Quoting Dominick Grift:
You need to keep you old diskstats-pol module loaded as well because
this is a two fold issue (Both a type enforcement issue, as well as a
MCS issue)
I thought so already :)
..Or you could merge the two, but the point is that my module does not
replace yours, instead it complements yours
I merged it:
-------------- snip ----------------
module my-munin-diskstats 1.0;
gen_require(` type munin_disk_plugin_t; ')
mcs_file_read_all(munin_disk_plugin_t)
require {
type svirt_image_t;
type munin_disk_plugin_t;
class blk_file getattr;
}
#============= munin_disk_plugin_t ==============
allow munin_disk_plugin_t svirt_image_t:blk_file getattr;
-------------- snip ----------------
and replaced the old version with the new and
EUREKA! it works :-)
Nov 15 17:42:54 servername setroubleshoot: Deleting alert
2b08f291-13be-4b09-878a-96cccc4c336d, it is allowed in current policy
Thanks a lot for your help!
Gabriele
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
