On 08/19/2009 02:41 PM, Xavier Toth wrote:
> A process of type siterep_jcdx_nautilus_helper_t running at SystemHigh
> is trying to create a directory at SystemLow and getting the following
> mlsconstraint violation:
>
> node=jcdx type=AVC msg=audit(1250704307.148:1143): avc: denied {
> create } for pid=4208 comm="processdirs" name="test7" scontext=s
> iterep_u:siterep_r:siterep_jcdx_nautilus_helper_t:s15:c0.c1023
> tcontext=system_u:object_r:jcdx_ml_var_t:s0 tclass=dir
>
> The siterep_jcdx_nautilus_helper_t policy uses the following macros:
>
> manage_dirs_pattern($1_jcdx_nautilus_helper_t,jcdx_ml_var_t,jcdx_ml_var_t)
>
> ifdef(`enable_mls',`
> mls_file_read_all_levels($1_jcdx_nautilus_helper_t)
> mls_file_write_all_levels($1_jcdx_nautilus_helper_t)
> mls_file_downgrade($1_jcdx_nautilus_helper_t)
> mls_file_upgrade($1_jcdx_nautilus_helper_t)
> ')
>
> I've looked at the policy mlsconstaints but I'm not understanding
> which one is being violated, any ideas?
>
> Ted
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
Not an MLS constraint.
iterep_u creating a file labeled system_u
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
