-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/13/2013 08:20 AM, Daniel J Walsh wrote:
> On 12/12/2013 01:49 PM, Peter wrote:
>> On 12/13/2013 02:45 AM, Daniel J Walsh wrote:
>
>>> What SELInux issue did you have? What policy did you need to
>>> add?
>
>> Unfortunately I've misplaced the audit logs and report of the
>> problem, but this is the policy I had to add:
>
>> module mypol 1.0;
>
>> require { type unconfined_t; type sshd_net_t; type kernel_t;
>> class process { dyntransition transition sigchld }; }
>
>> #============= kernel_t ============== allow kernel_t
>> sshd_net_t:process dyntransition; allow kernel_t
>> unconfined_t:process { dyntransition transition };
>
>> #============= sshd_net_t ============== allow sshd_net_t
>> kernel_t:process sigchld;
>
>
>> Peter _______________________________________________ CentOS
>> mailing list CentOS@xxxxxxxxxx
>> http://lists.centos.org/mailman/listinfo/centos
>
>
> I actually do not think you need these, these were all caused by
> the originally mislabeled system. If you remove your custom
> policy, I bet it will work fine.
That makes sense. I will try removing them and see how it goes (any
pointers on how to remove a policy?).
Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSqhwJAAoJEAUijw0EjkDvsvkIAJcK5hTl1NkQarl/oipRd1iU
tg0Os4VNqj3oW7wCc9Qnc6YzPXffASyue/eX6TwEu0OrD3IXr8VC2YdFY+VXbdTL
B7mfr5PxNY/jG8/SdauCzKaFRl5nTCGpkO8RxSsmJSpkHgrBrtjJRS0HJJ9RPUFh
Gmt0YYXaCJXu445i4oEeZV72/UJjLfk+sOwm7aDBSfcO5PtvUtCdEc7x7AQ0tYEz
B1t6v5pm9EaiHzNC4eCxGzHRN8E8FlBwQTpUXYfD7E4yVpj/XQyMzgq2P9lZrc74
HNxelDiENUBELG2CIAkO4IrLADVfGhZEvNUMYIV3ANCowA8qslUqznfp8R/nFlQ=
=ZJEe
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
