Create new thread
Thorin
Show profile
Link to this post
Subject: Creative Zen Vision:M
Witam,
Mam dzis problem z moim zenem, mianowicie znalazlem fajny tutorialik jak zainstalowac zena w systemie, potrzebne paczki itp, niby wszystko mam soft itp., ale zauwazylem ze selinux zapodal mi jakims bledem, totalnie nie znam tegoz firewalla i tu prosze o pomoc.
Czy ktos ma pojecie co to moze byc? dostaje to ilekroc podlaczam ZENa do kompa (zwykly kabel usb) - bede wdzieczny za kazda okazana pomoc, tj jakies tutoriale o selinuksie czy cos co mi pomoze w tym.
Pozdrawiam
I z gory dzieki za pomoc!
Mam dzis problem z moim zenem, mianowicie znalazlem fajny tutorialik jak zainstalowac zena w systemie, potrzebne paczki itp, niby wszystko mam soft itp., ale zauwazylem ze selinux zapodal mi jakims bledem, totalnie nie znam tegoz firewalla i tu prosze o pomoc.
Summary
SELinux is preventing /sbin/pam_console_apply (pam_console_t) "getattr"
access to device /dev/2-4.
Detailed Description
SELinux has denied the /sbin/pam_console_apply (pam_console_t) "getattr"
access to device /dev/2-4. /dev/2-4 is mislabeled, this device has the
default label of the /dev directory, which should not happen. All Character
and/or Block Devices should have a label. You can attempt to change the
label of the file using restorecon -v /dev/2-4. If this device remains
labeled device_t, then this is a bug in SELinux policy. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against the selinux-policy
package. If you look at the other similar devices labels, ls -lZ
/dev/SIMILAR, and find a type that would work for /dev/2-4, you can use
chcon -t SIMILAR_TYPE /dev/2-4, If this fixes the problem, you can make this
permanent by executing semanage fcontext -a -t SIMILAR_TYPE /dev/2-4 If the
restorecon changes the context, this indicates that the application that
created the device, created it without using SELinux APIs. If you can
figure out which application created the device, please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this application.
Allowing Access
Attempt restorecon -v /dev/2-4 or chcon -t SIMILAR_TYPE /dev/2-4
Additional Information
Source Context system_u:system_r:pam_console_t:SystemLow-
SystemHigh
Target Context system_u:object_r:device_t
Target Objects /dev/2-4 [ chr_file ]
Affected RPM Packages pam-0.99.7.1-5.1.fc7 [application]
Policy RPM selinux-policy-2.6.4-29.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.device
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.22.1-27.fc7 #1 SMP
Tue Jul 17 17:13:26 EDT 2007 i686 athlon
Alert Count 12
First Seen Tue 07 Aug 2007 09:43:07 PM IST
Last Seen Tue 07 Aug 2007 09:48:29 PM IST
Local ID 22527e3a-c626-499c-90f7-ef0c3ed258a5
Line Numbers
Raw Audit Messages
avc: denied { getattr } for comm="pam_console_app" dev=tmpfs egid=0 euid=0
exe="/sbin/pam_console_apply" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="2-4"
path="/dev/2-4" pid=29126
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:pam_console_t:s0-s0:c0.c1023 suid=0 tclass=chr_file
tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0
SELinux is preventing /sbin/pam_console_apply (pam_console_t) "getattr"
access to device /dev/2-4.
Detailed Description
SELinux has denied the /sbin/pam_console_apply (pam_console_t) "getattr"
access to device /dev/2-4. /dev/2-4 is mislabeled, this device has the
default label of the /dev directory, which should not happen. All Character
and/or Block Devices should have a label. You can attempt to change the
label of the file using restorecon -v /dev/2-4. If this device remains
labeled device_t, then this is a bug in SELinux policy. Please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against the selinux-policy
package. If you look at the other similar devices labels, ls -lZ
/dev/SIMILAR, and find a type that would work for /dev/2-4, you can use
chcon -t SIMILAR_TYPE /dev/2-4, If this fixes the problem, you can make this
permanent by executing semanage fcontext -a -t SIMILAR_TYPE /dev/2-4 If the
restorecon changes the context, this indicates that the application that
created the device, created it without using SELinux APIs. If you can
figure out which application created the device, please file a
http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this application.
Allowing Access
Attempt restorecon -v /dev/2-4 or chcon -t SIMILAR_TYPE /dev/2-4
Additional Information
Source Context system_u:system_r:pam_console_t:SystemLow-
SystemHigh
Target Context system_u:object_r:device_t
Target Objects /dev/2-4 [ chr_file ]
Affected RPM Packages pam-0.99.7.1-5.1.fc7 [application]
Policy RPM selinux-policy-2.6.4-29.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.device
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.22.1-27.fc7 #1 SMP
Tue Jul 17 17:13:26 EDT 2007 i686 athlon
Alert Count 12
First Seen Tue 07 Aug 2007 09:43:07 PM IST
Last Seen Tue 07 Aug 2007 09:48:29 PM IST
Local ID 22527e3a-c626-499c-90f7-ef0c3ed258a5
Line Numbers
Raw Audit Messages
avc: denied { getattr } for comm="pam_console_app" dev=tmpfs egid=0 euid=0
exe="/sbin/pam_console_apply" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="2-4"
path="/dev/2-4" pid=29126
scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:pam_console_t:s0-s0:c0.c1023 suid=0 tclass=chr_file
tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0
Czy ktos ma pojecie co to moze byc? dostaje to ilekroc podlaczam ZENa do kompa (zwykly kabel usb) - bede wdzieczny za kazda okazana pomoc, tj jakies tutoriale o selinuksie czy cos co mi pomoze w tym.
Pozdrawiam
I z gory dzieki za pomoc!
Linux registred user: #410780
![[Image: http://thorinpl.org/blog_gallery/19019.png]](http://thorinpl.org/blog_gallery/19019.png "http://thorinpl.org/blog_gallery/19019.png")
To program dający plikom dodatkowy kontekst bezpieczeństwa, co zwiększa bezpieczeństwo całego systemu, Czasami jednak selinux blokuje coś czego nie powinien najprawdopodobniej jest to bug w selinuxie albo w tej aplikacji. Możesz go chwilowo wyłączyć przez (system, admnistracja, Selinux managment) ustawiając pierwszą opcje na "disabled".
