On Sun, 14 Mar 2004 06:53, Aleksey Nogin <aleksey@xxxxxxxxx> wrote:
> This is from the slocate's updatedb cron job, if I am not mistaken.
>
> audit(1079205055.953:0): avc: denied { getattr } for pid=4254
> exe=/usr/bin/slocate path=/dev/cfs0 dev=hda2 ino=2681888
> scontext=system_u:system_r:locate_t tcontext=system_u:object_r:device_t
> tclass=chr_file
I've allowed this in my tree.
> audit(1079205059.464:0): avc: denied { getattr } for pid=4254
> exe=/usr/bin/slocate path=/var/lib/rpc_pipes dev= ino=5855
> scontext=system_u:system_r:locate_t
> tcontext=system_u:object_r:rpc_pipefs_t tclass=dir
> audit(1079205061.343:0): avc: denied { read } for pid=4254
> exe=/usr/bin/slocate dev= ino=5855 scontext=system_u:system_r:locate_t
> tcontext=system_u:object_r:rpc_pipefs_t tclass=dir
> audit(1079205061.343:0): avc: denied { search } for pid=4254
> exe=/usr/bin/slocate dev= ino=5855 scontext=system_u:system_r:locate_t
> tcontext=system_u:object_r:rpc_pipefs_t tclass=dir
I've put in a dontaudit rule for this in my tree.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
