[CentOS] selinux stuff - I just don't get

Mon Nov 14 15:37:08 UTC 2005
Craig White <craigwhite at azapple.com>

On Mon, 2005-11-14 at 08:29 -0200, Giovanni P. Tirloni wrote:
> Craig White wrote:
> > I am getting tons of these messages since I updated to 4.2
> > 
> > Nov 12 12:21:39 srv1 dbus: Can't send to audit system: USER_AVC pid=2839
> > uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
> > scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t
> > tclass=dbus
> > 
> > Now I can see this process...
> > 
> > # ps aux|grep 2839
> > dbus      2839  0.0  0.3 16168 1888 ?        Ssl  Nov11   0:13 dbus-
> > daemon-1 --system
> > root     17173  0.0  0.1  3748  668 pts/2    S+   12:22   0:00 grep 2839
> > 
> > but I'm wondering how do I fix selinux so that it doesn't 'deny' this?
> > 
> > Thanks
> > 
> > Craig
> > 
> > 
> 
>   RHEL update 2 has introduced some changes in the audit system. Please 
> read the release notes (kernel changes) and it'll tell you how to 
> disable that.
> 
>   http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/release- \
>        notes/as-amd64/RELEASE-NOTES-U2-x86_64-en.html
> 
>   http://www.crypt.gen.nz/selinux/faq.html
----
I have read through the SELinux manual several times and I am not that
smart.

I did do a relabel of the system but that didn't fix it.

I tried...
# cat /etc/selinux/targeted/contexts/users/root
system_r:unconfined_t   system_r:unconfined_t

# cat /etc/selinux/targeted/contexts/users/dbus
system_r:unconfined_t   system_r:unconfined_t

(copying the file for root and making a file for the user dbus)

Since this is my home system - the one I use to learn stuff on, this
isn't a huge problem like if it were a clients system but that's why I
do this...to learn.

I didn't mean to spark off a useless debate about the value of SELinux
because at this stage, most of everything has already been said and I
want to learn it, not debate it.

I don't know if this stems from my compiling my own appletalk and
megaraid modules or some other stupid thing that I have done and thus
somehow wasn't covered in the upgrade from 4.1 to 4.2 or if everyone who
upgraded from 4.1 to 4.2 sees these messages in their logs.

Anyway, thanks for the response...I joined the fedora-selinux mail list
to see if I can get some help there as this crew seems to want to debate
rather than learn.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.