-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/14/2013 09:24 AM, Timothy Murphy wrote: > Miroslav Grepl wrote: > >>> New article on opensource.com describing SELinux enforcement in simple >>> terms. Check it out. >>> >>> http://opensource.com/business/13/11/selinux-policy-guide > >> I believe it is a great introduction to SELinux. > > I liked this. > > I also liked the video <http://www.youtube.com/watch?v=MxjenQ31b70> with > accompanying slides at > <http://people.redhat.com/tcameron/summit2010/selinux/SELinuxMereMortals.pdf>. > > I thought I'd try to move from SELinux permissive mode following the > advice in this video and slides. > > The main problem I met was following sealert advice of the form > ----------------------------- If you want to allow perl to have search > access on the tim directory Then you need to change the label on /home/tim > Do # semanage fcontext -a -t FILE_TYPE '/home/tim' where FILE_TYPE is one > of the following: etc_t, proc_t, sysfs_t, setrans_var_run_t, sssd_public_t, > etc_mail_t, postgresql_tmp_t, sysctl_t, abrt_t, bin_t, likewise_var_lib_t, > postfix_etc_t, lib_t, mnt_t, root_t, device_t, tmp_t, usr_t, var_t, etc_t, > udev_tbl_t, proc_t, krb5_conf_t, spamass_milter_state_t, var_lib_t, > var_run_t, spamd_tmp_t, var_spool_t, dcc_var_t, spamd_compiled_t, > spamd_etc_t, spamd_log_t, var_lib_t, var_run_t, rpm_script_tmp_t, > configfile, proc_net_t, abrt_var_run_t, security_t, var_log_t, samba_var_t, > spamc_home_t, default_t, amavis_var_lib_t, avahi_var_run_t, cert_type, > dirsrv_var_run_t, mysqld_var_run_t, rpm_tmp_t, net_conf_t, > abrt_var_cache_t, clamd_var_run_t, var_run_t, httpd_sys_content_t, > nscd_var_run_t, nslcd_var_run_t, slapd_var_run_t, configfile, > spamd_var_lib_t, spamd_var_run_t, sssd_var_lib_t, cfengine_var_lib_t, > rpm_log_t, sysctl_kernel_t, home_root_t, abrt_var_run_t, spamd_spool_t, > mysqld_db_t, postgresql_var_run_t, tmp_t, var_t, exim_spool_t, > sysctl_crypto_t, user_home_dir_t, sysctl_t, bin_t, winbind_var_run_t, > mail_spool_t, logfile, spamd_t, sysctl_type, autofs_t, device_t, devpts_t, > tmp_t, usr_t, locale_t, var_t, nfs_t, sysctl_t, bin_t, proc_t, var_lib_t, > var_run_t, user_home_t, var_run_t, var_run_t, spamc_home_t, nscd_var_run_t, > pcscd_var_run_t, cluster_pid, home_root_t, cluster_var_lib_t, > cluster_var_run_t, root_t, sysctl_kernel_t, device_t, devpts_t, var_t, > user_home_dir_t, cluster_conf_t, var_t, var_t. > ----------------------------- > Yes those ones are tough, basically the system is trying to expand the list of file types that the application is allowed to write. In this case it expanded a little too large. What was the AVC that caused this? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKE3zsACgkQrlYvE4MpobP0tQCgs9x3oWPb3a2xmbTqJakkIQ15 dTkAoOQ5CG38qJRMQKpY7/+a/RuknGja =j74F -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
