On Sat, 12 Nov 2005, Craig White wrote:
I am getting tons of these messages since I updated to 4.2
Nov 12 12:21:39 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus
Now I can see this process...
# ps aux|grep 2839 dbus 2839 0.0 0.3 16168 1888 ? Ssl Nov11 0:13 dbus- daemon-1 --system root 17173 0.0 0.1 3748 668 pts/2 S+ 12:22 0:00 grep 2839
but I'm wondering how do I fix selinux so that it doesn't 'deny' this?
I sent the below to the selinux list and got the following response:
Date: Mon, 24 Oct 2005 14:06:36 -0400 From: Daniel J Walsh dwalsh@redhat.com To: Tom Diehl tdiehl@rogueind.com Cc: fedora-selinux-list@redhat.com Subject: Re: AVC message problem
Tom Diehl wrote:
On Mon, 24 Oct 2005, Daniel J Walsh wrote:
Tom Diehl wrote:
Hi all,
Since upgrading to EL4-U2 I am getting the following avc messages in my logs:
Oct 23 14:46:21 pocono dbus: Can't send to audit system: USER_AVC pid=3064 uid=81 loginuid=-1 message=avc: denied {
send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus
Can someone tell me how to go about fixing this, short of turning off selinux?
(pocono pts13) # rpm -qa | grep selinux libselinux-1.19.1-7 libselinux-1.19.1-7 selinux-policy-targeted-1.17.30-2.110 libselinux-devel-1.19.1-7 (pocono pts13) # rpm -qa dbus dbus-0.22-12.EL.5 (pocono pts13) # uname -r 2.6.9-22.ELsmp (pocono pts13) #
I get hundreds of these a day. I have tried relabeling but no change.
The system arch is x86_64
Could you try
Yep
ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3/selinux-policy-targeted-*
We are moving to deliver an errata release of this policy.
I did the following:
(pocono pts18) # rpm -Fvh selinux-policy-targeted-1.17.30-2.117.noarch.rpm Preparing... ########################################### [100%] 1:selinux-policy-targeted########################################### [100%] (pocono pts18) #
So far no more avc messages. They were showing up every 5-15 seconds before. It has been approx 5 minutes with no avc messages.
Is there anything else I should be looking at?
Nope it should all work now.
Is there a bug for this?
Yes, hopefully we will release this as an errata, It will definitely be in U3.
Thank You for the help.
The above rpm fixed it for me, although I still do not understand the problem. :-)
Regards,
Tom Diehl tdiehl@rogueind.com Spamtrap address mtd123@rogueind.com