Re: mlscontrain violation on dir create

[Xavier Toth <txtoth@xxxxxxxxx>]

On Wed, Aug 19, 2009 at 6:35 PM, Daniel J Walsh<dwalsh@xxxxxxxxxx> wrote:
> On 08/19/2009 02:41 PM, Xavier Toth wrote:
>> A process of type siterep_jcdx_nautilus_helper_t running at SystemHigh
>> is trying to create a directory at SystemLow and getting the following
>> mlsconstraint violation:
>>
>> node=jcdx type=AVC msg=audit(1250704307.148:1143): avc:  denied  {
>> create } for  pid=4208 comm="processdirs" name="test7" scontext=s
>> iterep_u:siterep_r:siterep_jcdx_nautilus_helper_t:s15:c0.c1023
>> tcontext=system_u:object_r:jcdx_ml_var_t:s0 tclass=dir
>>
>> The  siterep_jcdx_nautilus_helper_t policy uses the following macros:
>>
>>         manage_dirs_pattern($1_jcdx_nautilus_helper_t,jcdx_ml_var_t,jcdx_ml_var_t)
>>
>>         ifdef(`enable_mls',`
>>                  mls_file_read_all_levels($1_jcdx_nautilus_helper_t)
>>                  mls_file_write_all_levels($1_jcdx_nautilus_helper_t)
>>                  mls_file_downgrade($1_jcdx_nautilus_helper_t)
>>                  mls_file_upgrade($1_jcdx_nautilus_helper_t)
>>         ')
>>
>> I've looked at the policy mlsconstaints but I'm not understanding
>> which one is being violated, any ideas?
>>
>> Ted
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list@xxxxxxxxxx
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>>
> Not an MLS constraint.
> iterep_u creating a file labeled system_u
>
>

I once was blind but now I see ... Thanks Dan.

Ted

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list