-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/28/2013 08:34 PM, mark wrote:
> On 03/28/13 19:39, Jean-David Beyer wrote:
>> On 03/28/2013 05:27 PM, m.roth@xxxxxxxxx wrote:
>>> Jean-David Beyer wrote:
>>>> On 03/27/2013 04:39 PM, Daniel J Walsh wrote:
>>>>> On 03/27/2013 04:25 PM, m.roth@xxxxxxxxx wrote:
>>>>>> Daniel J Walsh wrote:
>>>>>>> On 03/26/2013 05:13 PM, m.roth@xxxxxxxxx wrote:
>>>>>>>> m.roth@xxxxxxxxx wrote:
>>>>>>>>> Daniel J Walsh wrote:
>>>>>>>>>> On 03/26/2013 03:27 PM, m.roth@xxxxxxxxx wrote:
>>>>>>>>>>> Daniel J Walsh wrote:
>>>>>>>>>>>> On 03/26/2013 03:12 PM, m.roth@xxxxxxxxx wrote:
>>>>>>>>>>>>> Daniel J Walsh wrote:
>>>>>>>>>>>>>> On 03/26/2013 03:08 PM, m.roth@xxxxxxxxx wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Got a server that's throwing a ton of avc
>>>>>>>>>>>>>>> granted, all related to Matlab. I saw something
>>>>>>>>>>>>>>> via google from '06, for a java thing - is
>>>>>>>>>>>>>>> there something I can use to shut this up?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> CentOS 5.9, current.
>>>>>>>>>>> <snip>
>>>>>>>>>>>> One hack to fix this would be to turn the boolean off
>>>>>>>>>>>> and then write a custom policy module to allow
>>>>>>>>>>>> unconfined_t execheap.
>>>>>>>>>>>>
>>>>>>>>>>>> policy_module(myunconfined, 1.0) gen_require(` type
>>>>>>>>>>>> unconfined_t; ') allow unconfined_t self:process
>>>>>>>>>>>> execheap;
>>>>>>>>>>>
>>>>>>>> What a *pain*. As I said, I'm on CentOS 5.9, and rpm -qa |
>>>>>>>> grep selinux-policy\* selinux-policy-2.4.6-327.el5
>>>>>>>> selinux-policy-targeted-2.4.6-327.el5
>>>>>>>>
>>>>>>>> audit2allow doesn't seem to have a debug switch, and I've
>>>>>>>> tried exactly what you wrote, as well as the one I posted,
>>>>>>>> and checkmodule chokes on everything.
>>>>>>>>
>>>>>>> How does it choke?
>>>>>
>>>>>> module matlab 1.0;
>>>>>
>>>>>> require { type unconfined_t; }
>>>>>
>>>>>> allow unconfined_t self:process execheap;
>>>>>
>>>>>> checkmodule -M -m -o matlab.mod matlab.te checkmodule: loading
>>>>>> policy configuration from matlab.te (unknown source)::ERROR
>>>>>> 'unknown class process used in rule' at token ';' on line 7:
>>>>>> allow unconfined_t self:process execheap;
>>>>>
>>>>>> checkmodule: error(s) encountered while parsing configuration
>>>>>
>>>>>> Trying: policy_module(myunconfined, 1.0)
>>>>>
>>>>>> gen_require(` type unconfined_t; ')
>>>>>
>>>>>> allow unconfined_t self:process execheap;
>>>>>
>>>>>> gets checkmodule -M -m -o matlab.mod matlab_dw.te checkmodule:
>>>>>> loading policy configuration from matlab_dw.te (unknown
>>>>>> source)::ERROR 'syntax error' at token 'policy_module' on line
>>>>>> 1:
>>>>>
>>>>>> checkmodule: error(s) encountered while parsing configuration
>>>>>
>>>>> Try with the make file
>>>>>
>>>>> make -f /usr/share/selinux/devel/Makefile
>>>>>
>>>>> (If this exists on RHEL5.)
>>>>
>>>> It does in RHEL6
>>>
>>> Not in 5.9.
>>>
>> I do not have RHEL5.9, but I do have CentOS5.9 and it has it. Are Red Hat
>> and CentOS that different?
>
> Not at all: CentOS removed proprietary material, and recompiles from RHEL
> source. That is, in fact, what I'm running.
>
> mark
>
You mean other then taking food out of the mouth of my Children? :^)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFVhG4ACgkQrlYvE4MpobM+6gCfWqQNgJVJMduDYhUQn9BQpOVE
7nkAn2A6EGAhQKsmgktkNY33ukOG2aQ1
=pWU7
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
