Hi, perhaps a rookie question... I've installed keepalived 1.2.13 (from official CentOS repos) on CentOS 7.3. A check-script uses pidof to monitor whether a certain process is still alive. Now I get alerts like the following on all contexts of all running processes: setroubleshoot: SELinux is preventing /usr/sbin/killall5 from getattr access on the file /usr/sbin/irqbalance. For complete SELinux messages. run sealert -l 5db84650-63a7-408c-b8a0-34031c77b6a4 It's clear to me why. killall5 searches for process I'd like to monitor. Sure, one can create a loadable monitor to allow or to dontlog (except the context of the monitored process). But, what about i.e. services installed in the future? Everytime there'll be a new process with a new context there'll be a new alert. Is there something like a wildcard to allow keepalived to use killall5 / getattr on all contexts? I don't like to switch keepalived to unconfined_exec_t just to get rid of the alerts. BTW, these alerts were not present under CentOS 6.8 KR Xavier _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
