[WBEL-users] Kernel errors messages

Johnny Hughes mailing-lists at hughesjr.com
Sat Jun 25 07:57:45 CDT 2005 

On Sat, 2005-06-25 at 08:27 -0400, Ing. Manuel León Moreno wrote:
> Hi.
> 
> I recently installed WB-EL4. Since I did, every time I restart the
> squid service and also (doing nothing) 
> several times per day, I get a chain of error messages from the
> kernel.
>  
> I uninstalled the squid 2.5 and re-installed the old and probed squid
> 2.4. No change.
>  
> I downloaded and installed de last kernel this very morning. No
> change.
>  
> As an example, I include (in red) the chain of messages inmediately
> before the stop and 
> (in green) the chain of messages inmediately after the start.
>  
> My squid cache is installed in a 10 GB partition for the exclusive use
> of squid (7GB-64-256)
> and squid looks to work fine, despite the errors.
>  
> Can someone help me to:
>  
>     a. know what these messages mean?
>     b. what should I do to eliminate them?
>  
>  Thanks in advance.
>  
> Manuel Leon
> 
> > Jun 25 07:37:49 proxy kernel: audit(1119699469.209:0): avc:
> denied { getattr } for  pid=2436 exe=/usr/sbin/squid
> > path=/squid/squid.cache/swap.state dev=hda9
> ino=787058 scontext=user_u:system_r:squid_t
> tcontext=user_u:object_r:file_t tclass=file 
>  
> > Jun 25 07:37:49 proxy kernel: audit(1119699469.209:0): avc:  denied
> {setattr } for  pid=2436 exe=/usr/sbin/squid name=swap.state.clean
> dev=hda9 ino=786728
> > scontext=user_u:system_r:squid_t tcontext=user_u:object_r:file_t
> tclass=file 
>  
> > Jun 25 07:37:49 proxy kernel: audit(1119699469.211:0): avc:  denied
> { unlink } for  pid=2436 exe=/usr/sbin/squid name=swap.state dev=hda9
> > ino=787058
> scontext=user_u:system_r:squid_t tcontext=user_u:object_r:file_t
> tclass=file
> >
> > Jun 25 07:37:49 proxy squid[2434]: Squid Parent: child process 2436
> exited with status 0
> >---------------------------------------------------------------------------------------------------------------------------------------
> > Jun 25 07:37:50 proxy squid[3330]: Squid Parent: child process 3332
> started
> > Jun 25 07:37:50 proxy kernel: audit(1119699470.937:0): avc: denied
> { execute } for  pid=3332 path=/etc/ld.so.cache
> > dev=hda2 ino=742540
> scontext=root:system_r:squid_t tcontext=system_u:object_r:ld_so_cache_t tclass=file 
> > Jun 25 07:37:51 proxy kernel: audit(1119699471.216:0): avc:
> denied { search } for  pid=3332 exe=/usr/sbin/squid name=/ dev=hda9
> > ino=2
> scontext=root:system_r:squid_t tcontext=system_u:object_r:file_t
> tclass=dir 
> > Jun 25 07:37:51 proxy kernel: audit(1119699471.216:0): avc:  denied
> {getattr } for  pid=3332 exe=/usr/sbin/squid
> > path=/squid/squid.cache dev=hda9 ino=781825
> scontext=root:system_r:squid_t
> tcontext=root:object_r:file_t tclass=dir 
> > Jun 25 07:37:51 proxy kernel: audit(1119699471.217:0): avc:  denied
> { append } for  pid=3332 exe=/usr/sbin/squid name=swap.state dev=hda9
> > ino=786728
> scontext=root:system_r:squid_t tcontext=user_u:object_r:file_t
> tclass=file 
> > Jun 25 07:37:51 proxy kernel: audit(1119699471.217:0): avc:  denied
> {getattr } for  pid=3332 exe=/usr/sbin/squid
> > path=/squid/squid.cache/swap.state dev=hda9 ino=786728
> scontext=root:system_r:squid_t tcontext=user_u:object_r:file_t
> tclass=file 
> > Jun 25 07:37:51 proxy kernel: audit(1119699471.218:0): avc:  denied
> { write } for  pid=3332 exe=/usr/sbin/squid name=squid.cache dev=hda9
> > ino=781825
> scontext=root:system_r:squid_t tcontext=root:object_r:file_t
> tclass=dir 
> > Jun 25 07:37:51 proxy kernel: audit(1119699471.218:0): avc:  denied
> {add_name } for  pid=3332 exe=/usr/sbin/squid
> > name=swap.state.new
> scontext=root:system_r:squid_t tcontext=root:object_r:file_t
> tclass=dir 
> > Jun 25 07:37:51 proxy kernel: audit(1119699471.218:0): avc:  denied
> { create } for  pid=3332 exe=/usr/sbin/squid name=swap.state.new
> > scontext=root:system_r:squid_t tcontext=root:object_r:file_t
> tclass=file 
> > Jun 25 07:37:51 proxy kernel: audit(1119699471.218:0): avc:  denied
> { read } for  pid=3332 exe=/usr/sbin/squid name=swap.state dev=hda9
> ino=786728
> > scontext=root:system_r:squid_t tcontext=user_u:object_r:file_t
> tclass=file 
> > Jun 25 07:37:51 proxy kernel: audit(1119699471.218:0): avc:  denied
> {remove_name } for  pid=3332 exe=/usr/sbin/squid
> > name=swap.state.last-clean dev=hda9 ino=787057
> scontext=root:system_r:squid_t
> tcontext=root:object_r:file_t tclass=dir 
> > Jun 25 07:37:51 proxy kernel: audit(1119699471.218:0): avc:  denied
> { unlink } for  pid=3332 exe=/usr/sbin/squid name=swap.state.last-
> clean
> > dev=hda9 ino=787057 scontext=root:system_r:squid_t
> tcontext=user_u:object_r:file_t tclass=file 
> _______________________________________________

Those are SELinux messages ... you probably have SELinux installed in
permissive (warning only) mode ... check your file:

/etc/sysconfig/selinux

You probably have SELINUX=permissive

If you are not going to use SELinux, the warning messages are
harmless ... if you want to use SELinux (ie, set the SELINUX=enforcing
in /etc/sysconfig/selinux) you will need to fix the SELinux permission
issues.

You can see more about SELinux here:
http://mirror.centos.org/centos/4/docs/html/rhel-selg-en-4/

-- 
Johnny Hughes
<http://www.CentOS.org/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://beau.org/pipermail/whitebox-users/attachments/20050625/c1a1ddd7/attachment.bin

More information about the Whitebox-users mailing list