LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices


Reply
  Search this Thread
Old 01-05-2007, 08:52 AM   #1
AlteRFirE
Member
 
Registered: Nov 2006
Posts: 48

Rep: Reputation: 15
audit avc : denied


heya guys, i jsut installed fc5 fresh and im haveing this stuff print on my console.
Code:
audit(1168004861.283:4): avc:  denied  { read } for  pid=1562 comm="bash" name="libtermcap.so.2.0.8" dev=hda1 ino=161666 scontext=root:sysadm_r:hotplug_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=file
audit(1168004861.283:5): avc:  denied  { getattr } for  pid=1562 comm="bash" name="libtermcap.so.2.0.8" dev=hda1 ino=161666 scontext=root:sysadm_r:hotplug_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=file
audit(1168004861.283:6): avc:  denied  { execute } for  pid=1562 comm="bash" name="libtermcap.so.2.0.8" dev=hda1 ino=161666 scontext=root:sysadm_r:hotplug_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=file
audit(1168004861.287:7): avc:  denied  { ioctl } for  pid=1562 comm="bash" name="tty1" dev=tmpfs ino=892 scontext=root:sysadm_r:hotplug_t:s0-s0:c0.c255 tcontext=root:object_r:tty_device_t:s0 tclass=chr_file
audit(1168004861.339:8): avc:  denied  { execute_no_trans } for  pid=1564 comm="bash" name="grep" dev=hda1 ino=31438 scontext=root:sysadm_r:hotplug_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=file
audit(1168004861.519:9): avc:  denied  { read } for  pid=1562 comm="bash" name="profile.d" dev=hda1 ino=47138 scontext=root:sysadm_r:hotplug_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=dir
audit(1168004861.747:10): avc:  denied  { getattr } for  pid=1583 comm="consoletype" name="tty1" dev=tmpfs ino=892 scontext=root:sysadm_r:hotplug_t:s0-s0:c0.c255 tcontext=root:object_r:tty_device_t:s0 tclass=chr_file
audit(1168004861.763:11): avc:  denied  { ioctl } for  pid=1585 comm="unicode_start" name="unicode_start" dev=hda1 ino=31497 scontext=root:sysadm_r:hotplug_t:s0-s0:c0.c255 tcontext=system_u:object_r:file_t:s0 tclass=file
what is it and how do i stop it interfering with my work?
it happens when i start/stop everything
Its really annoying , and from my side, a little worrying because i don't know what it means
Pls help
 
Old 01-05-2007, 12:43 PM   #2
nonfatalexec
Member
 
Registered: May 2006
Location: Toronto, Canada
Distribution: Fedora 17
Posts: 36

Rep: Reputation: 15
I advise you to update your system then relabel the security contexts of your entire file system. The errors you are getting indicates that the commands (comm) bash, consoletype, unicode_start cannot do certain actions (ie read, getattr, execute) with certain files/directories.

Update your system by doing something like "yum update" as root.

Relabel the security context of your filesystem by doing the following:
Code:
touch /.autorelabel
reboot
For a full explanation of the errors you were getting with the security contexts, check out http://www.redhat.com/docs/manuals/e...tion-0055.html

For a full explanation of relabeling the security context, check out http://www.redhat.com/docs/manuals/e...tion-0068.html
 
Old 01-05-2007, 06:20 PM   #3
AlteRFirE
Member
 
Registered: Nov 2006
Posts: 48

Original Poster
Rep: Reputation: 15
how does this come to happen? i just reinstalled on really good gear just yesterday
 
Old 01-06-2007, 10:32 AM   #4
nonfatalexec
Member
 
Registered: May 2006
Location: Toronto, Canada
Distribution: Fedora 17
Posts: 36

Rep: Reputation: 15
This could happen if you have permanently set SELinux to permissive, rebooted, then set SELinux to enforcing, so that the security labels are lost and consequently all files are using the default security label. When I search on Google for "system_u: object_r: file_t", I found out that this security label is the default security (http://www.linuxtopia.org/online_boo...ntexts_07.html). There could be other reasons for this happening. It is also possible that the installer "forgot" to label the filesystem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Why audit:avc:denied for jk-runtime-status? stonegu Linux - Newbie 2 04-13-2007 04:21 PM
audit avc: denied messages ? dansawyer Linux - Software 1 09-04-2006 04:44 PM
audit cupsd denied message spooon Fedora 3 07-15-2006 10:25 PM
/var/log/messages - kernel: audit(1107868785.573:0): avc: denied { getattr } lothario Linux - Security 2 02-10-2005 05:24 AM
Audit Log Messages "denied" shortsword Linux - Newbie 0 10-03-2004 06:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora

All times are GMT -5. The time now is 03:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration