On 08/26/2010 12:37 PM, Arthur Dent wrote:
On Thu, 2010-08-26 at 11:58 +0200, Dominick Grift wrote:
> On 08/26/2010 11:48 AM, Arthur Dent wrote:
>> Hello all,
>>
>> Working with Dominick to solve my clamd denial problem has caused me to
>> use ausearch more often than I normally would.
>>
>> This has revealed a large and constant amount of these messages:
>
> Do semodule -B to hide any denials that are should not be displayed
> (they are hidden on purpose)
Actually Dominick, this *is* with semodule -B
only the "{ 0x400000 }"'s are with semodule -B i believe. The other AVC
denials are so called dontaudited (hidden by default)
----
time->Thu Aug 26 11:25:11 2010
type=AVC msg=audit(1282818311.906:55953): avc: denied { 0x400000 } for
pid=1219 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 11:25:10 2010
type=AVC msg=audit(1282818310.564:55924): avc: denied { 0x400000 } for
pid=1219 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
----
time->Thu Aug 26 11:25:51 2010
type=AVC msg=audit(1282818351.672:55954): avc: denied { 0x400000 } for
pid=1219 comm="nfsd" name="" dev=sda11 ino=28365
scontext=system_u:system_r:kernel_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=file
Just a small sample. There are hundreds more. But if you say they are
harmless then I guess I will just leave them alone...
In my previous reply i enclosed an URL to a related bug report. This
bugzilla report includes a method to hide the symptoms of this bug.
Basically it adds a dontaudit rule:
dontaudit kernel_t unlabeled_t:file *;
If that does not work for you then you can just ignore the denials for
now, and add a "me to" reply to the bugzilla report that i enclosed in
my previous reply
Thanks
Mark
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux