selinux-policy update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



	Hello everyone,
every time I upgrade selinux-policy packages, I get

SELinux is preventing /usr/sbin/load_policy from 'read, append' accesses on
the file /tmp/tmp5vo8of.

Raw Audit Messages
type=AVC msg=audit(1340799402.853:3866): avc:  denied  { read append } for
pid=22456 comm="load_policy" path="/tmp/tmp5vo8of" dev="tmpfs" ino=464186
scontext=unconfined_u:system_r:load_policy_t:s0-s0:c0.c1023
tcontext=system_u:object_r:tmp_t:s0 tclass=file
type=SYSCALL msg=audit(1340799402.853:3866): arch=x86_64 syscall=execve
success=yes exit=0 a0=ff5f80 a1=ff5f60 a2=ff2e90 a3=10 items=0 ppid=22449
pid=22456 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=pts16 ses=357 comm=load_policy exe=/usr/sbin/load_policy
subj=unconfined_u:system_r:load_policy_t:s0-s0:c0.c1023 key=(null)

The command load_policy is executed by the rpm postinstall scriptlet.
It happens on workstations with f16 or f17, the only less usual thing is
that /tmp is mounted as tmpfs with
rw,nodev,noexec,noatime,nodiratime,context=system_u:object_r:tmp_t:s0
Context of /tmp is the same as it was before and the same as physical
directory /var/tmp.

I know how to make local policy rules, but I would like to know if there
is a better solution. Thanks,

-- 

--Zdenek Pytela, <pytela@xxxxxxxxxxxx>

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux