Re: Ye olde "avc granted"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/26/2013 03:12 PM, m.roth@xxxxxxxxx wrote:
> Daniel J Walsh wrote:
>> On 03/26/2013 03:08 PM, m.roth@xxxxxxxxx wrote:
>>> Hi, folks,
>>> 
>>> Got a server that's throwing a ton of avc granted, all related to 
>>> Matlab. I saw something via google from '06, for a java thing - is
> there something
>>> I can use to shut this up?
>>> 
>>> CentOS 5.9, current.
>>> 
>> Ask on the audit list, I am not sure there is anything you can do.
>> 
>> What do the AVC's look like?
> 
> type=AVC msg=audit(1364322744.335:646078): avc:  granted  { execheap } for 
> pid=22581 comm="MATLAB" scontext=user_u:system_r:unconfined_t:s0 
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
> 
> mark
> 
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 

One hack to fix this would be to turn the boolean off and then write a custom
policy module to allow unconfined_t execheap.


policy_module(myunconfined, 1.0)
gen_require(`
type unconfined_t;
')
allow unconfined_t self:process execheap;


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlFR9doACgkQrlYvE4MpobNJCACbBR9cwGMTQ23hxrwvq5r3/zRQ
u7AAnj9YIAZ5PZYiWbks6Ie272uciwlS
=jJfz
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux