Re: mrtg selinux denials in default configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Timms wrote:
> Daniel J Walsh wrote:
>> ...
>> Ok I looked at the bugzilla, looks like mrtg is execing top which is
>> reading all process /proc information.  Does it need to be able to read
>> all this, or can I dontaudit it.
> 
> Dan, I really don't know the answer to that - I haven't got around to
> understanding / configuring mrtg at all. I got the impression from that
> bug that the poster had a specific configuration that was causing that -
> and that he would have to create allow rules for it to work, whereas I
> don't seem to have any configuration for mrtg {except what is provided
> in the rpm - a crond */5 min run using it's default config
> /etc/mrtg/mrtg.cfg
> 
> A can confirm that commenting the /etc/cron.d/mrtg command stops the
> denials, but I don't understand why my other F9Beta++ machine doesn't
> generate the same denials.
> 
> As an aside: is there a way to perform an rpm -V to verify the packages
> v on-disk contexts ? I could do this for mrtg and all it's requirements.
> 
> DaveT.
Not really but you can do a fixfiles -R mrtg restore to read the rpm
database and fix the labels on disk.
> 
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkgHQy8ACgkQrlYvE4MpobPPzgCfd81hsUnlz1zSSQnYhXR2r6AY
GF8An3Bmnut5i0iZtNcpcCcS6hvmXgZC
=WwPm
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux