On Tue, 2013-02-19 at 07:55 +0100, Maurizio Pagani Gmail wrote:
>
> type=AVC msg=audit(1361254531.179:7044668): avc: denied { sigchld } for
> pid=3968 comm="bash" scontext=ssh_role_u:diskadm_role_r:lvm_t:s0
> tcontext=ssh_role_u:diskadm_role_r:diskadm_role_t:s0 tclass=process
>
sigchld permission is "child terminated" signal. child processes need to
be able to send those to the parent process (in this case
"lvdisplay(lvm_t)" executed by the user, using the "BASH
shell(diskadm_role_t)"
This is a common event when doing a domain transition and therefore it
is also part of the domtrans_pattern() pattern. This is a pattern in
refpolicy that has all common permissions required to domain transition
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
