1 |
Hi, guys, I got lots of avc lines (more than 700 lines) when running dmesg, |
2 |
How to deal with it? |
3 |
|
4 |
|
5 |
#dmesg |
6 |
...... |
7 |
SELinux: initialized (dev pipefs, type pipefs), uses task SIDs |
8 |
SELinux: initialized (dev sockfs, type sockfs), uses task SIDs |
9 |
SELinux: initialized (dev cpuset, type cpuset), not configured for labeling |
10 |
SELinux: initialized (dev proc, type proc), uses genfs_contexts |
11 |
SELinux: initialized (dev bdev, type bdev), uses genfs_contexts |
12 |
SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts |
13 |
SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts |
14 |
audit(1188994315.739:2): policy loaded auid=4294967295 |
15 |
audit(1188994315.739:3): avc: denied { read write } for pid=1 comm="init" |
16 |
name="console" dev=sda5 ino=13470 scontext=system_u:system_r:init_t |
17 |
tcontext=system_u:object_r:file_t tclass=chr_file |
18 |
audit(1188994315.739:4): avc: denied { ioctl } for pid=1 comm="init" |
19 |
name="tty0" dev=sda5 ino=13339 scontext=system_u:system_r:init_t |
20 |
tcontext=system_u:object_r:file_t tclass=chr_file |
21 |
audit(1188994316.239 :5): avc: denied { read write } for pid=523 |
22 |
comm="rc" name="console" dev=sda5 ino=13470 |
23 |
scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:file_t |
24 |
tclass=chr_file |
25 |
audit(1188994316.739 :6): avc: denied { read write } for pid=525 |
26 |
comm="consoletype" name="console" dev=sda5 ino=13470 |
27 |
scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t |
28 |
tclass=chr_file |
29 |
audit(1188994316.739:7): avc: denied { search } foraudit(1188994316.739:8): |
30 |
avc: denied { getattr } for pid=525 comm="consoletype" name="console" |
31 |
dev=sda5 ino=13470 scontext=system_u:system_r:consoletype_t |
32 |
tcontext=system_u:object_r:file_t tclass=chr_file |
33 |
audit(1188994316.739:9): avc: denied { ioctl } for pid=525 |
34 |
comm="consoletype" name="console" dev=sda5 ino=13470 |
35 |
scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t |
36 |
tclass=chr_file |
37 |
audit(1188994316.739:10): avc: denied { ioctl } for pid=528 comm="stty" |
38 |
name="console" dev=sda5 ino=13470 scontext=system_u:system_r:initrc_t |
39 |
tcontext=system_u:object_r:file_t tclass=chr_file |
40 |
audit(1188994317.239:11): avc: denied { getattr } for pid=523 comm="bash" |
41 |
name="null" dev=sda5 ino=13139 scontext=system_u:system_r:initrc_t |
42 |
tcontext=system_u:object_r:file_t tclass=chr_file |
43 |
audit( 1188994317.239:12): avc: denied { read write } for pid=532 |
44 |
comm="dmesg" name="console" dev=sda5 ino=13470 |
45 |
scontext=system_u:system_r:dmesg_t tcontext=system_u:object_r:file_t |
46 |
tclass=chr_file |
47 |
audit( 1188994317.239:13): avc: denied { read write } for pid=535 |
48 |
comm="mount" name="console" dev=sda5 ino=13470 |
49 |
scontext=system_u:system_r:mount_t tcontext=system_u:object_r:file_t |
50 |
tclass=chr_file |
51 |
audit( 1188994317.239:14): avc: denied { read write } for pid=580 |
52 |
comm="restorecon" name="console" dev=sda5 ino=13470 |
53 |
scontext=system_u:system_r:restorecon_t tcontext=system_u:object_r:file_t |
54 |
tclass=chr_file |
55 |
pid=525 comm="consoletype" name="dev" dev=sda5 ino=12288 |
56 |
scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t |
57 |
tclass=dir |
58 |
audit(1188994316.739:8): avc: denied { getattr } for pid=525 |
59 |
comm="consoletype" name="console" dev=sda5 ino=13470 |
60 |
scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t |
61 |
tclass=chr_file |
62 |
audit(1188994316.739:9): avc: denied { ioctl } for pid=525 |
63 |
comm="consoletype" name="console" dev=sda5 ino=13470 |
64 |
scontext=system_u:system_r:consoletype_t tcontext=system_u:object_r:file_t |
65 |
tclass=chr_file |
66 |
...... |
67 |
|
68 |
Thanks, |
69 |
Walter. |