-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/12/2013 03:26 PM, Peter wrote: > On 12/13/2013 08:20 AM, Daniel J Walsh wrote: >> On 12/12/2013 01:49 PM, Peter wrote: >>> On 12/13/2013 02:45 AM, Daniel J Walsh wrote: > >>>> What SELInux issue did you have? What policy did you need to add? > >>> Unfortunately I've misplaced the audit logs and report of the problem, >>> but this is the policy I had to add: > >>> module mypol 1.0; > >>> require { type unconfined_t; type sshd_net_t; type kernel_t; class >>> process { dyntransition transition sigchld }; } > >>> #============= kernel_t ============== allow kernel_t >>> sshd_net_t:process dyntransition; allow kernel_t unconfined_t:process { >>> dyntransition transition }; > >>> #============= sshd_net_t ============== allow sshd_net_t >>> kernel_t:process sigchld; > > >>> Peter _______________________________________________ CentOS mailing >>> list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos > > >> I actually do not think you need these, these were all caused by the >> originally mislabeled system. If you remove your custom policy, I bet it >> will work fine. > > That makes sense. I will try removing them and see how it goes (any > pointers on how to remove a policy?). > > > Peter _______________________________________________ CentOS mailing list > CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos > semodule -r POLICYNAME. For example if you installed mypol.pp You would probably remove semodule -r mypol -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKrE4cACgkQrlYvE4MpobMRgACfedBTbBiaq42L/sixX0MSXRLA 1/UAoKqq+MLqH1FktvcSIG9FRwhESTmn =Td0a -----END PGP SIGNATURE----- _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos