uhhh... Sorry, but I didn't check before.
Need this in rhgb.te:
--- /etc/selinux/strict/src-1.17.18-1/policy/domains/program/rhgb.te
2004-09-17 11:32:00.886510890 -0700
+++ ./rhgb.te 2004-09-17 11:33:42.601099238 -0700
@@ -34,7 +34,7 @@
allow insmod_t rhgb_t:fd use;
allow rhgb_t ramfs_t:filesystem { mount unmount };
-allow rhgb_t root_t:dir { mounton };
+allow rhgb_t { root_t mnt_t }:dir { mounton };
allow rhgb_t rhgb_t:capability { sys_admin };
dontaudit rhgb_t var_run_t:dir { search };
Otherwise can't mount....
tom
On Thu, 16 Sep 2004 14:39:37 -0700, Tom London <selinux@xxxxxxxxx> wrote:
> On Thu, 16 Sep 2004 17:08:55 -0400, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
>
> <<<SNIP>>>
>
> > > /etc/selinux/strict/src-1.17.16-3/policy/file_contexts/program/rhgb.fc
> > > 2004-09-16 07:14:24.000000000 -0700
> > > +++ ./rhgb.fc 2004-09-16 12:21:12.424588200 -0700
> > > @@ -1,2 +1,3 @@
> > > /usr/bin/rhgb -- system_u:object_r:rhgb_exec_t
> > > #/etc/dbus-1(/.*)? system_u:object_r:etc_dbusd_t
> > > +/etc/rhgb -d system_u:object_r:root_t
> > >
> > Changed to mnt_t
>
> Better!
>
> thanks,
> tom
> --
> Tom London
>
--
Tom London
