-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/27/2013 04:39 PM, Daniel J Walsh wrote:
> On 03/27/2013 04:25 PM, m.roth@xxxxxxxxx wrote:
>> Daniel J Walsh wrote:
>>> On 03/26/2013 05:13 PM, m.roth@xxxxxxxxx wrote:
>>>> m.roth@xxxxxxxxx wrote:
>>>>> Daniel J Walsh wrote:
>>>>>> On 03/26/2013 03:27 PM, m.roth@xxxxxxxxx wrote:
>>>>>>> Daniel J Walsh wrote:
>>>>>>>> On 03/26/2013 03:12 PM, m.roth@xxxxxxxxx wrote:
>>>>>>>>> Daniel J Walsh wrote:
>>>>>>>>>> On 03/26/2013 03:08 PM, m.roth@xxxxxxxxx wrote:
>>>>>>>>>>>
>>>>>>>>>>> Got a server that's throwing a ton of avc
>>>>>>>>>>> granted, all related to Matlab. I saw
>>>>>>>>>>> something via google from '06, for a java thing
>>>>>>>>>>> - is there something I can use to shut this
>>>>>>>>>>> up?
>>>>>>>>>>>
>>>>>>>>>>> CentOS 5.9, current.
>>>>>>> <snip>
>>>>>>>> One hack to fix this would be to turn the boolean
>>>>>>>> off and then write a custom policy module to allow
>>>>>>>> unconfined_t execheap.
>>>>>>>>
>>>>>>>> policy_module(myunconfined, 1.0) gen_require(` type
>>>>>>>> unconfined_t; ') allow unconfined_t self:process
>>>>>>>> execheap;
>>>>>>>
>>>> What a *pain*. As I said, I'm on CentOS 5.9, and rpm -qa |
>>>> grep selinux-policy\* selinux-policy-2.4.6-327.el5
>>>> selinux-policy-targeted-2.4.6-327.el5
>>>>
>>>> audit2allow doesn't seem to have a debug switch, and I've
>>>> tried exactly what you wrote, as well as the one I posted,
>>>> and checkmodule chokes on everything.
>>>>
>>> How does it choke?
>
>> module matlab 1.0;
>
>> require { type unconfined_t; }
>
>> allow unconfined_t self:process execheap;
>
>> checkmodule -M -m -o matlab.mod matlab.te checkmodule: loading
>> policy configuration from matlab.te (unknown source)::ERROR
>> 'unknown class process used in rule' at token ';' on line 7:
>> allow unconfined_t self:process execheap;
>
>> checkmodule: error(s) encountered while parsing configuration
>
>> Trying: policy_module(myunconfined, 1.0)
>
>> gen_require(` type unconfined_t; ')
>
>> allow unconfined_t self:process execheap;
>
>> gets checkmodule -M -m -o matlab.mod matlab_dw.te checkmodule:
>> loading policy configuration from matlab_dw.te (unknown
>> source)::ERROR 'syntax error' at token 'policy_module' on line
>> 1:
>
>
>> checkmodule: error(s) encountered while parsing configuration
>
>> mark
>
>
> Try with the make file
>
> make -f /usr/share/selinux/devel/Makefile
>
> (If this exists on RHEL5.)
It does in RHEL6
$ rpm -qf /usr/share/selinux/devel/Makefile
selinux-policy-3.7.19-195.el6_4.3.noarch
It does in CentOS 5
$ rpm -qf /usr/share/selinux/devel/Makefile
selinux-policy-devel-2.4.6-338.el5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJRVK6JAAoJEBZthAoMYQyLcAgH/jkhgsyxXBVR/Gh6FPgT9emf
1qF5j4IOR+L6tQB+BJuPDaGfLZEcMGdwEQtmXpUsWTOI80k0E7WhSx57H8WlL/ML
N9cv6ov73Y+OySS9hLIl3WDo+jwVpkjB7fNEXki++YeNtHEg0re986LDbCjsSCyC
ieHxrt95wc9/8qN/YdsjM1qZ6bmcxKZFBFfd2wVHCnc3umXTV6Za5aJIZnHZ7GP+
mj8WsSJvSQRjUKUt4DGS548zf09C7fuYUzx13bIrrOYVvndEBHxPru12xPhzPUmm
bIclbgLIYAzdAlrdROJpjV61ewUE8Fx0VEMf2ZDWUcw/7C7Hu4Iua5vW4eOnXEE=
=HzFM
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
