Hans Witvliet wrote:
Sid Boyce wrote:
type=APPARMOR msg=audit(1159712726.582:6): REJECTING r access to /proc/net/if_inet6 (ntpd(3687) profile /usr/sbin/ntpd active /usr/sbin/ntpd) type=APPARMOR msg=audit(1159713575.608:7): REJECTING m access to /etc/ld.so.cache (netstat(4724) profile /bin/netstat active /bin/netstat) type=APPARMOR msg=audit(1159755718.633:8): REJECTING m access to /etc/ld.so.cache (netstat(801) profile /bin/netstat active /bin/netstat) type=APPARMOR msg=audit(1159802849.507:9): REJECTING m access to /etc/ld.so.cache (netstat(6917) profile /bin/netstat active /bin/netstat)
OK, I'm running a vanilla kernel without apparmor, selinux enabled and the apparmor panel says apparmor is disabled, so it's puzzling. At one stage I did look around for apparmor patches, but none could be found.
Hi Sid,
It may be nothing, but you wrote that you have selinux ENabled. Same behaviour when you disable it?
Hans
At the moment it is not configured, but from .config CONFIG_SECURITY_SELINUX=y CONFIG_SECURITY_SELINUX_BOOTPARAM=y CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0 # CONFIG_SECURITY_SELINUX_DISABLE is not set CONFIG_SECURITY_SELINUX_DEVELOP=y CONFIG_SECURITY_SELINUX_AVC_STATS=y CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 # CONFIG_SECURITY_SELINUX_ENABLE_SECMARK_DEFAULT is not set CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX=y CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX_VALUE=19 I can build a kernel with it disabled to see if it's a problem. Before 10.1-GM there was never a problem and there is no problem with SUSE kernels. Grub menu.list does not have "selinux=". Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org