Since I posted about a week and a half ago, I haven't seen any response.
This is an example of what I think Dan was asking about.
time->Thu Nov 1 16:00:01 2012
type=SYSCALL msg=audit(1351800001.262:133107): arch=c000003e syscall=2
success=yes exit=18 a0=7ffea2fdde22 a1=0 a2=1b6 a3=0 items=0 ppid=20709
pid=20713 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) ses=5118 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1351800001.262:133107): avc: denied { open } for
pid=20713 comm="httpd" name="pcscd.pid" dev=sda3 ino=81412261
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:pcscd_var_run_t:s0 tclass=file
type=AVC msg=audit(1351800001.262:133107): avc: denied { read } for
pid=20713 comm="httpd" name="pcscd.pid" dev=sda3 ino=81412261
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:pcscd_var_run_t:s0 tclass=file
And just to clarify, I believe what's doing this is that the webserver for
svn is checking the user's smart card before allowing them to check files
out.
mark
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
