Hi, in the first place I am newbie on selinux.
I have installed new machine using http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml . Everything was in order. But when I restart in "full function SELinux" in permissive mode in my log are following avc errors. I think, I forgot to install something, or turn on. Errors from dmesg: type=1400 audit(1329556527.347:3): avc: denied { read write } for pid=1 comm="init" path="/dev/console" dev="rootfs" ino=99 scontext=system_u:system_r:init_t tcontext=system_u:object_r:root_t tclass=chr_file type=1400 audit(1329556527.356:4): avc: denied { rlimitinh } for pid=1 comm="init" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:init_t tclass=process type=1400 audit(1329556527.365:5): avc: denied { siginh } for pid=1 comm="init" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:init_t tclass=process type=1400 audit(1329556527.374:6): avc: denied { noatsecure } for pid=1 comm="init" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:init_t tclass=process type=1400 audit(1329556527.385:7): avc: denied { getattr } for pid=1 comm="init" name="/" dev="selinuxfs" ino=1 scontext=system_u:system_r:init_t tcontext=system_u:object_r:security_t tclass=filesystem type=1400 audit(1329556527.419:8): avc: denied { search } for pid=1 comm="init" name="var" dev="sda3" ino=260609 scontext=system_u:system_r:init_t tcontext=system_u:object_r:file_t tclass=dir type=1400 audit(1329556527.452:9): avc: denied { rlimitinh } for pid=615 comm="rc" scontext=system_u:system_r:init_t tcontext=system_u:system_r:initrc_t tclass=process type=1400 audit(1329556527.463:10): avc: denied { siginh } for pid=615 comm="rc" scontext=system_u:system_r:init_t tcontext=system_u:system_r:initrc_t tclass=process .... type=1400 audit(1329552931.276:64): avc: denied { rlimitinh } for pid=893 comm="pvscan" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:lvm_t tclass=process type=1400 audit(1329552931.276:65): avc: denied { siginh } for pid=893 comm="pvscan" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:lvm_t tclass=process type=1400 audit(1329552931.276:66): avc: denied { noatsecure } for pid=893 comm="pvscan" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:lvm_t tclass=process type=1400 audit(1329552931.555:67): avc: denied { setattr } for pid=7 comm="kdevtmpfs" name="dm-0" dev="devtmpfs" ino=1365 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:device_t tclass=blk_file type=1400 audit(1329552931.591:68): avc: denied { rlimitinh } for pid=908 comm="dmsetup" scontext=system_u:system_r:udev_t tcontext=system_u:system_r:lvm_t tclass=process type=1400 audit(1329552931.592:69): avc: denied { siginh } for pid=908 comm="dmsetup" scontext=system_u:system_r:udev_t tcontext=system_u:system_r:lvm_t tclass=process type=1400 audit(1329552931.592:70): avc: denied { noatsecure } for pid=908 comm="dmsetup" scontext=system_u:system_r:udev_t tcontext=system_u:system_r:lvm_t tclass=process type=1400 audit(1329552932.032:71): avc: denied { read } for pid=711 comm="udevd" name="15" dev="tmpfs" ino=1182 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:udev_tbl_t tclass=lnk_file type=1400 audit(1329552932.032:72): avc: denied { unlink } for pid=896 comm="udevd" name="15" dev="tmpfs" ino=1182 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:udev_tbl_t tclass=lnk_file type=1400 audit(1329552932.095:73): avc: denied { open } for pid=896 comm="udevd" name="disk\x2fby-id\x2fata-Maxtor_7Y250M0_Y652ABXE-part5" dev="tmpfs" ino=1173 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:udev_tbl_t tclass=dir .... type=1400 audit(1329552936.309:104): avc: denied { read } for pid=1297 comm="ip" name="console" dev="tmpfs" ino=308 scontext=system_u:system_r:ifconfig_t tcontext=system_u:object_r:console_device_t tclass=chr_file type=1400 audit(1329552936.309:105): avc: denied { rlimitinh } for pid=1297 comm="ip" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:ifconfig_t tclass=process type=1400 audit(1329552936.309:106): avc: denied { siginh } for pid=1297 comm="ip" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:ifconfig_t tclass=process type=1400 audit(1329552936.309:107): avc: denied { noatsecure } for pid=1297 comm="ip" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:ifconfig_t tclass=process .... type=1400 audit(1329552936.600:108): avc: denied { write } for pid=1394 comm="mount" name="/" dev="binfmt_misc" ino=1 scontext=system_u:system_r:mount_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir .... type=1400 audit(1329552937.232:109): avc: denied { use } for pid=1519 comm="dhcpcd" path="/dev/console" dev="tmpfs" ino=308 scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:init_t tclass=fd type=1400 audit(1329552937.232:110): avc: denied { read } for pid=1519 comm="dhcpcd" path="/dev/console" dev="tmpfs" ino=308 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:console_device_t tclass=chr_file type=1400 audit(1329552937.232:111): avc: denied { rlimitinh } for pid=1519 comm="dhcpcd" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:dhcpc_t tclass=process type=1400 audit(1329552937.232:112): avc: denied { siginh } for pid=1519 comm="dhcpcd" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:dhcpc_t tclass=process type=1400 audit(1329552937.232:113): avc: denied { noatsecure } for pid=1519 comm="dhcpcd" scontext=system_u:system_r:initrc_t tcontext=system_u:system_r:dhcpc_t tclass=process .... type=1400 audit(1329552945.165:115): avc: denied { read write } for pid=1562 comm="hostname" path="socket:[2866]" dev="sockfs" ino=2866 scontext=system_u:system_r:hostname_t tcontext=system_u:system_r:dhcpc_t tclass=unix_stream_socket type=1400 audit(1329552945.165:116): avc: denied { rlimitinh } for pid=1562 comm="hostname" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:hostname_t tclass=process type=1400 audit(1329552945.165:117): avc: denied { siginh } for pid=1562 comm="hostname" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:hostname_t tclass=process type=1400 audit(1329552945.165:118): avc: denied { noatsecure } for pid=1562 comm="hostname" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:hostname_t tclass=process type=1400 audit(1329552945.221:119): avc: denied { execute } for pid=1571 comm="rc-service" name="rc" dev="sda3" ino=390958 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:rc_exec_t tclass=file type=1400 audit(1329552945.221:120): avc: denied { read open } for pid=1571 comm="rc-service" name="rc" dev="sda3" ino=390958 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:rc_exec_t tclass=file type=1400 audit(1329552945.221:121): avc: denied { execute_no_trans } for pid=1571 comm="rc-service" path="/sbin/rc" dev="sda3" ino=390958 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:rc_exec_t tclass=file type=1400 audit(1329552945.225:122): avc: denied { getattr } for pid=1571 comm="rc" path="/etc/init.d/ntpd" dev="sda3" ino=765 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:initrc_exec_t tclass=file type=1400 audit(1329552945.244:123): avc: denied { execute } for pid=1573 comm="rc" name="ntpd" dev="sda3" ino=765 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:initrc_exec_t tclass=file type=1400 audit(1329552945.244:124): avc: denied { read open } for pid=1573 comm="rc" name="ntpd" dev="sda3" ino=765 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:initrc_exec_t tclass=file Thanks -- Tomas Dobrovolny
kernconfig.pingui.xz
Description: application/xz
dmesg.pingui.xz
Description: application/xz
