systat needs perms for proc_net_t?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Running strict/enforcing off of latest Rawhide:

I get:
Nov 27 11:10:01 fedora kernel: audit(1101582601.882:0): avc:  denied 
{ search } for  pid=8407 exe=/usr/lib/sa/sadc name=net dev=proc
ino=-268435434 scontext=system_u:system_r:sysstat_t
tcontext=system_u:object_r:proc_net_t tclass=dir
Nov 27 11:10:01 fedora kernel: audit(1101582601.884:0): avc:  denied 
{ search } for  pid=8407 exe=/usr/lib/sa/sadc name=net dev=proc
ino=-268435434 scontext=system_u:system_r:sysstat_t
tcontext=system_u:object_r:proc_net_t tclass=dir

every 10 minutes or so...

I made the following patch to sysstat.te to add
read perms for proc_net_t.  

That right?

tom

--- SAVE/sysstat.te     2004-11-27 11:19:14.988551119 -0800
+++ ./sysstat.te        2004-11-27 11:20:08.235155773 -0800
@@ -51,8 +51,8 @@
 allow sysstat_t fs_t:filesystem getattr;

 # get info from /proc
-allow sysstat_t { proc_t sysctl_kernel_t sysctl_t sysctl_fs_t
sysctl_rpc_t }:dir r_dir_perms;
-allow sysstat_t { proc_t sysctl_kernel_t sysctl_t sysctl_fs_t
sysctl_rpc_t }:file { read getattr };
+allow sysstat_t { proc_t proc_net_t sysctl_kernel_t sysctl_t
sysctl_fs_t sysctl_rpc_t }:dir r_dir_perms;
+allow sysstat_t { proc_t proc_net_t sysctl_kernel_t sysctl_t
sysctl_fs_t sysctl_rpc_t }:file { read getattr };

 domain_auto_trans(initrc_t, sysstat_exec_t, sysstat_t)
 allow sysstat_t init_t:fd use;

-- 
Tom London


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux