On Sat, 2011-06-11 at 15:47 +0200, Dominick Grift wrote: > > On Sat, 2011-06-11 at 14:40 +0100, Arthur Dent wrote: > > > The other slightly odd thing is that when I place the system back into > > Enforcing mode I get no AVCs, but some of the Spamassassin checks > > (Especially iXhash I think) don't seem to be run, but give no errors. > > Try to reproduce it after you ran : semodule -DB > > semodule -DB loads the policy with any rules to silently deny access > removed. > > Then see for AVC denials again. > > After checking do : semodule -B to load the policy with the rules to > silently deny access re-inserted OK I'll try that.. > > > Anyway, the above AVC looked strange and I didn't want to create a local > > policy module for it until I had checked with the chaps here... > > This does not look particularly strange. The pipe is probably created by > systemd. So, should I create a policy module to allow it? I guess the "ask-password" bit of "SELinux is preventing /bin/systemd-tty-ask-password-agent from read access on the fifo_file 136:0." worried me a bit...
Attachment:
signature.asc
Description: This is a digitally signed message part
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
