-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/21/2012 12:31 PM, Andy Ruch wrote: > Hello, > > I'm setting up a system where the nodes need to have different types. > Currently, I'm getting an AVC denial for a node but I don't know which > node. > > My questions: > > 1) Is it possible to know which node an AVC message is referencing? > > 2) Is there a way to see all the node contexts? I know "semanage node -l" > will show my local nodecon modifications but how do I list all the nodes? > > 3) I tried to add a "nodecon" statement to the corenetwork.te file but the > policy won't compile. How can I label a node from the policy? Here is what > I tried: type my_lo_node_t; corenet_node( my_lo_node_t ) nodecon 127.0.0.1 > 255.255.255.255 gen_context(system_u:object_r:my_lo_node_t, s0) > > > Thanks, Andy Ruch -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > > The AVC should have the node information. I believe you can define the node in policy but have to use semanage to place it on a ip address. This is what we are doing in OpenShift BTW. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlCtGVMACgkQrlYvE4MpobPFzACgyYrpsw/FPSdxAx3bi0kpRY5P q00Anj/97BgmWFjqWBwUmwy42CGBTocJ =GdY5 -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
