Florin Andrei wrote:
On Thu, 2005-04-14 at 22:54 -0700, Florin Andrei wrote:
Apr 14 22:47:52 demo kernel: audit(1113544072.328:0): avc: denied
{ read } for pid=3042 exe=/bin/cp name=config dev=hda2 ino=1212848
scontext=root:system_r:postgresql_t
tcontext=user_u:object_r:selinux_config_t tclass=file
Apr 14 22:47:52 demo kernel: audit(1113544072.334:0): avc: denied
{ getattr } for pid=3042 exe=/bin/cp path=/etc/selinux/config dev=hda2
ino=1212848 scontext=root:system_r:postgresql_t
tcontext=user_u:object_r:selinux_config_t tclass=file
Hm, and now i'm getting something very similar when running a simple DB
initialization script (create databases, create users, create tables,
assign privileges) that before (with non-updated FC4t2) did not give any
SELinux warnings.
Apr 14 22:55:47 demo kernel: audit(1113544547.453:0): avc: denied
{ read } for pid=3269 exe=/bin/cp name=config dev=hda2 ino=1212848
scontext=root:system_r:postgresql_t
tcontext=user_u:object_r:selinux_config_t tclass=file
Apr 14 22:55:47 demo kernel: audit(1113544547.459:0): avc: denied
{ getattr } for pid=3269 exe=/bin/cp path=/etc/selinux/config dev=hda2
ino=1212848 scontext=root:system_r:postgresql_t
tcontext=user_u:object_r:selinux_config_t tclass=file
These are errors you would only see in permissive mode. Basically in
enforcing mode the attempt
to read the directory is dontaudited So the app never tries to read the
files.
So we don't fix these problems. Why are you running in permissive mode?
Dan
--