| 1 |
Hi, guys, I got lots of avc lines (more than 700 lines) when running dmesg, |
| 2 |
How to deal with it? |
| 3 |
|
| 4 |
|
| 5 |
#dmesg |
| 6 |
...... |
| 7 |
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs |
| 8 |
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs |
| 9 |
SELinux: initialized (dev cpuset, type cpuset), not configured for labeling |
| 10 |
SELinux: initialized (dev proc, type proc), uses genfs_contexts |
| 11 |
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts |
| 12 |
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts |
| 13 |
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts |
| 14 |
audit(1188994315.739:2): policy loaded auid=4294967295 |
| 15 |
audit(1188994315.739:3): avc: denied { read write } for pid=1 comm="init" |
| 16 |
name="console" dev=sda5 ino=13470 scontext=system_u:system_r:init_t |
| 17 |
tcontext=system_u:object_r:file_t tclass=chr_file |
| 18 |
audit(1188994315.739:4): avc: denied { ioctl } for pid=1 comm="init" |
| 19 |
name="tty0" dev=sda5 ino=13339 scontext=system_u:system_r:init_t |
| 20 |
tcontext=system_u:object_r:file_t tclass=chr_file |
| 21 |
audit(1188994316.239:5): avc: denied { read write } for pid=523 comm="rc" |
| 22 |
name="console" dev=sda5 ino=13470 scontext=system_u:system_r:initrc_t |
| 23 |
tcontext=system_u:object_r:file_t tclass=chr_file |
| 24 |
audit(1188994316.739:6): avc: denied { read write } for pid=525 |
| 25 |
comm="consoletype" name="console" dev=sda5 ino=13470 |
| 26 |
scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t |
| 27 |
tclass=chr_file |
| 28 |
audit(1188994316.739:7): avc: denied { search } foraudit(1188994316.739:8): |
| 29 |
avc: denied { getattr } for pid=525 comm="consoletype" name="console" |
| 30 |
dev=sda5 ino=13470 scontext=system_u:system_r:consoletype_t |
| 31 |
tcontext=system_u:object_r:file_t tclass=chr_file |
| 32 |
audit(1188994316.739:9): avc: denied { ioctl } for pid=525 |
| 33 |
comm="consoletype" name="console" dev=sda5 ino=13470 |
| 34 |
scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t |
| 35 |
tclass=chr_file |
| 36 |
audit(1188994316.739:10): avc: denied { ioctl } for pid=528 comm="stty" |
| 37 |
name="console" dev=sda5 ino=13470 scontext=system_u:system_r:initrc_t |
| 38 |
tcontext=system_u:object_r:file_t tclass=chr_file |
| 39 |
audit(1188994317.239:11): avc: denied { getattr } for pid=523 comm="bash" |
| 40 |
name="null" dev=sda5 ino=13139 scontext=system_u:system_r:initrc_t |
| 41 |
tcontext=system_u:object_r:file_t tclass=chr_file |
| 42 |
audit(1188994317.239:12): avc: denied { read write } for pid=532 |
| 43 |
comm="dmesg" name="console" dev=sda5 ino=13470 |
| 44 |
scontext=system_u:system_r:dmesg_t tcontext=system_u:object_r:file_t |
| 45 |
tclass=chr_file |
| 46 |
audit(1188994317.239:13): avc: denied { read write } for pid=535 |
| 47 |
comm="mount" name="console" dev=sda5 ino=13470 |
| 48 |
scontext=system_u:system_r:mount_t tcontext=system_u:object_r:file_t |
| 49 |
tclass=chr_file |
| 50 |
audit(1188994317.239:14): avc: denied { read write } for pid=580 |
| 51 |
comm="restorecon" name="console" dev=sda5 ino=13470 |
| 52 |
scontext=system_u:system_r:restorecon_t tcontext=system_u:object_r:file_t |
| 53 |
tclass=chr_file |
| 54 |
pid=525 comm="consoletype" name="dev" dev=sda5 ino=12288 |
| 55 |
scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t |
| 56 |
tclass=dir |
| 57 |
audit(1188994316.739:8): avc: denied { getattr } for pid=525 |
| 58 |
comm="consoletype" name="console" dev=sda5 ino=13470 |
| 59 |
scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t |
| 60 |
tclass=chr_file |
| 61 |
audit(1188994316.739:9): avc: denied { ioctl } for pid=525 |
| 62 |
comm="consoletype" name="console" dev=sda5 ino=13470 |
| 63 |
scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t |
| 64 |
tclass=chr_file |
| 65 |
...... |
| 66 |
|
| 67 |
Thanks, |
| 68 |
Walter. |
Archives