Paul Howarth wrote:
> Being an old-fashioned sort of guy, I always create a separate
> partition (well, logical volume these days) for /tmp and various other
> top-level directories. Hence I have a directory /tmp/lost+found and
> every day I get an email from cron like this:
>
> Subject: Cron <root@goalkeeper> run-parts /etc/cron.daily
> Date: Tue, 27 May 2008 04:17:12 +0100
>
> /etc/cron.daily/tmpwatch:
>
> error: failed to lstat /tmp/lost+found: Permission denied
>
> The following policy fixes this:
>
> policy_module(localmisc, 0.0.1)
>
> require {
> type tmpreaper_t;
> }
>
> # Allow tmpwatch to stat /tmp/lost+found
> files_getattr_lost_found_dirs(tmpreaper_t)
>
> Paul.
That is funny because the policy has
files_dontaudit_getattr_lost_found_dirs(tmpreaper_t)
So in order to get rid of the error, we need to allow it, which seems
reasonable.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
