Jean-David Beyer wrote:
> On 03/27/2013 04:39 PM, Daniel J Walsh wrote:
>> On 03/27/2013 04:25 PM, m.roth@xxxxxxxxx wrote:
>>> Daniel J Walsh wrote:
>>>> On 03/26/2013 05:13 PM, m.roth@xxxxxxxxx wrote:
>>>>> m.roth@xxxxxxxxx wrote:
>>>>>> Daniel J Walsh wrote:
>>>>>>> On 03/26/2013 03:27 PM, m.roth@xxxxxxxxx wrote:
>>>>>>>> Daniel J Walsh wrote:
>>>>>>>>> On 03/26/2013 03:12 PM, m.roth@xxxxxxxxx wrote:
>>>>>>>>>> Daniel J Walsh wrote:
>>>>>>>>>>> On 03/26/2013 03:08 PM, m.roth@xxxxxxxxx wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Got a server that's throwing a ton of avc
>>>>>>>>>>>> granted, all related to Matlab. I saw
>>>>>>>>>>>> something via google from '06, for a java thing
>>>>>>>>>>>> - is there something I can use to shut this
>>>>>>>>>>>> up?
>>>>>>>>>>>>
>>>>>>>>>>>> CentOS 5.9, current.
>>>>>>>> <snip>
>>>>>>>>> One hack to fix this would be to turn the boolean
>>>>>>>>> off and then write a custom policy module to allow
>>>>>>>>> unconfined_t execheap.
>>>>>>>>>
>>>>>>>>> policy_module(myunconfined, 1.0) gen_require(` type
>>>>>>>>> unconfined_t; ') allow unconfined_t self:process
>>>>>>>>> execheap;
>>>>>>>>
>>>>> What a *pain*. As I said, I'm on CentOS 5.9, and rpm -qa |
>>>>> grep selinux-policy\* selinux-policy-2.4.6-327.el5
>>>>> selinux-policy-targeted-2.4.6-327.el5
>>>>>
>>>>> audit2allow doesn't seem to have a debug switch, and I've
>>>>> tried exactly what you wrote, as well as the one I posted,
>>>>> and checkmodule chokes on everything.
>>>>>
>>>> How does it choke?
>>
>>> module matlab 1.0;
>>
>>> require { type unconfined_t; }
>>
>>> allow unconfined_t self:process execheap;
>>
>>> checkmodule -M -m -o matlab.mod matlab.te checkmodule: loading
>>> policy configuration from matlab.te (unknown source)::ERROR
>>> 'unknown class process used in rule' at token ';' on line 7:
>>> allow unconfined_t self:process execheap;
>>
>>> checkmodule: error(s) encountered while parsing configuration
>>
>>> Trying: policy_module(myunconfined, 1.0)
>>
>>> gen_require(` type unconfined_t; ')
>>
>>> allow unconfined_t self:process execheap;
>>
>>> gets checkmodule -M -m -o matlab.mod matlab_dw.te checkmodule:
>>> loading policy configuration from matlab_dw.te (unknown
>>> source)::ERROR 'syntax error' at token 'policy_module' on line
>>> 1:
>>
>>> checkmodule: error(s) encountered while parsing configuration
>>
>> Try with the make file
>>
>> make -f /usr/share/selinux/devel/Makefile
>>
>> (If this exists on RHEL5.)
>
> It does in RHEL6
Not in 5.9.
mark
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
