On Sat, 18 Sep 2004 04:35, Tom London <selinux@xxxxxxxxx> wrote:
> Need this in rhgb.te:
>
> --- /etc/selinux/strict/src-1.17.18-1/policy/domains/program/rhgb.te
> 2004-09-17 11:32:00.886510890 -0700
> +++ ./rhgb.te 2004-09-17 11:33:42.601099238 -0700
> @@ -34,7 +34,7 @@
> allow insmod_t rhgb_t:fd use;
>
> allow rhgb_t ramfs_t:filesystem { mount unmount };
> -allow rhgb_t root_t:dir { mounton };
> +allow rhgb_t { root_t mnt_t }:dir { mounton };
> allow rhgb_t rhgb_t:capability { sys_admin };
> dontaudit rhgb_t var_run_t:dir { search };
>
> Otherwise can't mount....
Does it still need access to mount on type root_t?
RHGB doesn't work for me at the moment due to other errors so I can't test.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
