Johan Vromans <jvromans(a)squirrel.nl> writes:
Respin with repos fedora and fedora-updates, selinux enforced,
yields
two AVC denials. Messages attached.
Respin with repos fedora, fedora-updates, and updates-testing, selinux
enforced, yields no AVC denials because it starts in permissive mode,
despite of /etc/reslinux/config containing 'SELINUX=enforcing'.
dmesg shows:
Security Framework initialized
SELinux: Initializing.
SELinux: Starting in permissive mode
This concludes my testing. Suggestions welcome
-- Johan
--- dmesg ---
Initializing cgroup subsys cpuset
Initializing cgroup subsys cpu
Linux version 2.6.34.7-56.fc13.i686 (mockbuild(a)x86-09.phx2.fedoraproject.org) (gcc version
4.4.4 20100630 (Red Hat 4.4.4-10) (GCC) ) #1 SMP Wed Sep 15 03:33:58 UTC 2010
BIOS-provided physical RAM map:
BIOS-e820: 0000000000000000 - 000000000009fc00 (usable)
BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved)
BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved)
BIOS-e820: 0000000000100000 - 000000001fff0000 (usable)
BIOS-e820: 000000001fff0000 - 0000000020000000 (ACPI data)
BIOS-e820: 00000000fffc0000 - 0000000100000000 (reserved)
Using x86 segment limits to approximate NX protection
DMI 2.5 present.
e820 update range: 0000000000000000 - 0000000000001000 (usable) ==> (reserved)
e820 remove range: 00000000000a0000 - 0000000000100000 (usable)
last_pfn = 0x1fff0 max_arch_pfn = 0x100000
MTRR default type: uncachable
MTRR variable ranges disabled:
x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
CPU MTRRs all blank - virtualized system.
initial memory mapped : 0 - 01000000
init_memory_mapping: 0000000000000000-000000001fff0000
0000000000 - 0000400000 page 4k
0000400000 - 001fc00000 page 2M
001fc00000 - 001fff0000 page 4k
kernel direct mapping tables up to 1fff0000 @ 7000-d000
RAMDISK: 1f840000 - 1ffcf000
ACPI: RSDP 000e0000 00024 (v02 VBOX )
ACPI: XSDT 1fff0030 00034 (v01 VBOX VBOXXSDT 00000001 ASL 00000061)
ACPI: FACP 1fff00f0 000F4 (v04 VBOX VBOXFACP 00000001 ASL 00000061)
ACPI: DSDT 1fff0410 018FF (v01 VBOX VBOXBIOS 00000002 INTL 20050309)
ACPI: FACS 1fff0200 00040
ACPI: SSDT 1fff0240 001CC (v01 VBOX VBOXCPUT 00000002 INTL 20050309)
0MB HIGHMEM available.
511MB LOWMEM available.
mapped low ram: 0 - 1fff0000
low ram: 0 - 1fff0000
node 0 low ram: 00000000 - 1fff0000
node 0 bootmap 0000a000 - 0000e000
(9/32 early reservations) ==> bootmem [0000000000 - 001fff0000]
#0 [0000001000 - 0000002000] EX TRAMPOLINE ==> [0000001000 - 0000002000]
#1 [0000400000 - 0000b33130] TEXT DATA BSS ==> [0000400000 - 0000b33130]
#2 [001f840000 - 001ffcf000] RAMDISK ==> [001f840000 - 001ffcf000]
#3 [000009fc00 - 0000100000] BIOS reserved ==> [000009fc00 - 0000100000]
#4 [0000b34000 - 0000b38071] BRK ==> [0000b34000 - 0000b38071]
#5 [0000002000 - 0000003000] TRAMPOLINE ==> [0000002000 - 0000003000]
#6 [0000003000 - 0000007000] ACPI WAKEUP ==> [0000003000 - 0000007000]
#7 [0000007000 - 000000a000] PGTABLE ==> [0000007000 - 000000a000]
#8 [000000a000 - 000000e000] BOOTMAP ==> [000000a000 - 000000e000]
Zone PFN ranges:
DMA 0x00000001 -> 0x00001000
Normal 0x00001000 -> 0x0001fff0
HighMem empty
Movable zone start PFN for each node
early_node_map[2] active PFN ranges
0: 0x00000001 -> 0x0000009f
0: 0x00000100 -> 0x0001fff0
On node 0 totalpages: 130958
free_area_init_node: node 0, pgdat c09b5d40, node_mem_map c1001020
DMA zone: 32 pages used for memmap
DMA zone: 0 pages reserved
DMA zone: 3966 pages, LIFO batch:0
Normal zone: 992 pages used for memmap
Normal zone: 125968 pages, LIFO batch:31
Using APIC driver default
ACPI: PM-Timer IO Port: 0x4008
SMP: Allowing 1 CPUs, 0 hotplug CPUs
Found and enabled local APIC!
nr_irqs_gsi: 16
PM: Registered nosave memory: 000000000009f000 - 00000000000a0000
PM: Registered nosave memory: 00000000000a0000 - 00000000000f0000
PM: Registered nosave memory: 00000000000f0000 - 0000000000100000
Allocating PCI resources starting at 20000000 (gap: 20000000:dffc0000)
Booting paravirtualized kernel on bare hardware
setup_percpu: NR_CPUS:32 nr_cpumask_bits:32 nr_cpu_ids:1 nr_node_ids:1
PERCPU: Embedded 14 pages/cpu @c1800000 s34324 r0 d23020 u4194304
pcpu-alloc: s34324 r0 d23020 u4194304 alloc=1*4194304
pcpu-alloc: [0] 0
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 129934
Kernel command line: initrd=initrd0.img root=live:CDLABEL=Fedora13Live-20100928
rootfstype=auto ro liveimg quiet rhgb rd_NO_LUKS rd_NO_MD rd_NO_DM BOOT_IMAGE=vmlinuz0
PID hash table entries: 2048 (order: 1, 8192 bytes)
Dentry cache hash table entries: 65536 (order: 6, 262144 bytes)
Inode-cache hash table entries: 32768 (order: 5, 131072 bytes)
Enabling fast FPU save and restore... done.
Enabling unmasked SIMD FPU exception support... done.
Initializing CPU#0
allocated 2621100 bytes of page_cgroup
please try 'cgroup_disable=memory' option if you don't want memory cgroups
Initializing HighMem for node 0 (00000000:00000000)
Memory: 501532k/524224k available (3671k kernel code, 22300k reserved, 2301k data, 548k
init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xffad5000 - 0xfffff000 (5288 kB)
pkmap : 0xff400000 - 0xff800000 (4096 kB)
vmalloc : 0xe07f0000 - 0xff3fe000 ( 492 MB)
lowmem : 0xc0000000 - 0xdfff0000 ( 511 MB)
.init : 0xc09d6000 - 0xc0a5f000 ( 548 kB)
.data : 0xc0795e5a - 0xc09d5590 (2301 kB)
.text : 0xc0400000 - 0xc0795e5a (3671 kB)
Checking if this processor honours the WP bit even in supervisor mode...Ok.
SLUB: Genslabs=13, HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
Hierarchical RCU implementation.
NR_IRQS:1280
Console: colour VGA+ 80x25
console [tty0] enabled
Fast TSC calibration failed
TSC: Unable to calibrate against PIT
TSC: using PMTIMER reference calibration
Detected 1865.849 MHz processor.
Calibrating delay loop (skipped), value calculated using timer frequency.. 3731.69
BogoMIPS (lpj=1865849)
Security Framework initialized
SELinux: Initializing.
SELinux: Starting in permissive mode
Mount-cache hash table entries: 512
Initializing cgroup subsys ns
Initializing cgroup subsys cpuacct
Initializing cgroup subsys memory
Initializing cgroup subsys devices
Initializing cgroup subsys freezer
Initializing cgroup subsys net_cls
Initializing cgroup subsys blkio
mce: CPU supports 0 MCE banks
using mwait in idle threads.
Performance Events: unsupported p6 CPU model 15 no PMU driver, software events only.
Checking 'hlt' instruction... OK.
SMP alternatives: switching to UP code
Freeing SMP alternatives: 20k freed
ACPI: Core revision 20100121
ACPI: setting ELCR to 0200 (from 0e20)
ftrace: converting mcount calls to 0f 1f 44 00 00
ftrace: allocating 19785 entries in 39 pages
Enabling APIC mode: Flat. Using 0 I/O APICs
weird, boot CPU (#0) not listed by the BIOS.
SMP motherboard not detected.
SMP disabled
Brought up 1 CPUs
Total of 1 processors activated (3731.69 BogoMIPS).
sizeof(vma)=88 bytes
sizeof(page)=32 bytes
sizeof(inode)=352 bytes
sizeof(dentry)=132 bytes
sizeof(ext3inode)=508 bytes
sizeof(buffer_head)=56 bytes
sizeof(skbuff)=184 bytes
sizeof(task_struct)=3264 bytes
devtmpfs: initialized
Time: 8:40:33 Date: 09/28/10
NET: Registered protocol family 16
ACPI: bus type pci registered
PCI: PCI BIOS revision 2.10 entry at 0xfc130, last bus=0
PCI: Using configuration type 1 for base access
bio: create slab <bio-0> at 0
ACPI: EC: Look up EC in DSDT
ACPI: Interpreter enabled
ACPI: (supports S0 S5)
ACPI: Using PIC for interrupt routing
ACPI: No dock devices found.
PCI: Ignoring host bridge windows from ACPI; if necessary, use "pci=use_crs" and
report a bug
ACPI: PCI Root Bridge [PCI0] (0000:00)
pci_root PNP0A03:00: host bridge window [io 0x0000-0x0cf7] (ignored)
pci_root PNP0A03:00: host bridge window [io 0x0d00-0xffff] (ignored)
pci_root PNP0A03:00: host bridge window [mem 0x000a0000-0x000bffff] (ignored)
pci_root PNP0A03:00: host bridge window [mem 0x20000000-0xffdfffff] (ignored)
pci 0000:00:01.1: reg 20: [io 0xd000-0xd00f]
pci 0000:00:02.0: reg 10: [mem 0xe0000000-0xe0ffffff pref]
pci 0000:00:03.0: reg 10: [mem 0xf0000000-0xf001ffff]
pci 0000:00:03.0: reg 18: [io 0xd010-0xd017]
pci 0000:00:04.0: reg 10: [io 0xd020-0xd03f]
pci 0000:00:04.0: reg 14: [mem 0xf0400000-0xf07fffff]
pci 0000:00:04.0: reg 18: [mem 0xf0800000-0xf0803fff pref]
pci 0000:00:05.0: reg 10: [io 0xd100-0xd1ff]
pci 0000:00:05.0: reg 14: [io 0xd200-0xd23f]
pci 0000:00:06.0: reg 10: [mem 0xf0804000-0xf0804fff]
pci 0000:00:0b.0: reg 10: [mem 0xf0805000-0xf0805fff]
pci 0000:00:0d.0: reg 10: [io 0xd240-0xd247]
pci 0000:00:0d.0: reg 18: [io 0xd250-0xd257]
pci 0000:00:0d.0: reg 20: [io 0xd260-0xd26f]
pci 0000:00:0d.0: reg 24: [mem 0xf0806000-0xf0807fff]
pci_bus 0000:00: on NUMA node 0
ACPI: PCI Interrupt Routing Table [\_SB_.PCI0._PRT]
ACPI: PCI Interrupt Link [LNKA] (IRQs *5 9 10 11)
ACPI: PCI Interrupt Link [LNKB] (IRQs 5 9 10 *11)
ACPI: PCI Interrupt Link [LNKC] (IRQs 5 9 *10 11)
ACPI: PCI Interrupt Link [LNKD] (IRQs 5 *9 10 11)
vgaarb: device added: PCI:0000:00:02.0,decodes=io+mem,owns=io+mem,locks=none
vgaarb: loaded
SCSI subsystem initialized
libata version 3.00 loaded.
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
PCI: Using ACPI for IRQ routing
PCI: pci_cache_line_size set to 64 bytes
reserve RAM buffer: 000000000009fc00 - 000000000009ffff
reserve RAM buffer: 000000001fff0000 - 000000001fffffff
NetLabel: Initializing
NetLabel: domain hash size = 128
NetLabel: protocols = UNLABELED CIPSOv4
NetLabel: unlabeled traffic allowed by default
Switching to clocksource tsc
pnp: PnP ACPI init
ACPI: bus type pnp registered
pnp: PnP ACPI: found 5 devices
ACPI: ACPI bus type pnp unregistered
pci_bus 0000:00: resource 0 [io 0x0000-0xffff]
pci_bus 0000:00: resource 1 [mem 0x00000000-0xffffffff]
NET: Registered protocol family 2
IP route cache hash table entries: 4096 (order: 2, 16384 bytes)
TCP established hash table entries: 16384 (order: 5, 131072 bytes)
TCP bind hash table entries: 16384 (order: 5, 131072 bytes)
TCP: Hash tables configured (established 16384 bind 16384)
TCP reno registered
UDP hash table entries: 256 (order: 1, 8192 bytes)
UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
NET: Registered protocol family 1
pci 0000:00:00.0: Limiting direct PCI/PCI transfers
pci 0000:00:01.0: Activating ISA DMA hang workarounds
pci 0000:00:02.0: Boot video device
PCI: CLS 0 bytes, default 64
Trying to unpack rootfs image as initramfs...
Freeing initrd memory: 7740k freed
platform rtc_cmos: registered platform RTC device (no PNP device found)
apm: BIOS version 1.2 Flags 0x03 (Driver version 1.16ac)
apm: overridden by ACPI.
audit: initializing netlink socket (disabled)
type=2000 audit(1285663232.816:1): initialized
HugeTLB registered 4 MB page size, pre-allocated 0 pages
VFS: Disk quotas dquot_6.5.2
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
msgmni has been set to 994
SELinux: Registering netfilter hooks
alg: No test for stdrng (krng)
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
io scheduler noop registered
io scheduler deadline registered
io scheduler cfq registered (default)
pci_hotplug: PCI Hot Plug PCI Core version: 0.5
pciehp: PCI Express Hot Plug Controller Driver version: 0.4
acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
pci-stub: invalid id string ""
ACPI: AC Adapter [AC] (on-line)
input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
ACPI: Power Button [PWRF]
input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
ACPI: Sleep Button [SLPF]
isapnp: Scanning for PnP cards...
isapnp: No Plug & Play device found
Non-volatile memory driver v1.3
Linux agpgart interface v0.103
Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
brd: module loaded
loop: module loaded
ahci 0000:00:0d.0: version 3.0
ACPI: PCI Interrupt Link [LNKA] enabled at IRQ 5
PCI: setting IRQ 5 as level-triggered
ahci 0000:00:0d.0: PCI INT A -> Link[LNKA] -> GSI 5 (level, low) -> IRQ 5
ahci: SSS flag set, parallel bus scan disabled
ahci 0000:00:0d.0: AHCI 0001.0100 32 slots 1 ports 3 Gbps 0x1 impl SATA mode
ahci 0000:00:0d.0: flags: 64bit ncq stag only ccc
ahci 0000:00:0d.0: setting latency timer to 64
scsi0 : ahci
ata1: SATA max UDMA/133 abar m8192@0xf0806000 port 0xf0806100 irq 5
ata_piix 0000:00:01.1: version 2.13
ata_piix 0000:00:01.1: setting latency timer to 64
scsi1 : ata_piix
scsi2 : ata_piix
ata2: PATA max UDMA/33 cmd 0x1f0 ctl 0x3f6 bmdma 0xd000 irq 14
ata3: PATA max UDMA/33 cmd 0x170 ctl 0x376 bmdma 0xd008 irq 15
Fixed MDIO Bus: probed
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 10
PCI: setting IRQ 10 as level-triggered
ehci_hcd 0000:00:0b.0: PCI INT A -> Link[LNKC] -> GSI 10 (level, low) -> IRQ 10
ehci_hcd 0000:00:0b.0: setting latency timer to 64
ehci_hcd 0000:00:0b.0: EHCI Host Controller
ehci_hcd 0000:00:0b.0: new USB bus registered, assigned bus number 1
ehci_hcd 0000:00:0b.0: irq 10, io mem 0xf0805000
ehci_hcd 0000:00:0b.0: USB 2.0 started, EHCI 1.00
usb usb1: New USB device found, idVendor=1d6b, idProduct=0002
usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
usb usb1: Product: EHCI Host Controller
usb usb1: Manufacturer: Linux 2.6.34.7-56.fc13.i686 ehci_hcd
usb usb1: SerialNumber: 0000:00:0b.0
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 8 ports detected
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
ACPI: PCI Interrupt Link [LNKB] enabled at IRQ 11
PCI: setting IRQ 11 as level-triggered
ohci_hcd 0000:00:06.0: PCI INT A -> Link[LNKB] -> GSI 11 (level, low) -> IRQ 11
ohci_hcd 0000:00:06.0: setting latency timer to 64
ohci_hcd 0000:00:06.0: OHCI Host Controller
ohci_hcd 0000:00:06.0: new USB bus registered, assigned bus number 2
ohci_hcd 0000:00:06.0: irq 11, io mem 0xf0804000
usb usb2: New USB device found, idVendor=1d6b, idProduct=0001
usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
usb usb2: Product: OHCI Host Controller
usb usb2: Manufacturer: Linux 2.6.34.7-56.fc13.i686 ohci_hcd
usb usb2: SerialNumber: 0000:00:06.0
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 8 ports detected
uhci_hcd: USB Universal Host Controller Interface driver
PNP: PS/2 Controller [PNP0303:PS2K,PNP0f03:PS2M] at 0x60,0x64 irq 1,12
serio: i8042 KBD port at 0x60,0x64 irq 1
serio: i8042 AUX port at 0x60,0x64 irq 12
mice: PS/2 mouse device common for all mice
input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input2
rtc_cmos rtc_cmos: rtc core: registered rtc_cmos as rtc0
rtc0: alarms up to one day, 114 bytes nvram
device-mapper: uevent: version 1.0.3
device-mapper: ioctl: 4.17.0-ioctl (2010-03-05) initialised: dm-devel(a)redhat.com
psmouse serio1: ID: 10 00 64
cpuidle: using governor ladder
cpuidle: using governor menu
usbcore: registered new interface driver hiddev
usbcore: registered new interface driver usbhid
usbhid: USB HID core driver
nf_conntrack version 0.5.0 (7957 buckets, 31828 max)
CONFIG_NF_CT_ACCT is deprecated and will be removed soon. Please use
nf_conntrack.acct=1 kernel parameter, acct=1 nf_conntrack module option or
sysctl net.netfilter.nf_conntrack_acct=1 to enable it.
ip_tables: (C) 2000-2006 Netfilter Core Team
TCP cubic registered
Initializing XFRM netlink socket
NET: Registered protocol family 17
Using IPI No-Shortcut mode
PM: Resume from disk failed.
registered taskstats version 1
No TPM chip found, activating TPM-bypass!
Magic number: 10:103:676
rtc_cmos rtc_cmos: setting system clock to 2010-09-28 08:40:34 UTC (1285663234)
Initalizing network drop monitor service
input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input3
ata2.00: ATAPI: VBOX CD-ROM, 1.0, max UDMA/133
ata2.00: configured for UDMA/33
ata1: SATA link down (SStatus 0 SControl 300)
scsi 1:0:0:0: CD-ROM VBOX CD-ROM 1.0 PQ: 0 ANSI: 5
sr0: scsi3-mmc drive: 32x/32x xa/form2 tray
Uniform CD-ROM driver Revision: 3.20
sr 1:0:0:0: Attached scsi CD-ROM sr0
sr 1:0:0:0: Attached scsi generic sg0 type 5
Freeing unused kernel memory: 548k freed
Write protecting the kernel text: 3672k
Write protecting the kernel read-only data: 1756k
usb 2-1: new full speed USB device using ohci_hcd and address 2
dracut: dracut-005-4.fc13
dracut: rd_NO_LUKS: removing cryptoluks activation
dracut: root was live:/dev/disk/by-label/Fedora13Live-20100928, liveroot is now
live:CDLABEL=Fedora13Live-20100928
udev: starting version 153
usb 2-1: New USB device found, idVendor=80ee, idProduct=0021
usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
usb 2-1: Product: USB Tablet
usb 2-1: Manufacturer: VirtualBox
input: VirtualBox USB Tablet as
/devices/pci0000:00/0000:00:06.0/usb2/2-1/2-1:1.0/input/input4
generic-usb 0003:80EE:0021.0001: input,hidraw0: USB HID v1.10 Mouse [VirtualBox USB
Tablet] on usb-0000:00:06.0-1/input0
hrtimer: interrupt took 5128481 ns
dracut: Starting plymouth daemon
dracut: rd_NO_DM: removing DM RAID activation
dracut: rd_NO_MD: removing MD RAID activation
ISO 9660 Extensions: Microsoft Joliet Level 3
ISO 9660 Extensions: RRIP_1991A
squashfs: version 4.0 (2009/01/31) Phillip Lougher
EXT4-fs (dm-0): mounted filesystem with ordered data mode
dracut: Mounted root filesystem /dev/mapper/live-rw
dracut: Switching root
readahead: starting
udev: starting version 153
Intel(R) PRO/1000 Network Driver - version 7.3.21-k5-NAPI
Copyright (c) 1999-2006 Intel Corporation.
e1000 0000:00:03.0: PCI INT A -> Link[LNKC] -> GSI 10 (level, low) -> IRQ 10
e1000 0000:00:03.0: setting latency timer to 64
e1000: 0000:00:03.0: e1000_probe: (PCI:33MHz:32-bit) 08:00:27:b5:2a:78
microcode: CPU0 sig=0x6f2, pf=0x1, revision=0x0
microcode: Microcode Update Driver: v2.00 <tigran(a)aivazian.fsnet.co.uk>, Peter
Oruba
parport_pc 00:04: reported by Plug and Play ACPI
ppdev: user-space parallel port driver
microcode: CPU0 update to revision 0x5a failed
microcode: CPU0 update to revision 0x5a failed
microcode: CPU0 update to revision 0x5a failed
e1000: eth0: e1000_probe: Intel(R) PRO/1000 Network Connection
piix4_smbus 0000:00:07.0: SMBus base address uninitialized - upgrade BIOS or use
force_addr=0xaddr
Intel ICH 0000:00:05.0: PCI INT A -> Link[LNKA] -> GSI 5 (level, low) -> IRQ 5
Intel ICH 0000:00:05.0: setting latency timer to 64
intel8x0_measure_ac97_clock: measured 92075 usecs (11525 samples)
intel8x0: measured clock 125169 rejected
intel8x0_measure_ac97_clock: measured 53213 usecs (11290 samples)
intel8x0: measured clock 212166 rejected
intel8x0_measure_ac97_clock: measured 50904 usecs (11419 samples)
intel8x0: measured clock 224324 rejected
intel8x0: clocking to 48000
NET: Registered protocol family 10
lo: Disabled Privacy Extensions
ip6_tables: (C) 2000-2006 Netfilter Core Team
e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
eth0: no IPv6 routers present
fuse init (API version 7.13)