Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

Re: AVC message problem: msg#00109

Subject: Re: AVC message problem 
On Mon, 24 Oct 2005, Daniel J Walsh wrote:

> Tom Diehl wrote:
> > Hi all,
> >
> > Since upgrading to EL4-U2 I am getting the following avc messages in my 
> > logs:
> >
> > Oct 23 14:46:21 pocono dbus: Can't send to audit system: USER_AVC pid=3064 
> > uid=81 loginuid=-1 message=avc:  denied  { send_msg } for  
> > scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t 
> > tclass=dbus
> >
> > Can someone tell me how to go about fixing this, short of turning off 
> > selinux?
> >
> > (pocono pts13) # rpm -qa | grep selinux
> > libselinux-1.19.1-7
> > libselinux-1.19.1-7
> > selinux-policy-targeted-1.17.30-2.110
> > libselinux-devel-1.19.1-7
> > (pocono pts13) # rpm -qa dbus
> > dbus-0.22-12.EL.5
> > (pocono pts13) # uname -r
> > 2.6.9-22.ELsmp
> > (pocono pts13) #
> >
> > I get hundreds of these a day. I have tried relabeling but no change.
> >
> > The system arch is x86_64
> >
> Could you try

Yep

> 
> ftp://people.redhat.com/dwalsh/SELinux/RHEL4/u3/selinux-policy-targeted-*
> 
> We are moving to deliver an errata release of this policy.

I did the following:

(pocono pts18) # rpm -Fvh selinux-policy-targeted-1.17.30-2.117.noarch.rpm
Preparing...                ########################################### [100%]
   1:selinux-policy-targeted########################################### [100%]
(pocono pts18) #

And I got the following in the logs:

Oct 24 10:59:21 pocono dbus: Can't send to audit system: USER_AVC pid=3064 
uid=81 loginuid=-1 message=avc:  denied  { send_msg } for  
scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t 
tclass=dbus
Oct 24 10:59:31 pocono last message repeated 2 times
Oct 24 10:59:35 pocono kernel: security:  3 users, 4 roles, 354 types, 25 bools
Oct 24 10:59:35 pocono kernel: security:  55 classes, 21778 rules
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=3064 
uid=81 loginuid=-1 message=avc:  received policyload notice (seqno=1)
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=3064 
uid=81 loginuid=-1 message=avc:  4 AV entries and 4/512 buckets used, longest 
chain length 1
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=4252 
uid=508 loginuid=-1 message=avc:  received policyload notice (seqno=1)
Oct 24 10:59:35 pocono dbus: Can't send to audit system: USER_AVC pid=4252 
uid=508 loginuid=-1 message=avc:  1 AV entries and 1/512 buckets used, longest 
chain length 1

So far no more avc messages. They were showing up every 5-15 seconds
before. It has been approx 5 minutes with no avc messages. 

Is there anything else I should be looking at?

Is there a bug for this?

Thank You for the help.

Regards,

Tom Diehl               tdiehl@xxxxxxxxxxxx             Spamtrap address 
mtd123@xxxxxxxxxxxx
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: NTPD vs SELinux question, Daniel J Walsh
Next by Date:  Re: Rotate audit log?, Steve G
Previous by Thread:  Re: AVC message problem, Daniel J Walsh
Next by Thread:  Re: AVC message problem, Daniel J Walsh
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qnx.openqnx.dev...    gcc.libstdc++.c...    solaris.opensol...    information-ret...    misc.misterhous...    web.catalyst.ge...    apache.webservi...    redhat.release....    hardware.lirc/2...    kernel.autofs/2...    technology.sust...    linux.vdr/2003-...    editors.lyx.gen...    org.user-groups...    netbsd.devel.pk...    xdg.devel/2004-...    version-control...    jakarta.slide.d...    debian.packages...    creativecommons...    ports.ppc.embed...    bug-tracking.bu...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe