m.roth@xxxxxxxxx wrote: > Daniel J Walsh wrote: >> On 03/26/2013 03:27 PM, m.roth@xxxxxxxxx wrote: >>> Daniel J Walsh wrote: >>>> On 03/26/2013 03:12 PM, m.roth@xxxxxxxxx wrote: >>>>> Daniel J Walsh wrote: >>>>>> On 03/26/2013 03:08 PM, m.roth@xxxxxxxxx wrote: >>>>>>> >>>>>>> Got a server that's throwing a ton of avc granted, all related to >>>>>>> Matlab. I saw something via google from '06, for a java thing - is >>>>>>> there something I can use to shut this up? >>>>>>> >>>>>>> CentOS 5.9, current. >>> <snip> >>>> One hack to fix this would be to turn the boolean off and then write a >>>> custom policy module to allow unconfined_t execheap. >>>> >>>> policy_module(myunconfined, 1.0) >>>> gen_require(` >>>> type unconfined_t; >>>>') >>>> allow unconfined_t self:process execheap; >>> What a *pain*. As I said, I'm on CentOS 5.9, and rpm -qa | grep selinux-policy\* selinux-policy-2.4.6-327.el5 selinux-policy-targeted-2.4.6-327.el5 audit2allow doesn't seem to have a debug switch, and I've tried exactly what you wrote, as well as the one I posted, and checkmodule chokes on everything. mark -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
