On Fri, 2004-07-09 at 01:13 -0400, Richard Hally wrote:
> Attached (and below) is a diff of a one line addition for
> mozilla_macros.te from the the selinux-policy-strict-sources-1.14.1-5.
>
> audit2allow generated the following from the avc denied messages I
> received when trying to run Mozilla: allow staff_mozilla_t xdm_tmp_t:dir
> { search };
Just running denials through audit2allow is generally the wrong thing.
Often the denials are symptomatic of deeper problems like mislabeled
files, or deep design issues (e.g. GConf), or simply bugs in the
software (like mdadm opening files in /proc read/write), or
configuration problems (running Postfix chrooted).
In this particular case, having Mozilla able to access the XDM
temporarily files is almost certainly the wrong solution. In order to
diagnose it we need to know what file it was accessing (information
contained in the raw dmesg output, but not in audit2allow) and what you
were doing at the time.
Attachment:
signature.asc
Description: This is a digitally signed message part
