| Summary: | basepolicy: avc-denial on every daemon start/stop | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Sören Lorenz <soeren.lorenz> |
| Component: | Hardened | Assignee: | Chris PeBenito (RETIRED) <pebenito> |
| Status: | RESOLVED INVALID | ||
| Severity: | normal | CC: | kaiowas |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
are you doing this while your current directory is in /etc/security/selinux/ (or farther in)? That will cause a denial like this. No, it also happens when i'm doing this in other directories. Petre already pointed me on this. You shall not create symlinks called "selinux" in your /etc. Name it something else! It gets labeled selinux_config_t, so every program accessing /etc produces avc-denials. Sorry for bothering you with such a stupid thing. Regards, S You shall not create symlinks called "selinux" in your /etc. Name it something else! It gets labeled selinux_config_t, so every program accessing /etc produces avc-denials. Sorry for bothering you with such a stupid thing. Regards, Sören Lorenz |
Every time i start/stop a daemon by init scripts i get this: base-policy-20040906 avc: denied { search } for pid=16502 exe=/sbin/unix_chkpwd name=selinux dev=hda2 ino=150692 scontext=root:sysadm_r:sysadm_chkpwd_t tcontext=system_u:object_r:policy_config_t tclass=dir bash-2.05b# find /etc -inum 150692 /etc/security/selinux It seems to have no obvious negative consequences.