Re: FC8 enforcing auditd, mcstransd, NFS statd fail to start

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Everyone else will too.

--- serefpolicy-3.0.8/policy/modules/system/logging.te  2008-02-21
13:10:20.000000000 -0600
+++ serefpolicy-3.0.8.new/policy/modules/system/logging.te
2008-02-21 13:46:32.000000000 -0600
@@ -162,6 +162,8 @@

 miscfiles_read_localization(auditd_t)

+init_use_script_fds(auditd_t)
+mls_fd_use_all_levels(auditd_t)
 mls_file_read_all_levels(auditd_t)
 mls_file_write_all_levels(auditd_t) # Need to be able to write to
/var/run/ directory

--- serefpolicy-3.0.8/policy/modules/system/setrans.te  2007-09-18
09:48:05.000000000 -0500
+++ serefpolicy-3.0.8.new/policy/modules/system/setrans.te
2008-02-21 13:44:42.000000000 -0600
@@ -52,6 +52,7 @@

 files_read_etc_runtime_files(setrans_t)

+mls_fd_use_all_levels(setrans_t)
 mls_file_read_all_levels(setrans_t)
 mls_file_write_all_levels(setrans_t)
 mls_net_receive_all_levels(setrans_t)


On Wed, Feb 20, 2008 at 4:40 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>
>
>
>  Xavier Toth wrote:
>  > type=AVC msg=audit(1197625021.926:66): avc:  denied  { write } for
>  > pid=1494 comm="audispd" path="socket:[7238]" dev=sockfs ino=7238
>  > scontext=system_u:system_r:auditd_t:s15:c0.c1023
>  > tcontext=system_u:system_r:auditd_t:s0-s15:c0.c1023
>  > tclass=unix_stream_socket
>  >
>  > type=AVC msg=audit(1203524274.667:562): avc:  denied  { use } for
>  > pid=19909 comm="mcstransd" path="/lib/ld-2.7.so" dev=dm-0 ino=2359430
>  > scontext=system_u:system_r:setrans_t:s15:c0.c1023
>  > tcontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tclass=fd
>  >
>  > --
>  > This message was distributed to subscribers of the selinux mailing list.
>  > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
>  > the words "unsubscribe selinux" without quotes as the message.
>  Looks like you have an MLS constraint problem.
>  -----BEGIN PGP SIGNATURE-----
>  Version: GnuPG v1.4.8 (GNU/Linux)
>  Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
>  iEYEARECAAYFAke8rEIACgkQrlYvE4MpobP0CACgqFCF2JTlJQVyHNNTpfx5pJpo
>  8poAoJlMUL0Qp529P5+jLhpOV/yJFNUl
>  =GfHP
>  -----END PGP SIGNATURE-----
>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux