2009/7/7 Daniel J Walsh <dwalsh@xxxxxxxxxx>: > > So you intended on using the guest_t user? What does the te file created by > audit2allow look like? > > I think the problem here is the guest_t user is running at s0 and trying to > write to a fifo_file at s0-s0:c0.c1023 > > If you take the above audit messages and run them through audit2why, what > does the tool say? > It says the errors were caused by: Was caused by: Policy constraint violation. May require adding a type attribute to the domain or type to satisfy the constraint. Constraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS). And when I run them through audit2why gives me #============= guest_t ============== allow guest_t sshd_t:fifo_file write; Which looks vaguely sane to my untrained eye. I'm not particularly wedded to the guest user in specific, but I would prefer it to have a minimal privilege user, since it has no need to do anything but manage the git repositories in the home directory. Regards Jon -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
