On Wed, 2004-07-07 at 15:04 -0400, Stephen Smalley wrote:
> On Mon, 2004-07-05 at 21:44, Ivan Gyurdiev wrote:
> > > Suggestions on improvements? Comments?
> >
> > Just wondering why I have hundreds of denials
> > from sysadm_crond_t in my system log with /usr/bin/setfiles in them.
> >
> > Latest policy, permissive mode.
>
> sysadm_crond_t or system_crond_t?
sysadm is correct (audit2allow in verbose mode):
allow sysadm_crond_t adjtime_t:file { getattr };
#EXE=/usr/sbin/setfiles PATH=/etc/adjtime : getattr
#EXE=/usr/sbin/setfiles PATH=/etc/adjtime : getattr
allow sysadm_crond_t admin_passwd_exec_t:file { getattr };
#EXE=/usr/sbin/setfiles PATH=/usr/sbin/vipw : getattr
#EXE=/usr/sbin/setfiles PATH=/usr/sbin/vipw : getattr
allow sysadm_crond_t agp_device_t:chr_file { getattr };
#EXE=/usr/sbin/setfiles PATH=/dev/agpgart : getattr
#EXE=/usr/sbin/setfiles PATH=/dev/agpgart : getattr
allow sysadm_crond_t amanda_amandates_t:file { getattr };
#EXE=/usr/sbin/setfiles PATH=/etc/amandates : getattr
#EXE=/usr/sbin/setfiles PATH=/etc/amandates : getattr
...etc
Attachment:
signature.asc
Description: This is a digitally signed message part
