avc: denied 故障处理

本文介绍了在红帽企业Linux4系统中,由于SELinux的安全策略限制导致tux和apache服务无法正常访问documentroot目录的问题。提供了详细的系统日志信息,并给出了禁用SELinux的正确步骤。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Apr 18 10:21:08 localhost kernel: audit(1208485268.980:0): avc:  denied  { rawip_recv } for  saddr=59.41.223.152 src=56054 daddr=121.9.205.164 dest=80 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_eth0_t tclass=netif
Apr 18 10:21:11 localhost kernel: audit(1208485271.950:0): avc:  denied  { rawip_recv } for  saddr=59.41.223.152 src=56054 daddr=121.9.205.164 dest=80 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_eth0_t tclass=netif
Apr 18 10:21:17 localhost kernel: audit(1208485277.956:0): avc:  denied  { rawip_recv } for  saddr=59.41.223.152 src=56054 daddr=121.9.205.164 dest=80 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_eth0_t tclass=netif
Apr 18 10:21:29 localhost kernel: audit(1208485289.887:0): avc:  denied  { rawip_recv } for  saddr=59.41.223.152 src=56054 daddr=121.9.205.164 dest=80 netif=eth0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_eth0_t tclass=netif
Apr 18 10:21:30 localhost nmbd[20674]: [2008/04/18 10:21:30, 0] nmbd/nmbd_packets.c:process_browse_packet(1050)
Apr 18 10:21:30 localhost nmbd[20674]:   process_browse_packet: Discarding datagram from IP 121.9.205.161. Source name LOCALHOST<00> is one of our names !

这是开启tux服务后,访问服务器时的系统日志信息.该服务器是rhel4系统,从上面的信息看是系统开启了SELINUX从而导致tux、apache等服务无权访问相关的documentroot.
红帽企业 Linux 4 包括了一个 SELinux 的实现。SELinux 代表了用户,程序以及进程间相互交流的主要变化。在这个发行版本中,SELinux 被默认安装并被开启使用。

在安装的过程中,您可以选择禁用 SELinux,或是设置它只记录警告信息,或是使用它的只在以下守护进程中有效的目标化策略:dhcpd、httpd、mysqld、named、nscd、ntpd、portmap、postgres、snmpd、squid、syslogd

目标化策略在默认的情况下被启用。

红帽企业 Linux 4 使用在 ext2/ext3 文件系统上的扩展属性来支持 SELinux。这就意味着,当一个文件被写到默认挂载的 ext2/ext3 文件系统中时,一个扩展的属性也会被写入。

当系统有 红帽企业 Linux 4 和 红帽企业 Linux 2.1 双重启动的时候,这就可能会产生一些问题。红帽企业 Linux
2.1 内核不支持文件的扩展属性,当它遇到文件的扩展属性时,系统可能会崩溃。有Linux桌面用户在安装了Redhat Enterprise Linux 4.0后,可能会需要关闭SELinux,正确的方法是:
修改/etc/selinux/config文件中的SELINUX="" 为 disabled ,然后重启。

07-01 11:38:38.900 2029 2271 I [FP_HAL][UffMessageQueue]: [dequeueMessage] dequeue head msg what:6 strwhat:FP_STOP_IMPROVE_PERF when:131732202 07-01 11:38:38.900 2029 2271 I [FP_HAL][Perf]: [handleMessage] what 6 07-01 11:38:38.900 2029 2271 I [FP_HAL][Perf]: enable:0, pid:2029, tid:2272, time:0 07-01 11:38:38.900 2029 2271 E [FP_HAL][Perf]: Allcores is not set in TA, use defaulCores! 07-01 11:38:38.900 2029 2271 I [FP_HAL][Perf]: bind_big_core_bytid for fingerprint tid:2272 success 07-01 11:38:38.901 793 793 E SELinux : avc: denied { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_fingerprint_oppo:s0 pid=2029 scontext=u:r:hal_fingerprint_oppo:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=0 07-01 11:38:38.901 2029 2272 E Bio.SensorManageHelper: initSensor: Unable to get sensorManager. 07-01 11:38:38.901 2029 2272 E Bio.SensorManageHelper: [getSensorEventOnce] sensor queue NOT inited! 07-01 11:38:38.901 2029 2272 I Bio.SensorManageHelper: SENSOR_EVENT_MANAGE_GET_FOLD_STATE, ret state=2000.000000 07-01 11:38:38.901 2029 2271 I [FP_HAL][Perf]: writeUxState for tid=2272 result=0 07-01 11:38:38.901 2029 2272 E [FP_HAL][DcsInfo]: no brightness path available 07-01 11:38:38.901 2029 2272 E [FP_HAL][DcsInfo]: getDcsBrightnessValue:90: result:1 07-01 11:38:38.901 2029 2272 E [FP_HAL][DcsInfo]: [getDcsBrightnessValue] exit. errno=1 07-01 11:38:38.901 2029 2272 I [FP_HAL][FpCa]: ca module:2, cmd:2022 ca time:41918901 cmd_len:568 extra_len:61440 buffer_len:62008 07-01 11:38:38.895 2029 2029 W vendor.oplus.ha: type=1400 audit(0.0:306220): avc: denied { search } for name="leds" dev="sysfs" ino=30417 scontext=u:r:hal_fingerprint_oppo:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=0 07-01 11:38:38.901 2029 2272 I DMABUFHEAPS: Using DMA-BUF heap named: qcom,qseecom 07-01 11:38:38.895 2029 2029 W vendor.oplus.ha: type=1400 audit(0.0:306221): avc: denied { search } for name="backlight" dev="sysfs" ino=85109 scontext=u:r:hal_fingerprint_oppo:s0 tcontext=u:object_r:vendor_sysfs_graphics:s0 tclass=dir permissive=0 07-01 11:38:38.905 2029 2272 I [FP_HAL][QseeCa_dmabuf]: [sendCommand] DMA_BUF_IOCTL_SYNC success, ION_QSECOM_HEAP_ID = 27 07-01 11:38:38.906 1883 3308 D BufferPoolAccessor2.0: bufferpool2 0xb4000071aee83218 : 0(0 size) total buffers - 0(0 size) used buffers - 37/42 (recycle/alloc) - 5/42 (fetch/transfer) 07-01 11:38:38.906 1883 3308 D BufferPoolAccessor2.0: evictor expired: 2, evicted: 1解析日志
07-18
``` SELinux : avc: denied { find } for interface=vendor.mediatek.hardware.nvram::INvram sid=u:r:system_server:s0 pid=955 scontext=u:r:system_server:s0 tcontext=u:object_r:mtk_hal_nvramagent_hwservice:s0 tclass=hwservice_manager permissive=1 03-13 21:32:52.240 955 955 I system_server: type=1400 audit(0.0:46332): avc: denied { call } for scontext=u:r:system_server:s0 tcontext=u:r:mtk_hal_nvramagent:s0 tclass=binder permissive=1 03-13 21:32:52.247 955 955 I android_os_HwBinder: HwBinder: Starting thread pool for getting: vendor.mediatek.hardware.nvram@1.0::INvram/default 03-13 21:32:52.250 955 955 D NetworkSecurityConfig: No Network Security Config specified, using platform default 03-13 21:32:52.251 955 955 E Zygote : System zygote died with fatal exception 03-13 21:32:52.251 955 955 E Zygote : java.lang.RuntimeException: Unable to start activity ComponentInfo{com.hra.TouchPenWizard/com.hra.TouchPenWizard.MainActivity}: java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.String.equals(java.lang.Object)' on a null object reference 03-13 21:32:52.251 955 955 E Zygote : at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3742) 03-13 21:32:52.251 955 955 E Zygote : at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3879) 03-13 21:32:52.251 955 955 E Zygote : at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:101) 03-13 21:32:52.251 955 955 E Zygote : at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135) 03-13 21:32:52.251 955 955 E Zygote : at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95) 03-13 21:32:52.251 955 955 E Zygote : at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2346) 03-13 21:32:52.251 955 955 E Zygote : at android.os.Handler.dispatchMessage(Handler.java:106) 03-13 21:32:52.251 955 955 E Zygote : at android.os.Looper.loopOnce(Looper.java:201) 03-13 21:32:52.251 955 955 E Zygote : at android.os.Looper.loop(Looper.java:288) 03-13 21:32:52.251 955 955 E Zygote : at com.android.server.SystemServer.run(SystemServer.java:983) 03-13 21:32:52.251 955 955 E Zygote : at com.android.server.SystemServer.main(SystemServer.java:659) 03-13 21:32:52.251 955 955 E Zygote : at java.lang.reflect.Method.invoke(Native Method) 03-13 21:32:52.251 955 955 E Zygote : at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:569) 03-13 21:32:52.251 955 955 E Zygote : at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:997) 03-13 21:32:52.251 955 955 E Zygote : Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.String.equals(java.lang.Object)' on a null object reference 03-13 21:32:52.251 955 955 E Zygote : at android.app.LoadedApk.makeApplicationInner(LoadedApk.java:1489) 03-13 21:32:52.251 955 955 E Zygote : at android.app.LoadedApk.makeApplicationInner(LoadedApk.java:1399) 03-13 21:32:52.251 955 955 E Zygote : at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3653) 03-13 21:32:52.251 955 955 E Zygote : ... 13 more 03-13 21:32:52.251 955 955 D AndroidRuntime: Shutting down VM```原因
03-15
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值