[DSE-User] avc: denied { search } for pid=1177 comm="rsyslogd" name="spool"
Mika Pflüger
debian at mikapflueger.de
Sun Mar 4 23:35:28 UTC 2012
Hi,
Am Sun, 04 Mar 2012 17:35:34 +0100
schrieb Eggert Ehmke <eggert.ehmke at berlin.de>:
> Hello, I am new to SELinux and installed the debian packages on a
> running stable (6.0.4 Squeeze) Intel Quadcore 64bit system, following
> this guide: http://wiki.debian.org/SELinux/
> The installation went smoothly, no problems so far. But when I reboot
> the system in enforcing mode, the boot process will die when trying
> to load the lvm2. When booted in permissive mode, I get these errors
> in dmesg:
>
> [ 10.937036] type=1400 audit(1330856386.116:7): avc: denied
> { search } for pid=1177 comm="rsyslogd" name="spool" dev=dm-0
> ino=425985 scontext=system_u:system_r:syslogd_t:s0
> tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
> [ 10.955520] type=1400 audit(1330856386.131:8): avc: denied
> { write } for pid=1177 comm="rsyslogd" name="dev" dev=dm-0 ino=442375
> scontext=system_u:system_r:syslogd_t:s0
> tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
> [ 10.955565] type=1400 audit(1330856386.131:9): avc: denied
> { add_name } for pid=1177 comm="rsyslogd" name="log"
> scontext=system_u:system_r:syslogd_t:s0
> tcontext=system_u:object_r:var_spool_t:s0 tclass=dir
> [ 10.955651] type=1400 audit(1330856386.131:10): avc: denied
> { create } for pid=1177 comm="rsyslogd" name="log"
> scontext=system_u:system_r:syslogd_t:s0
> tcontext=system_u:object_r:var_spool_t:s0 tclass=sock_file
> [ 10.967624] type=1400 audit(1330856386.143:11): avc: denied
> { setattr } for pid=1177 comm="rsyslogd" name="log" dev=dm-0
> ino=442370 scontext=system_u:system_r:syslogd_t:s0
> tcontext=system_u:object_r:var_spool_t:s0 tclass=sock_file
>
> and some more. I guess when I learn how to solve the rsyslogd related
> problems, I will be able to solve the others too.
>
> I understand that I am supposed to create some local policy rules.
> But all Howtos seem to assume that this is a simple task that must
> not be explained in detail. What am I missing?
these denials don't look like you need local policy, it looks more like
you need to activate the official policy bits that matter - could you
try and run the commands
# check-selinux-installation
# sestatus
# semodule -l
as root which report various bits about your selinux installation and
post the output?
Cheers,
Mika
--
Own your own computer. Don't use Windows 7. <http://windows7sins.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/selinux-user/attachments/20120305/4d5e56ec/attachment.pgp>
More information about the Selinux-user
mailing list