From: srivasta@golden-gryphon.com (Manoj Srivastava) Date: Thu, 25 Jun 2009 13:32:02 -0500 Subject: [refpolicy] AVC denials: hostname Message-ID: <873a9oi2ql.fsf@anzu.internal.golden-gryphon.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi, I just updated to refpolicy-20090619 (late last week), and am trying to eliminate the AVC denials from my Debian unstable box (running in permissive mode). My policy-fu is a little rust, so I thought I'd report the denials here -- I hope this is the right place. I'll try and break up the reports into manageable chunks over time. These AVC denials are spit out during bootup, just after policy load. Jun 22 16:21:07 anzu kernel: type=1400 audit(1245705630.106:3): avc: denied { read write } for pid=1235 comm="hostname" name="console" dev=sdb2 ino=952166 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file Jun 22 16:21:07 anzu kernel: type=1400 audit(1245705630.137:4): avc: denied { open } for pid=1235 comm="hostname" name="urandom" dev=sdb2 ino=952137 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file The following seems to be caused by my .forward file, though I d not see why; the mail is delivered to a filter program that ought to be running as me, if the fetchmail policy is right. type=AVC msg=audit(1245708192.070:377): avc: denied { append } for pid=8226 comm="hostname" path="/home/srivasta/var/log/mailerrors" dev=dm-4 ino=6094914 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file Thanks for any help manoj -- Nobody can be as agreeable as an uninvited guest. Manoj Srivastava 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C