Re: Denial showing up even when allow rule appied

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Dan,

Thanks for the pointer . Will give this a try.

-Anamitra

On 5/21/13 6:07 AM, "Daniel J Walsh" <dwalsh@xxxxxxxxxx> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>> 2. The AVC denial is type=AVC msg=audit(1369081665.408:8113): avc:
>>denied
>> { create } for pid=18379 comm="usermod" name="passwd+"
>> scontext=specialuser_u:system_r:pwrecoveryd_t:s0
>> tcontext=system_u:object_r:etc_t:s0 tclass=file
>
>The avc shows a process running as SELinux user is attempting to create a
>file
>labeled system_u:object_r:etc_t:s0.  Since you are changing the SELinux
>user
>component you get an AVC.  Does your app do a setfscreatecon() call?
>
>domain_obj_id_change_exemption(pwrecoveryd_t)  is probably what you need.
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.13 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>iEYEARECAAYFAlGbcZkACgkQrlYvE4MpobMVegCfVG3yKECgQriAUxY8mxAA85cJ
>cP8AnisdaxW1NcIvuwMzRp65r+/KiEeV
>=R7ik
>-----END PGP SIGNATURE-----

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux