Hi Sven, thank you for rev4, but it didn't conclusively solve my
problems. Sone denial has gone, but many of them remain.
So let's see again all the step by step denial, I'll avoid redundancies.
As I boot (whithout starting xdm) I obtain:
Aug 25 18:06:05 dell-studio kernel: [ 8.028595] type=1400
audit(1345917944.027:3): avc: denied { search } for pid=1433
comm="alsactl" name="root" dev="sda5" ino=1308163
scontext=system_u:system_r:alsa_t tcontext=system_u:object_r:default_t
tclass=dir
Aug 25 18:06:05 dell-studio kernel: [ 8.707035] type=1400
audit(1345917944.706:7): avc: denied { read } for pid=1431
comm="alsactl" name="urandom" dev="tmpfs" ino=3356
scontext=system_u:system_r:alsa_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
Aug 25 18:06:05 dell-studio kernel: [ 8.707053] type=1400
audit(1345917944.706:9): avc: denied { read } for pid=1431
comm="alsactl" name="random" dev="tmpfs" ino=1642
scontext=system_u:system_r:alsa_t
tcontext=system_u:object_r:random_device_t tclass=chr_file
Aug 25 18:06:05 dell-studio kernel: [ 8.707089] type=1400
audit(1345917944.706:11): avc: denied { getattr } for pid=1431
comm="alsactl" name="/" dev="tmpfs" ino=2970
scontext=system_u:system_r:alsa_t tcontext=system_u:object_r:tmpfs_t
tclass=filesystem
Aug 25 18:06:05 dell-studio kernel: [ 16.930444] type=1400
audit(1345910753.814:32): avc: denied { module_request } for pid=1517
comm="cryptsetup" kmod="cbc(aes)" scontext=system_u:system_r:lvm_t
tcontext=system_u:system_r:kernel_t tclass=system
Aug 25 18:06:05 dell-studio kernel: [ 16.930452] type=1400
audit(1345910753.814:33): avc: denied { module_request } for pid=1517
comm="cryptsetup" kmod="cbc(aes)-all" scontext=system_u:system_r:lvm_t
tcontext=system_u:system_r:kernel_t tclass=system
Aug 25 18:06:05 dell-studio kernel: [ 16.930505] type=1400
audit(1345910753.814:34): avc: denied { module_request } for pid=1517
comm="cryptsetup" kmod="cbc(aes-asm)" scontext=system_u:system_r:lvm_t
tcontext=system_u:system_r:kernel_t tclass=system
Aug 25 18:06:05 dell-studio kernel: [ 16.930512] type=1400
audit(1345910753.814:35): avc: denied { module_request } for pid=1517
comm="cryptsetup" kmod="cbc(aes-asm)-all"
scontext=system_u:system_r:lvm_t tcontext=system_u:system_r:kernel_t
tclass=system
Aug 25 18:06:05 dell-studio kernel: [ 16.936081] type=1400
audit(1345910753.820:36): avc: denied { getattr } for pid=1517
comm="cryptsetup" name="/" dev="tmpfs" ino=2970
scontext=system_u:system_r:lvm_t tcontext=system_u:object_r:tmpfs_t
tclass=filesystem
Aug 25 18:06:05 dell-studio kernel: [ 17.138342] type=1400
audit(1345910754.022:38): avc: denied { read } for pid=1538
comm="cryptsetup" name="queue.bin" dev="tmpfs" ino=4265
scontext=system_u:system_r:lvm_t
tcontext=system_u:object_r:udev_var_run_t tclass=file
Aug 25 18:06:05 dell-studio kernel: [ 27.701565] type=1400
audit(1345910764.585:45): avc: denied { setrlimit } for pid=1968
comm="dbus-daemon" scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:system_r:system_dbusd_t tclass=process
Aug 25 18:06:05 dell-studio kernel: [ 28.235761] type=1400
audit(1345910765.120:46): avc: denied { getattr } for pid=1998
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=5251
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 25 18:06:05 dell-studio kernel: [ 28.417954] type=1400
audit(1345910765.302:47): avc: denied { read } for pid=2074
comm="crond" name="root" dev="sda7" ino=12796
scontext=system_u:system_r:crond_t tcontext=system_u:object_r:file_t
tclass=file
Aug 25 18:06:05 dell-studio kernel: [ 28.632129] type=1400
audit(1345910765.516:48): avc: denied { execute } for pid=2089
comm="dbus-daemon-lau" name="polkitd" dev="sda5" ino=922900
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:policykit_exec_t tclass=file
Aug 25 18:06:05 dell-studio kernel: [ 28.633786] type=1400
audit(1345910765.517:49): avc: denied { search } for pid=1998
comm="console-kit-dae" name="ConsoleKit" dev="tmpfs" ino=5251
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 25 18:06:05 dell-studio kernel: [ 28.633811] type=1400
audit(1345910765.517:50): avc: denied { getattr } for pid=1998
comm="console-kit-dae" path="/run/ConsoleKit" dev="tmpfs" ino=5251
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 25 18:06:05 dell-studio kernel: [ 28.633842] type=1400
audit(1345910765.517:51): avc: denied { search } for pid=1998
comm="console-kit-dae" name="ConsoleKit" dev="tmpfs" ino=5251
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
Aug 25 18:06:06 dell-studio kernel: [ 29.168487] type=1400
audit(1345910766.052:52): avc: denied { write } for pid=2222
comm="mii-tool" path="/run/lock/lmt-req.lock" dev="tmpfs" ino=5314
scontext=system_u:system_r:ifconfig_t
tcontext=system_u:object_r:var_lock_t tclass=file
Aug 25 18:06:06 dell-studio kernel: [ 29.168499] type=1400
audit(1345910766.052:53): avc: denied { write } for pid=2222
comm="mii-tool" path="/run/lock/lmt-invoc.lock" dev="tmpfs" ino=4776
scontext=system_u:system_r:ifconfig_t
tcontext=system_u:object_r:var_lock_t tclass=file
Aug 25 18:06:10 dell-studio kernel: [ 33.586645] type=1400
audit(1345910770.470:87): avc: denied { read } for pid=2851 comm="sh"
name="meminfo" dev="proc" ino=4026532031
scontext=system_u:system_r:wpa_cli_t tcontext=system_u:object_r:proc_t
tclass=file
Aug 25 18:06:10 dell-studio kernel: [ 33.613072] type=1400
audit(1345910770.497:88): avc: denied { read } for pid=2851
comm="wpa_cli.sh" name="meminfo" dev="proc" ino=4026532031
scontext=system_u:system_r:wpa_cli_t tcontext=system_u:object_r:proc_t
tclass=file
Aug 25 18:06:10 dell-studio kernel: [ 33.893591] type=1400
audit(1345910770.777:89): avc: denied { use } for pid=3024
comm="mount" path="/dev/null" dev="tmpfs" ino=1278
scontext=system_u:system_r:mount_t tcontext=system_u:system_r:wpa_cli_t
tclass=fd
Aug 25 18:06:10 dell-studio kernel: [ 33.893637] type=1400
audit(1345910770.777:92): avc: denied { use } for pid=3024
comm="mount" path="socket:[5617]" dev="sockfs" ino=5617
scontext=system_u:system_r:mount_t tcontext=system_u:system_r:wpa_cli_t
tclass=fd
Aug 25 18:06:59 dell-studio kernel: [ 83.022406] type=1400
audit(1345910819.922:97): avc: denied { search } for pid=3031
comm="login" name="root" dev="sda5" ino=1308163
scontext=system_u:system_r:local_login_t
tcontext=system_u:object_r:default_t tclass=dir
Aug 25 18:06:59 dell-studio kernel: [ 83.068589] type=1400
audit(1345910819.969:100): avc: denied { read } for pid=1998
comm="console-kit-dae" name="machine-id" dev="sda7" ino=184383
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:system_dbusd_var_lib_t tclass=lnk_file
Aug 25 18:07:00 dell-studio kernel: [ 83.165783] type=1400
audit(1345910820.065:103): avc: denied { read } for pid=3046
comm="udev-acl.ck" name="udev-acl" dev="tmpfs" ino=3175
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:udev_var_run_t tclass=dir
After starting kdm (with xdm initscript):
Aug 25 18:08:47 dell-studio kernel: [ 190.122045] type=1400
audit(1345910927.023:107): avc: denied { read } for pid=3054
comm="rc" name="profile.env" dev="sda5" ino=663502
scontext=unconfined_u:unconfined_r:run_init_t
tcontext=system_u:object_r:etc_runtime_t tclass=file
Aug 25 18:08:55 dell-studio kernel: [ 199.069675] type=1400
audit(1345910935.970:109): avc: denied { search } for pid=3099
comm="udev-acl.ck" name="ConsoleKit" dev="tmpfs" ino=5251
scontext=system_u:system_r:consolekit_t
tcontext=system_u:object_r:initrc_var_run_t tclass=dir
After logging in, apart all the same mentioned above that repeat
themselves, I get a lot of:
Aug 25 18:10:25 dell-studio kernel: [ 289.004361] type=1400
audit(1345911025.905:163): avc: denied { search } for pid=1968
comm="dbus-daemon" name="console" dev="tmpfs" ino=5945
scontext=system_u:system_r:system_dbusd_t
tcontext=system_u:object_r:consolekit_var_run_t tclass=dir
I hope I wrote all.
Paolo.
