On 03/28/13 19:39, Jean-David Beyer wrote:
On 03/28/2013 05:27 PM, m.roth@xxxxxxxxx wrote:
Jean-David Beyer wrote:
On 03/27/2013 04:39 PM, Daniel J Walsh wrote:
On 03/27/2013 04:25 PM, m.roth@xxxxxxxxx wrote:
Daniel J Walsh wrote:
On 03/26/2013 05:13 PM, m.roth@xxxxxxxxx wrote:
m.roth@xxxxxxxxx wrote:
Daniel J Walsh wrote:
On 03/26/2013 03:27 PM, m.roth@xxxxxxxxx wrote:
Daniel J Walsh wrote:
On 03/26/2013 03:12 PM, m.roth@xxxxxxxxx wrote:
Daniel J Walsh wrote:
On 03/26/2013 03:08 PM, m.roth@xxxxxxxxx wrote:
Got a server that's throwing a ton of avc
granted, all related to Matlab. I saw
something via google from '06, for a java thing
- is there something I can use to shut this
up?
CentOS 5.9, current.
<snip>
One hack to fix this would be to turn the boolean
off and then write a custom policy module to allow
unconfined_t execheap.
policy_module(myunconfined, 1.0) gen_require(` type
unconfined_t; ') allow unconfined_t self:process
execheap;
What a *pain*. As I said, I'm on CentOS 5.9, and rpm -qa |
grep selinux-policy\* selinux-policy-2.4.6-327.el5
selinux-policy-targeted-2.4.6-327.el5
audit2allow doesn't seem to have a debug switch, and I've
tried exactly what you wrote, as well as the one I posted,
and checkmodule chokes on everything.
How does it choke?
module matlab 1.0;
require { type unconfined_t; }
allow unconfined_t self:process execheap;
checkmodule -M -m -o matlab.mod matlab.te checkmodule: loading
policy configuration from matlab.te (unknown source)::ERROR
'unknown class process used in rule' at token ';' on line 7:
allow unconfined_t self:process execheap;
checkmodule: error(s) encountered while parsing configuration
Trying: policy_module(myunconfined, 1.0)
gen_require(` type unconfined_t; ')
allow unconfined_t self:process execheap;
gets checkmodule -M -m -o matlab.mod matlab_dw.te checkmodule:
loading policy configuration from matlab_dw.te (unknown
source)::ERROR 'syntax error' at token 'policy_module' on line
1:
checkmodule: error(s) encountered while parsing configuration
Try with the make file
make -f /usr/share/selinux/devel/Makefile
(If this exists on RHEL5.)
It does in RHEL6
Not in 5.9.
I do not have RHEL5.9, but I do have CentOS5.9 and it has it.
Are Red Hat and CentOS that different?
Not at all: CentOS removed proprietary material, and recompiles from
RHEL source. That is, in fact, what I'm running.
mark
--
--------------------- Fortune ------------------------
Q: What do you call a blind pre-historic animal?
A: Diyathinkhesaurus.
Q: What do you call a blind pre-historic animal with a dog?
A: Diyathinkhesaurus Rex.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
