Thank you to everyone who assisted me. I managed to get my FC2 system up and running. Now I'm into the fine-tuning part. I received the following avc messages in my syslog and I was wondering if there are patches out to correct, or is this an area where I can contribute my own policy patch?  

LVM AVC Errors:

Oct 5 17:37:03 baal kernel: audit(1097012179.383:0): avc: denied { getattr } for pid=892 exe=/sbin/lvm.static path=/dev/shm dev=hda3 ino=391699 scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:file_t tclass=dir  

Sendmail AVC Errors:

Oct 5 17:37:15 baal kernel: audit(1097012235.639:0): avc: denied { read write } for pid=1735 exe=/usr/sbin/sendmail.sendmail name=utmp dev=hda3 ino=783370 scontext=system_u:system_r:sendmail_t tcontext=system_u:object_r:initrc_var_run_t tclass=file

Oct 5 17:37:15 baal kernel: audit(1097012235.649:0): avc: denied { read } for pid=1735 exe=/usr/sbin/sendmail.sendmail name=utmp dev=hda3 ino=783370 scontext=system_u:system_r:sendmail_t tcontext=system_u:object_r:initrc_var_run_t tclass=file

Oct 5 17:37:15 baal kernel: audit(1097012235.659:0): avc: denied { read write } for pid=1735 exe=/usr/sbin/sendmail.sendmail name=utmp dev=hda3 ino=783370 scontext=system_u:system_r:sendmail_t tcontext=system_u:object_r:initrc_var_run_t tclass=file

Oct 5 17:37:15 baal kernel: audit(1097012235.670:0): avc: denied { read } for pid=1735 exe=/usr/sbin/sendmail.sendmail name=utmp dev=hda3 ino=783370 scontext=system_u:system_r:sendmail_t tcontext=system_u:object_r:initrc_var_run_t tclass=file  

PostgreSQL AVC Errors:

Oct 5 17:37:18 baal kernel: audit(1097012238.340:0): avc: denied { sys_admin } for pid=1774 exe=/sbin/consoletype capability=21 scontext=system_u:system_r:postgresql_t
tcontext=system_u:system_r:postgresql_t tclass=capability

Oct 5 17:37:18 baal kernel: audit(1097012238.662:0): avc: denied { search } for pid=1782 exe=/bin/su name=selinux dev=hda3 ino=2434464 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:selinux_config_t tclass=dir

Oct 5 17:37:18 baal kernel: audit(1097012238.825:0): avc: denied { search } for pid=1782 exe=/bin/su dev=selinuxfs ino=1005 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:security_t tclass=dir

Oct 5 17:37:18 baal kernel: audit(1097012238.840:0): avc: denied { search } for pid=1782 exe=/bin/su dev=selinuxfs ino=1005 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:security_t tclass=dir

Oct 5 17:37:19 baal kernel: audit(1097012239.058:0): avc: denied { read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:shadow_t tclass=file

Oct 5 17:37:19 baal kernel: audit(1097012239.074:0): avc: denied { read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:shadow_t tclass=file

Oct 5 17:37:19 baal kernel: audit(1097012239.091:0): avc: denied { read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:shadow_t tclass=file

Oct 5 17:37:19 baal kernel: audit(1097012239.109:0): avc: denied { read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:shadow_t tclass=file

Oct 5 17:37:19 baal kernel: audit(1097012239.128:0): avc: denied { read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:shadow_t tclass=file

Oct 5 17:37:19 baal kernel: audit(1097012239.147:0): avc: denied { read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:shadow_t tclass=file

Oct 5 17:37:19 baal kernel: audit(1097012239.168:0): avc: denied { read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:shadow_t tclass=file

Oct 5 17:37:19 baal kernel: audit(1097012239.189:0): avc: denied { read } for pid=1782 exe=/bin/su name=shadow dev=hda3 ino=2434295 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:shadow_t tclass=file

Oct 5 17:37:19 baal kernel: audit(1097012239.235:0): avc: denied { execute } for pid=1783 exe=/bin/su name=unix_chkpwd dev=hda3 ino=32696 scontext=system_u:system_r:postgresql_t
tcontext=system_u:object_r:chkpwd_exec_t tclass=file  

System details are:

Fedora Core 2

2.6.8-1.521 kernel

enforcing=true  

checkpolicy-1.17.5-1

libselinux-1.17.13-3

selinux-policy-strict-1.17.26-3

postgresql-7.4.2-1

sendmail-8.12.11-4.6  

I upgraded mkinitrd because of a message I noticed in Bugzilla (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=133236) to 4.1.14-1, but haven't upgraded the initrd image for the running kernel. /dev/shm is mounted (per a response
http://www.redhat.com/archives/fedora-selinux-list/2004-June/msg00178.ht ml) according to my /etc/fstab file and the results of mount.

I'm willing to try coming up with a policy patch for the postgres.te and postgres.tc files, but I'd like to know if anyone else is seeing these errors first.  

Thoughts? Thank you ahead of time.

Alex Ackerman

http://www.darkhonor.com <http://www.darkhonor.com/>  

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.