I wrote:
> I'm running CentOS 6.2, all updates. selinux-policy 3.7.19-126.el6_2.6.
I > see /usr/share/selinux/devel/include/admin/mcelog.if:
> ########################################
> ## <summary>
> ## Execute a domain transition to run mcelog.
> ## </summary>
> ## <param name="domain">
> ## <summary>
> ## Domain allowed to transition.
> ## </summary>
> ## </param>
> #
> interface(`mcelog_domtrans',`
> gen_require(`
> type mcelog_t, mcelog_exec_t;
> ')
>
> domtrans_pattern($1, mcelog_exec_t, mcelog_t)
> ')
>
> Yet, I'm seeing
> SELinux is preventing /usr/sbin/mcelog from getattr access on the file
> /var/run/mcelog.pid.
> Now, from some googling, it *looks* as though this was fixed already.
> Am I missing something, or has this bug been reintroduced?
From: Miroslav Grepl <mgrepl@xxxxxxxxxx>
> On 02/17/2012 09:19 PM, Daniel J Walsh wrote:
>> Well i am not sure if it is was fixed in 6.2 policy or 6.3. I provide
>> the current selinux policy prerelease in
>> people.redhat.com/dwalsh/SELinux/RHEL6
> Please, could you use the latest selinux-policy packages from
> people.redhat.com/dwalsh/SELinux/RHEL6
> how Dan wrote.
Are you asking me to test this policy update? I can do it on this one
machine... but it will be overwritten with the next update, and under no
circumstances will I roll it out to all our servers. We don't normally
even use CPAN - *everything's* from the repositories.
mark
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
