On Fri, 2005-09-23 at 16:09 -0400, Matthew Saltzman wrote: > Can nobody here help with this (and if not, where could I go for > assistance)? selinux-policy-targeted-1.27.1-2.1 does not solve the > problem. >From the audit messages you posted, I would have expected that: - a new type would have been assigned to /usr/share/hwdata, and apmd_t would have been allowed to read it. - tmp_domain(apmd_t) would have been added to enable it to create its own temporary files under /tmp without disturbing anyone else's temporary files. Looking at the latest rawhide targeted policy (1.27.1-5), it looks like the tmp_domain() has been added, it has been directly allowed to read usr_t (which I would have preferred not doing) and it has been made unconfined in targeted policy (which seems overkill). So I would expect your scripts to work just fine with that policy, even though I'd still favor adding a new type for /usr/share/hwdata and not making apmd_t completely unconfined. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list