-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/02/2013 11:44 AM, m.roth@xxxxxxxxx wrote: > Has there been some change in policy? I've got a box that's running fc17, > updated fully, and it's spitting avc's when motion is creating files and > links on an nfs-mounted directory. > > Running audit2allow gets me: #============= zoneminder_t ============== > allow zoneminder_t nfs_t:lnk_file create; > > I'd rather not install that if something happened, and a bug crept into the > current policy.... > > mark > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > Seems pretty strange. sesearch -C -A -s zoneminder_t -c lnk_file -p create Found 3 semantic av rules: allow zoneminder_t zoneminder_spool_t : lnk_file { ioctl read write create getattr setattr lock append unlink link rename } ; allow zoneminder_t zoneminder_tmpfs_t : lnk_file { ioctl read write create getattr setattr lock append unlink link rename } ; DT allow zoneminder_t public_content_rw_t : lnk_file { ioctl read write create getattr setattr lock append unlink link rename } ; [ zoneminder_anon_write ] The only place zoneminder is allowed to create content in is zoneminder content of public_content. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDkeBMACgkQrlYvE4MpobNV/gCg3CPMuDELZ81GOD3yz9FnOl69 G8cAn2pY6OkhXCuhd7TTDo4n3g0oyJZp =GVzw -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
