On Feb 4, 2012, at 3:56 AM, Dominick Grift wrote:
On Fri, 2012-02-03 at 21:41 -0500, Maria Iano wrote:Those files are /var/lib/likewise/.eventlog /var/lib/likewise/krb5cc_lsass.AD.DOMAIN /var/lib/likewise/db/lsass-adcache.filedb.AD.DOMAIN What happened was that I ran restorecon on them after they had been created but before those AVCs. I added these rules to the fc file: /var/lib/likewise/\.eventlog -s gen_context(system_u:object_r:eventlogd_var_socket_t,s0) /var/lib/likewise/krb5cc\_lsass\..* -- gen_context(system_u:object_r:lsassd_var_lib_t, s0) /var/lib/likewise/db/lsass-adcache\.filedb\..* -- gen_context(system_u:object_r:lsassd_var_lib_t,s0) and matchpathcon gives the correct type for them now. I haven't had any new AVC messages since those last changes.Thanks. Attached patch is what i think might be the proper fixes for upstream. <Likewise.patch>
Some of the additional file contexts were missing. I've added them to the patch file. I've also attached my te and fc files. Please note, my new diff compared directory trees that were different from yours. Here a line from the updated patch that shows what I'm talking about:
diff --git a/current/policy/modules/services/likewise.fc b/new/policy/ modules/services/likewise.fc
Thanks! Maria
Attachment:
Likewise.patch
Description: Binary data
Attachment:
mylikewise.fc
Description: Binary data
Attachment:
mylikewise.te
Description: Binary data
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
