# SELinux newbie needing help.

## redgsturbo

OK.. new to SELinux.  Installed, activated, etc.. booted up, and now I have some policy issues to resolve.  I'm not really sure how to interpret most of this.  here is dmesg output.

```
[    4.810569] SELinux: 8192 avtab hash slots, 54748 rules.

[    4.820952] SELinux: 8192 avtab hash slots, 58558 rules.

[    4.821295] SELinux:  5 users, 5 roles, 935 types, 32 bools

[    4.821298] SELinux:  67 classes, 58558 rules

[    4.821617] SELinux:  class peer not defined in policy

[    4.821907] SELinux:  class capability2 not defined in policy

[    4.822169] SELinux:  permission open in class dir not defined in policy

[    4.822444] SELinux:  permission open in class file not defined in policy

[    4.822721] SELinux:  permission open in class chr_file not defined in policy

[    4.823001] SELinux:  permission open in class blk_file not defined in policy

[    4.823282] SELinux:  permission open in class fifo_file not defined in policy

[    4.823588] SELinux:  permission recvfrom in class node not defined in policy

[    4.823890] SELinux:  permission sendto in class node not defined in policy

[    4.824169] SELinux:  permission ingress in class netif not defined in policy

[    4.824474] SELinux:  permission egress in class netif not defined in policy

[    4.824780] SELinux:  permission setfcap in class capability not defined in policy

[    4.825086] SELinux:  permission flow_in in class packet not defined in policy

[    4.825392] SELinux:  permission flow_out in class packet not defined in policy

[    4.825697] SELinux:  permission forward_in in class packet not defined in policy

[    4.826003] SELinux:  permission forward_out in class packet not defined in policy

[    4.826309] SELinux: the above unknown classes and permissions will be denied

[    4.826590] SELinux:  Completing initialization.

[    4.826592] SELinux:  Setting up existing superblocks.

[    4.826602] SELinux: initialized (dev sda2, type xfs), uses xattr

[    4.826627] SELinux: initialized (dev usbfs, type usbfs), uses genfs_contexts

[    4.826633] SELinux: initialized (dev selinuxfs, type selinuxfs), uses genfs_contexts

[    4.826662] SELinux: initialized (dev mqueue, type mqueue), uses transition SIDs

[    4.826671] SELinux: initialized (dev hugetlbfs, type hugetlbfs), uses genfs_contexts

[    4.826676] SELinux: initialized (dev devpts, type devpts), uses transition SIDs

[    4.826681] SELinux: initialized (dev inotifyfs, type inotifyfs), uses genfs_contexts

[    4.826688] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs

[    4.826693] SELinux: initialized (dev anon_inodefs, type anon_inodefs), uses genfs_contexts

[    4.826697] SELinux: initialized (dev pipefs, type pipefs), uses task SIDs

[    4.826701] SELinux: initialized (dev debugfs, type debugfs), uses genfs_contexts

[    4.826727] SELinux: initialized (dev sockfs, type sockfs), uses task SIDs

[    4.826733] SELinux: initialized (dev proc, type proc), uses genfs_contexts

[    4.826744] SELinux: initialized (dev bdev, type bdev), uses genfs_contexts

[    4.826749] SELinux: initialized (dev rootfs, type rootfs), uses genfs_contexts

[    4.826755] SELinux: initialized (dev sysfs, type sysfs), uses genfs_contexts

[    4.926580] type=1403 audit(1228122529.920:2): policy loaded auid=4294967295 ses=4294967295

[    4.930349] type=1400 audit(1228122529.930:3): avc:  denied  { search } for  pid=1 comm="init" name="/" dev=sda2 ino=64 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=dir

[    4.942339] type=1400 audit(1228122529.942:4): avc:  denied  { execute } for  pid=1 comm="init" name="init" dev=sda2 ino=33703610 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=file

[    4.942644] type=1400 audit(1228122529.942:5): avc:  denied  { read } for  pid=1 comm="init" name="init" dev=sda2 ino=33703610 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=file

[    4.943106] type=1400 audit(1228122529.942:6): avc:  denied  { execute_no_trans } for  pid=1 comm="init" path="/sbin/init" dev=sda2 ino=33703610 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=file

[    4.943717] type=1400 audit(1228122529.942:7): avc:  denied  { read } for  pid=1 comm="init" name="ld-linux-x86-64.so.2" dev=sda2 ino=33575097 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=lnk_file

[    4.951277] type=1400 audit(1228122529.950:8): avc:  denied  { getattr } for  pid=1 comm="init" path="/etc/ld.so.cache" dev=sda2 ino=763304 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=file

[    4.951849] type=1400 audit(1228122529.950:9): avc:  denied  { read } for  pid=1 comm="init" name="urandom" dev=sda2 ino=761484 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=chr_file

[    4.953711] type=1400 audit(1228122529.950:10): avc:  denied  { write } for  pid=1 comm="init" name="tty0" dev=sda2 ino=761047 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=chr_file

[    4.992716] stty used greatest stack depth: 4152 bytes left

[    5.003061] grep used greatest stack depth: 4088 bytes left

[    5.013064] grsec: mount of proc to /proc by /bin/mount[mount:771] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:770] uid/euid:0/0 gid/egid:0/0

[    5.031055] grsec: mount of sysfs to /sys by /bin/mount[mount:785] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:784] uid/euid:0/0 gid/egid:0/0

[    5.040120] usb usb2: suspend_rh (auto-stop)

[    5.075270] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs

[    5.075288] grsec: mount of udev to /dev by /bin/mount[mount:822] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:799] uid/euid:0/0 gid/egid:0/0

[    5.157445] usb usb2: uevent

[    5.157464] usb 2-0:1.0: uevent

[    5.157569] usb usb1: uevent

[    5.157586] usb 1-0:1.0: uevent

[    6.041462] hub 1-0:1.0: hub_suspend

[    6.041470] usb usb1: bus auto-suspend

[    6.041472] ehci_hcd 0000:02:03.0: suspend root hub

[    6.122847] __ratelimit: 180 callbacks suppressed

[    6.122849] type=1400 audit(1228122531.120:71): avc:  denied  { create } for  pid=1318 comm="udevd" name="cpuid" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file

[    6.122873] type=1400 audit(1228122531.120:72): avc:  denied  { setattr } for  pid=1318 comm="udevd" name="cpuid" dev=tmpfs ino=3085 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file

[    6.181395] type=1400 audit(1228122531.180:73): avc:  denied  { create } for  pid=1325 comm="udevd" name="full" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:null_device_t tclass=chr_file

[    6.181421] type=1400 audit(1228122531.180:74): avc:  denied  { setattr } for  pid=1325 comm="udevd" name="full" dev=tmpfs ino=3103 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:null_device_t tclass=chr_file

[    6.202976] type=1400 audit(1228122531.200:75): avc:  denied  { create } for  pid=1328 comm="udevd" name="kmem" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:memory_device_t tclass=chr_file

[    6.203001] type=1400 audit(1228122531.200:76): avc:  denied  { setattr } for  pid=1328 comm="udevd" name="kmem" dev=tmpfs ino=3118 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:memory_device_t tclass=chr_file

[    6.270480] type=1400 audit(1228122531.270:77): avc:  denied  { create } for  pid=1329 comm="udevd" name="kmsg" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:kmsg_device_t tclass=chr_file

[    6.270504] type=1400 audit(1228122531.270:78): avc:  denied  { setattr } for  pid=1329 comm="udevd" name="kmsg" dev=tmpfs ino=3142 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:kmsg_device_t tclass=chr_file

[    6.301634] type=1400 audit(1228122531.300:79): avc:  denied  { relabelfrom } for  pid=1332 comm="udevd" name="null" dev=tmpfs ino=1430 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:device_t tclass=chr_file

[    6.301642] type=1400 audit(1228122531.300:80): avc:  denied  { relabelto } for  pid=1332 comm="udevd" name="null" dev=tmpfs ino=1430 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:null_device_t tclass=chr_file

[    7.045991] hub 2-0:1.0: hub_suspend

[    7.045998] usb usb2: bus auto-suspend

[    7.046000] usb usb2: suspend_rh

[    8.843625] grsec: mount of devpts to /dev/pts by /bin/mount[mount:1468] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1467] uid/euid:0/0 gid/egid:0/0

[    9.092574] grsec: mount of /dev/sda2 to / by /bin/mount[mount:1485] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1473] uid/euid:0/0 gid/egid:0/0

[    9.961489] SELinux: initialized (dev tmpfs, type tmpfs), uses transition SIDs

[    9.961502] grsec: mount of shm to /dev/shm by /bin/mount[mount:1566] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1563] uid/euid:0/0 gid/egid:0/0

[   10.076483] grsec: mount of usbfs to /proc/bus/usb by /bin/mount[mount:1574] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1563] uid/euid:0/0 gid/egid:0/0

[   10.110870] SELinux: initialized (dev binfmt_misc, type binfmt_misc), uses genfs_contexts

[   10.110882] grsec: mount of binfmt_misc to /proc/sys/fs/binfmt_misc by /bin/mount[mount:1576] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1563] uid/euid:0/0 gid/egid:0/0

[   10.132037] SELinux: initialized (dev securityfs, type securityfs), not configured for labeling

[   10.132056] grsec: mount of securityfs to /sys/kernel/security by /bin/mount[mount:1578] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1563] uid/euid:0/0 gid/egid:0/0

[   10.160428] Adding 1180768k swap on /dev/sda3.  Priority:-1 extents:1 across:1180768k

[   14.682972] grsec: time set by /sbin/hwclock[hwclock:1594] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:1593] uid/euid:0/0 gid/egid:0/0

[   14.741694] __ratelimit: 162 callbacks suppressed

[   14.741697] type=1400 audit(1228122544.057:135): avc:  denied  { search } for  pid=1598 comm="sysctl" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:sysctl_net_t tclass=dir

[   14.741737] type=1400 audit(1228122544.057:136): avc:  denied  { write } for  pid=1598 comm="sysctl" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:sysctl_net_t tclass=file

[   15.141295] type=1400 audit(1228122544.457:137): avc:  denied  { rmdir } for  pid=1620 comm="rmdir" name=".ICE-unix" dev=sda2 ino=361200 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=dir

[   15.200875] type=1400 audit(1228122544.517:138): avc:  denied  { create } for  pid=1624 comm="mkdir" name=".ICE-unix" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=dir

[   15.203716] type=1400 audit(1228122544.517:139): avc:  denied  { setattr } for  pid=1625 comm="chmod" name=".ICE-unix" dev=sda2 ino=361200 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=dir

[   15.361184] type=1400 audit(1228122544.677:140): avc:  denied  { syslog_read } for  pid=1629 comm="dmesg" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system

[   15.381011] dmesg used greatest stack depth: 3504 bytes left

[   15.474309] type=1400 audit(1228122544.791:141): avc:  denied  { unlink } for  pid=1636 comm="rm" name="udev-postmount" dev=sda2 ino=50415237 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=lnk_file

[   16.094635] type=1400 audit(1228122545.407:142): avc:  denied  { create } for  pid=1674 comm="ln" name="checkroot" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:file_t tclass=lnk_file

[   16.252461] type=1400 audit(1228122545.567:143): avc:  denied  { unlink } for  pid=1694 comm="rm" name=".rcsysinit" dev=tmpfs ino=1415 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:tmpfs_t tclass=file

[   16.271628] type=1400 audit(1228122545.587:144): avc:  denied  { getattr } for  pid=1696 comm="udevd" path="/dev/vcs1" dev=tmpfs ino=4083 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:tty_device_t tclass=chr_file

[   20.021175] __ratelimit: 36 callbacks suppressed

[   20.021177] type=1400 audit(1228122549.337:157): avc:  denied  { read } for  pid=2203 comm="setfont" name="tty1" dev=tmpfs ino=1427 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:tty_device_t tclass=chr_file

[   20.021196] type=1400 audit(1228122549.337:158): avc:  denied  { ioctl } for  pid=2203 comm="setfont" path="/dev/tty1" dev=tmpfs ino=1427 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:tty_device_t tclass=chr_file

[   21.044490] type=1400 audit(1228122550.360:159): avc:  denied  { create } for  pid=2350 comm="ip" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=netlink_route_socket

[   21.050564] type=1400 audit(1228122550.367:160): avc:  denied  { create } for  pid=2350 comm="ip" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=tcp_socket

[   21.050625] type=1400 audit(1228122550.367:161): avc:  denied  { ioctl } for  pid=2350 comm="ip" path="socket:[5595]" dev=sockfs ino=5595 scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=tcp_socket

[   21.164564] type=1400 audit(1228122550.478:162): avc:  denied  { create } for  pid=2358 comm="ip" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=udp_socket

[   21.164624] type=1400 audit(1228122550.478:163): avc:  denied  { ioctl } for  pid=2358 comm="ip" path="socket:[5605]" dev=sockfs ino=5605 scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=udp_socket

[   22.001847] type=1400 audit(1228122551.318:164): avc:  denied  { getattr } for  pid=2548 comm="runscript.sh" path="/dev/urandom" dev=tmpfs ino=3220 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file

[   22.003280] type=1400 audit(1228122551.318:165): avc:  denied  { write } for  pid=2549 comm="runscript.sh" name="urandom" dev=tmpfs ino=3220 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file

[   24.600315] SELinux: initialized (dev vmblock, type vmblock), not configured for labeling

[   24.600343] grsec: mount of none to /proc/fs/vmblock/mountPoint by /bin/mount[mount:3129] uid/euid:0/0 gid/egid:0/0, parent /sbin/runscript.sh[runscript.sh:3118] uid/euid:0/0 gid/egid:0/0

[   25.087423] grsec: time set by /usr/sbin/vmware-guestd[vmware-guestd:3133] uid/euid:0/0 gid/egid:409/409, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

[   25.774883] type=1400 audit(1228140552.579:166): avc:  denied  { create } for  pid=3194 comm="syslog-ng" name="log" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:device_t tclass=sock_file

[   25.775043] type=1400 audit(1228140552.579:167): avc:  denied  { setattr } for  pid=3194 comm="syslog-ng" name="log" dev=tmpfs ino=6695 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:device_t tclass=sock_file

[   25.775132] type=1400 audit(1228140552.579:168): avc:  denied  { read } for  pid=3194 comm="syslog-ng" name="kmsg" dev=proc ino=4026531848 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:proc_kmsg_t tclass=file

[   25.775159] type=1400 audit(1228140552.579:169): avc:  denied  { syslog_mod } for  pid=3194 comm="syslog-ng" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system

[   25.779073] type=1400 audit(1228140552.579:170): avc:  denied  { append } for  pid=3195 comm="syslog-ng" name="tty12" dev=tmpfs ino=3463 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:tty_device_t tclass=chr_file

[   26.873249] type=1400 audit(1228140553.680:171): avc:  denied  { read } for  pid=3323 comm="runscript.sh" name="net" dev=proc ino=4026531864 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:proc_net_t tclass=lnk_file

[   27.644969] ADDRCONF(NETDEV_UP): eth0: link is not ready

[   27.651886] e1000: eth0: e1000_watchdog: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None

[   27.653108] ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready

[   28.008486] type=1400 audit(1228140554.811:172): avc:  denied  { write } for  pid=3600 comm="dhcpcd" name="log" dev=tmpfs ino=6695 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:device_t tclass=sock_file

[   28.204797] type=1400 audit(1228140555.010:173): avc:  denied  { name_bind } for  pid=3600 comm="dhcpcd" src=68 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:dhcpc_port_t tclass=udp_socket

[   28.204833] type=1400 audit(1228140555.010:174): avc:  denied  { node_bind } for  pid=3600 comm="dhcpcd" src=68 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:inaddr_any_node_t tclass=udp_socket

[   28.204862] type=1400 audit(1228140555.010:175): avc:  denied  { create } for  pid=3600 comm="dhcpcd" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=packet_socket

[   35.416537] ADDRCONF(NETDEV_UP): eth1: link is not ready

[   35.424335] e1000: eth1: e1000_watchdog: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None

[   35.425210] ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready

[   36.783816] __ratelimit: 3 callbacks suppressed

[   36.783830] type=1400 audit(1228140563.588:177): avc:  denied  { ioctl } for  pid=4038 comm="arping" path="socket:[7619]" dev=sockfs ino=7619 scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=packet_socket

[   38.587443] eth0: no IPv6 routers present

[   39.329248] type=1400 audit(1228140566.129:178): avc:  denied  { name_bind } for  pid=4115 comm="dnsmasq" src=67 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:dhcpd_port_t tclass=udp_socket

[   39.329500] type=1400 audit(1228140566.129:179): avc:  denied  { name_bind } for  pid=4115 comm="dnsmasq" src=53 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:dns_port_t tclass=tcp_socket

[   39.329509] type=1400 audit(1228140566.129:180): avc:  denied  { node_bind } for  pid=4115 comm="dnsmasq" src=53 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:inaddr_any_node_t tclass=tcp_socket

[   39.329678] type=1400 audit(1228140566.129:181): avc:  denied  { node_bind } for  pid=4115 comm="dnsmasq" src=53 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unspec_node_t tclass=tcp_socket

[   39.329773] type=1400 audit(1228140566.129:182): avc:  denied  { name_bind } for  pid=4115 comm="dnsmasq" src=53 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:dns_port_t tclass=udp_socket

[   39.329782] type=1400 audit(1228140566.129:183): avc:  denied  { node_bind } for  pid=4115 comm="dnsmasq" src=53 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:unspec_node_t tclass=udp_socket

[   41.713000] type=1400 audit(1228140568.520:184): avc:  denied  { name_bind } for  pid=4175 comm="http-replicator" src=8080 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:http_cache_port_t tclass=tcp_socket

[   42.584530] type=1400 audit(1228140569.389:185): avc:  denied  { name_bind } for  pid=4289 comm="rsync" src=873 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:rsync_port_t tclass=tcp_socket

[   42.584564] type=1400 audit(1228140569.389:186): avc:  denied  { node_bind } for  pid=4289 comm="rsync" saddr=172.16.0.1 src=873 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:node_t tclass=tcp_socket

[   45.743336] eth1: no IPv6 routers present

[   46.662024] ClusterIP Version 0.8 loaded successfully

[   46.957859] __ratelimit: 3 callbacks suppressed

[   46.957869] type=1400 audit(1228140573.760:188): avc:  denied  { read } for  pid=4544 comm="iptables" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:sysctl_modprobe_t tclass=file

[   48.805676] type=1400 audit(1228140575.612:189): avc:  denied  { read } for  pid=4646 comm=".start" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:sysctl_net_t tclass=file

[   48.810944] type=1400 audit(1228140575.612:190): avc:  denied  { getattr } for  pid=4692 comm=".start" name="/" dev=sda2 ino=64 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:fs_t tclass=filesystem

[   49.674122] type=1400 audit(1228140576.480:191): avc:  denied  { name_bind } for  pid=4766 comm="sshd" src=22 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:ssh_port_t tclass=tcp_socket

[   50.291093] type=1400 audit(1228140577.099:192): avc:  denied  { compute_user } for  pid=4825 comm="cron" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:security_t tclass=security

[   50.315052] type=1400 audit(1228140577.120:193): avc:  denied  { compute_av } for  pid=4825 comm="cron" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:security_t tclass=security

[   66.666375] type=1400 audit(1228140593.474:194): avc:  denied  { compute_relabel } for  pid=4892 comm="login" scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:security_t tclass=security

[   66.666867] type=1400 audit(1228140593.474:195): avc:  denied  { relabelfrom } for  pid=4892 comm="login" name="tty1" dev=tmpfs ino=1427 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:tty_device_t tclass=chr_file

[   66.666909] type=1400 audit(1228140593.474:196): avc:  denied  { relabelto } for  pid=4892 comm="login" name="tty1" dev=tmpfs ino=1427 scontext=system_u:system_r:kernel_t tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file

[   66.667702] type=1400 audit(1228140593.474:197): avc:  denied  { setexec } for  pid=4892 comm="login" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=process

[   66.668088] type=1400 audit(1228140593.474:198): avc:  denied  { create } for  pid=4892 comm="login" scontext=system_u:system_r:kernel_t tcontext=root:sysadm_r:sysadm_t tclass=key

[   66.684793] type=1400 audit(1228140593.489:199): avc:  denied  { create } for  pid=4892 comm="login" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=netlink_audit_socket

[   66.689078] type=1400 audit(1228140593.489:200): avc:  denied  { getattr } for  pid=4892 comm="login" path="/dev/tty1" dev=tmpfs ino=1427 scontext=system_u:system_r:kernel_t tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file

[   66.689448] type=1400 audit(1228140593.489:201): avc:  denied  { setattr } for  pid=4892 comm="login" name="tty1" dev=tmpfs ino=1427 scontext=system_u:system_r:kernel_t tcontext=root:object_r:sysadm_tty_device_t tclass=chr_file

[   66.693847] type=1400 audit(1228140593.500:202): avc:  denied  { transition } for  pid=4914 comm="login" path="/bin/bash" dev=sda2 ino=17122958 scontext=system_u:system_r:kernel_t tcontext=root:sysadm_r:sysadm_t tclass=process

[   66.693912] type=1400 audit(1228140593.500:203): avc:  denied  { entrypoint } for  pid=4914 comm="login" path="/bin/bash" dev=sda2 ino=17122958 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:file_t tclass=file
```

----------

## rjtupas

redgsturbo,

What version of selinux-base-policy have you installed?  what does 

```
sestatus
```

 yield?  I vaguely recall similar errors, many of which were eliminated once I updated to the "unstable" policy modules (which are already 6 months old).

Chris PeBenito is the guru when it comes to SELinux on Gentoo.  He also works at Tresys on the reference policy for SELinux.  I recommend you subscribe the the gentoo-hardened mail-list (it is low volume and Chris is pretty responsive).

Good luck,

Randy

----------

## redgsturbo

 *rjtupas wrote:*   

> redgsturbo,
> 
> What version of selinux-base-policy have you installed?  what does 
> 
> ```
> ...

 

upgrading to the "unstable" 08 policies is actualyl what I'm in the middle of doing right at this second lol.  I'll get back to you

----------

