On Tue, 23 Nov 2004 15:11:25 +1100, Russell Coker <russell@xxxxxxxxxxxx> wrote:
> "head -269956 policy.conf |tail -1" gives the following:
> neverallow { domain -privmem } memory_device_t:{ chr_file blk_file } { read
> write append };
>
> The solution is to add the privmem attribute to the declaration of kudzu_t:
> daemon_base_domain(kudzu, `, etc_writer, privmodule, sysctl_kernel_writer,
> fs_domain, privmem')
>
Thanks, but this seems not to quite get it all:
Nov 23 06:05:21 fedora kernel: audit(1101189873.496:0): avc: denied
{ execute } for pid=824 path=/dev/zero dev=tmpfs ino=3517
scontext=system_u:system_r:kudzu_t
tcontext=system_u:object_r:zero_device_t tclass=chr_file
Nov 23 06:05:21 fedora kernel: audit(1101189873.497:0): avc: denied
{ execute } for pid=824 path=/dev/zero dev=tmpfs ino=3517
scontext=system_u:system_r:kudzu_t
tcontext=system_u:object_r:zero_device_t tclass=chr_file
Is this mmap() again?
tom
--
Tom London
