From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Thu, 25 Jun 2009 14:58:34 -0400 Subject: [refpolicy] AVC denials: hostname In-Reply-To: <873a9oi2ql.fsf@anzu.internal.golden-gryphon.com> References: <873a9oi2ql.fsf@anzu.internal.golden-gryphon.com> Message-ID: <1245956314.4230.913.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, 2009-06-25 at 13:32 -0500, Manoj Srivastava wrote: > Hi, > > I just updated to refpolicy-20090619 (late last week), and am > trying to eliminate the AVC denials from my Debian unstable box > (running in permissive mode). My policy-fu is a little rust, so I > thought I'd report the denials here -- I hope this is the right > place. I'll try and break up the reports into manageable chunks over > time. > > These AVC denials are spit out during bootup, just after policy > load. > > Jun 22 16:21:07 anzu kernel: type=1400 audit(1245705630.106:3): avc: denied { read write } for pid=1235 comm="hostname" name="console" dev=sdb2 ino=952166 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file > Jun 22 16:21:07 anzu kernel: type=1400 audit(1245705630.137:4): avc: denied { open } for pid=1235 comm="hostname" name="urandom" dev=sdb2 ino=952137 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=chr_file Looks like mislabeled files. Are there any static device nodes under the udev /dev? > The following seems to be caused by my .forward file, though I d > not see why; the mail is delivered to a filter program that ought to be > running as me, if the fetchmail policy is right. > > type=AVC msg=audit(1245708192.070:377): avc: denied { append } for pid=8226 comm="hostname" path="/home/srivasta/var/log/mailerrors" dev=dm-4 ino=6094914 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file Perhaps this is from a leaked fd (there is no open denial)? -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150