Re: get the red and green back (really consoletype, rhgb)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Runing latest Rawhide w/Dan's latest stuff:

rhgb fails with:

Sep 23 19:41:43 fedora kernel: audit(1095968474.168:0): avc:  denied 
{ search } for  pid=1593 exe=/usr/bin/rhgb name=rhgb dev=hda2
ino=280446 scontext=system_u:system_r:rhgb_t
tcontext=system_u:object_r:mnt_t tclass=dir
Sep 23 19:41:43 fedora kernel: audit(1095968474.168:0): avc:  denied 
{ search } for  pid=1593 exe=/usr/bin/rhgb name=rhgb dev=hda2
ino=280446 scontext=system_u:system_r:rhgb_t
tcontext=system_u:object_r:mnt_t tclass=dir

tom

On Wed, 22 Sep 2004 14:46:42 -0400, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> Russell Coker wrote:
> 
> >On Sat, 18 Sep 2004 04:35, Tom London <selinux@xxxxxxxxx> wrote:
> >
> >
> >>Need this in rhgb.te:
> >>
> >>--- /etc/selinux/strict/src-1.17.18-1/policy/domains/program/rhgb.te
> >> 2004-09-17 11:32:00.886510890 -0700
> >>+++ ./rhgb.te   2004-09-17 11:33:42.601099238 -0700
> >>@@ -34,7 +34,7 @@
> >> allow insmod_t rhgb_t:fd use;
> >>
> >> allow rhgb_t ramfs_t:filesystem { mount unmount };
> >>-allow rhgb_t root_t:dir { mounton };
> >>+allow rhgb_t { root_t mnt_t }:dir { mounton };
> >> allow rhgb_t rhgb_t:capability { sys_admin };
> >> dontaudit rhgb_t var_run_t:dir { search };
> >>
> >>Otherwise can't mount....
> >>
> >>
> >
> >Does it still need access to mount on type root_t?
> >
> >RHGB doesn't work for me at the moment due to other errors so I can't test.
> >
> >
> >
> No I removed root_t.
> 
> 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 



-- 
Tom London

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux