On 7/19/07, Ken YANG <spng.yang@xxxxxxxxx> wrote:
Daniel J Walsh wrote: > Tom London wrote: >> Believe some changes (e.g., /etc/rsyslog.conf, /sbin/rsyslogd,...) are >> in order? >> >> [root@localhost ~]# ps agxZ | grep syslog >> system_u:system_r:initrc_t 2511 ? Ssl 0:00 rsyslogd -m 0 >> system_u:system_r:unconfined_t 4154 pts/0 S+ 0:00 grep syslog >> [root@localhost ~]# >> >> >> tom > If you change its context to syslogd_exec_t does everything work right? to me, it seemed everything is right, after changing to syslogd_exec_t -(:10:53:$)-> ps axZ | grep syslog system_u:system_r:syslogd_t 3553 ? Ssl 0:00 rsyslogd -m 0 system_u:system_r:syslogd_t 3557 ? Ss 0:00 rklogd -x and after i plugged in flash disk, dmesg also worked well: -(:10:51:$)-> dmesg | tail sdc: Mode Sense: 03 00 00 00 sdc: assuming drive cache: write through SCSI device sdc: 258048 512-byte hdwr sectors (132 MB) sdc: Write Protect is off sdc: Mode Sense: 03 00 00 00 sdc: assuming drive cache: write through sdc: sdc1 sd 4:0:0:0: Attached scsi removable disk sdc sd 4:0:0:0: Attached scsi generic sg2 type 0 SELinux: initialized (dev sdc1, type vfat), uses genfs_contexts can all these infos verify "everything work right"? if yes, i want to modify policy according to these.
Ken, Believe this is not exactly right. I believe /sbin/rklogd should have a type of 'klogd_exec_t', not 'syslog_exec_t'. I believe Dan has already fixed this in selinux-policy-3.0.3-2.fc8. tom -- Tom London -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
