Daniel J Walsh wrote:
> Ok lets fix hal then. What is it complaining about?
45# audit2why < /tmp/y
type=AVC msg=audit(1145036599.405:1110): avc: denied { search } for
pid=2452 comm="hald" name="export" dev=sdb2 ino=8161
scontext=system_u:system_r:hald_t:s0
tcontext=system_u:object_r:default_t:s0 tclass=dir
Was caused by:
Missing or disabled TE allow rule.
Allow rules may exist but be disabled by boolean settings;
check boolean settings.
You can see the necessary allow rules by running audit2allow
with this audit message as input.
<and so on...>
Looks like we need:
47# audit2allow < /tmp/y
allow hald_t default_t:dir search;
48#
BTW, how does one use semanage to specify that a context not recurse
to subdirectories? (e.g. <<none>>).
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
