQgCfSiU3
hFJGct3iOSejLHDu8BDZxAQ=
=/nXm
-----END PGP SIGNATURE-----
-- 
gentoo-hardened@g.o mailing list