[DSE-Dev] Bug#707243: selinux-policy-default: missing permission for irqbalance_t
Michael Scherer
misc at zarb.org
Wed May 8 14:13:59 UTC 2013
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: normal
Hi,
on a freshly upgraded wheey, on boot, ircbalance produce a avc :
May 5 14:22:32 venser kernel: [ 11.593105] type=1400 audit(1367756552.598:9): avc: denied { getsched } for pid=549 comm="irqbalance" scontext=system_u:system_r:irqbalance_t:s0 tcontext=system_u:system_r:irqbalance_t:s0 tclass=process
Indeed getsched is missing from the set of permission :
/home/misc# sesearch -s irqbalance_t -t irqbalance_t -A -c process
Found 1 semantic av rules:
allow irqbalance_t irqbalance_t : process { fork sigchld sigkill sigstop signull signal getcap setcap } ;
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libsepol1 2.1.4-3
ii policycoreutils 2.1.10-9
ii python 2.7.3-4
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.1.8-2
ii setools 3.3.7-3
Versions of packages selinux-policy-default suggests:
pn logcheck <none>
pn syslog-summary <none>
-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local'
-- no debconf information
More information about the SELinux-devel
mailing list