On Tuesday 22 February 2005 12:15, Valdis.Kletnieks@xxxxxx wrote: > At least at one point in time, I was seeing random avc errors on mount > points that made absolutely no sense - I'd do an 'ls -Z' and it would look > OK. Finally twigged in that I needed to unmount the file system, relabel > the *directory*, and then remount. Seem to remember /usr/share and > /usr/local biting me that way (/, /usr, /usr/local, and /usr/share are 4 > different file systems on my box). In those cases a dontaudit rule will usually do the job. If the file system is not mounted then there's nothing that the application can usefully do under the mount point and usually ENOENT and EACCESS usually get the same code paths in most applications that try to open files. grep dontaudit.*file_t.dir policy.conf The above grep command will show you some of the dontaudit rules that have already been put in place to deal with this. If there are more domains that may get used early in the boot process to get such errors then let us know and we'll write dontaudit rules. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
