Thanks, Dominick.
I added
domain_system_change_exemption(segatex_t)
to segatex.te
and, worked fine.
Thanks !!
2009/6/30 Dominick Grift <domg472@xxxxxxxxx>:
> On Tue, 2009-06-30 at 20:29 +0900, Shintaro Fujiwara wrote:
>> Hi, I want to yum install or update from certain domain (segatex_t),
>> but although I set segatex.te right permission even I dontaudit
>> disabled in vain.
>> So, I followed Mr. Walsh lecture, asking audit2why.
>>
>> I still don't know how to solve the problem so please help.
>>
>> [root@notepc ~]# audit2why -i /var/log/audit/audit.log
>> type=AVC msg=audit(1246361092.291:17): avc: denied { transition }
>> for pid=3116 comm="segatex" path="/usr/bin/yum" dev=dm-0 ino=594330
>> scontext=unconfined_u:unconfined_r:segatex_t:s0
>> tcontext=unconfined_u:system_r:rpm_t:s0 tclass=process
>>
>> Was caused by:
>> Policy constraint violation.
>>
>> May require adding a type attribute to the domain or type to satisfy
>> the constraint.
>>
>> Constraints are defined in the policy sources in policy/constraints
>> (general), policy/mcs (MCS), and policy/mls (MLS).
>>
>> type=AVC msg=audit(1246361092.303:18): avc: denied { transition }
>> for pid=3117 comm="segatex" path="/usr/bin/yum" dev=dm-0 ino=594330
>> scontext=unconfined_u:unconfined_r:segatex_t:s0
>> tcontext=unconfined_u:system_r:rpm_t:s0 tclass=process
>>
>> Was caused by:
>> Policy constraint violation.
>>
>> May require adding a type attribute to the domain or type to satisfy
>> the constraint.
>>
>> Constraints are defined in the policy sources in policy/constraints
>> (general), policy/mcs (MCS), and policy/mls (MLS).
>>
>
> I am not sure about this but looking at the rpm_run() and
> rpm_transition_script() interfaces, i suspect this may be related:
>
> domain_system_change_exemption(segatex_t)
> role_transition unconfined_r rpm_exec_t system_r;
> allow unconfined_r system_r;
>
>
>
--
http://intrajp.no-ip.com/ Home Page
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
