Daniel J Walsh wrote:
... Ok I looked at the bugzilla, looks like mrtg is execing top which is reading all process /proc information. Does it need to be able to read all this, or can I dontaudit it.
Dan, I really don't know the answer to that - I haven't got around to understanding / configuring mrtg at all. I got the impression from that bug that the poster had a specific configuration that was causing that - and that he would have to create allow rules for it to work, whereas I don't seem to have any configuration for mrtg {except what is provided in the rpm - a crond */5 min run using it's default config /etc/mrtg/mrtg.cfg
A can confirm that commenting the /etc/cron.d/mrtg command stops the denials, but I don't understand why my other F9Beta++ machine doesn't generate the same denials.
As an aside: is there a way to perform an rpm -V to verify the packages v on-disk contexts ? I could do this for mrtg and all it's requirements.
DaveT. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
