Re: Ye olde "avc granted"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Daniel J Walsh wrote:
> On 03/26/2013 03:12 PM, m.roth@xxxxxxxxx wrote:
>> Daniel J Walsh wrote:
>>> On 03/26/2013 03:08 PM, m.roth@xxxxxxxxx wrote:
>>>> Hi, folks,
>>>>
>>>> Got a server that's throwing a ton of avc granted, all related to
>>>> Matlab. I saw something via google from '06, for a java thing - is
>>>> there something I can use to shut this up?
>>>>
>>>> CentOS 5.9, current.
<snip>
>>> What do the AVC's look like?
>>
>> type=AVC msg=audit(1364322744.335:646078): avc:  granted  { execheap }
>> for pid=22581 comm="MATLAB" scontext=user_u:system_r:unconfined_t:s0
>> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>
> One hack to fix this would be to turn the boolean off and then write a
> custom policy module to allow unconfined_t execheap.
>
> policy_module(myunconfined, 1.0)
> gen_require(`
> type unconfined_t;
> ')
> allow unconfined_t self:process execheap;

Could I tell it to not audit matlab? If so, what would I tell it not to
audit, the executable? The libraries?

      mark

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux