Dan,
Is this the right thing to do? If so will you apply it or should I open a bug?
Ted
On Thu, Feb 21, 2008 at 1:58 PM, Xavier Toth <txtoth@xxxxxxxxx> wrote:
> Everyone else will too.
>
> --- serefpolicy-3.0.8/policy/modules/system/logging.te 2008-02-21
> 13:10:20.000000000 -0600
> +++ serefpolicy-3.0.8.new/policy/modules/system/logging.te
> 2008-02-21 13:46:32.000000000 -0600
> @@ -162,6 +162,8 @@
>
> miscfiles_read_localization(auditd_t)
>
> +init_use_script_fds(auditd_t)
> +mls_fd_use_all_levels(auditd_t)
> mls_file_read_all_levels(auditd_t)
> mls_file_write_all_levels(auditd_t) # Need to be able to write to
> /var/run/ directory
>
> --- serefpolicy-3.0.8/policy/modules/system/setrans.te 2007-09-18
> 09:48:05.000000000 -0500
> +++ serefpolicy-3.0.8.new/policy/modules/system/setrans.te
> 2008-02-21 13:44:42.000000000 -0600
> @@ -52,6 +52,7 @@
>
> files_read_etc_runtime_files(setrans_t)
>
> +mls_fd_use_all_levels(setrans_t)
> mls_file_read_all_levels(setrans_t)
> mls_file_write_all_levels(setrans_t)
> mls_net_receive_all_levels(setrans_t)
>
>
>
>
> On Wed, Feb 20, 2008 at 4:40 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> >
> > Xavier Toth wrote:
> > > type=AVC msg=audit(1197625021.926:66): avc: denied { write } for
> > > pid=1494 comm="audispd" path="socket:[7238]" dev=sockfs ino=7238
> > > scontext=system_u:system_r:auditd_t:s15:c0.c1023
> > > tcontext=system_u:system_r:auditd_t:s0-s15:c0.c1023
> > > tclass=unix_stream_socket
> > >
> > > type=AVC msg=audit(1203524274.667:562): avc: denied { use } for
> > > pid=19909 comm="mcstransd" path="/lib/ld-2.7.so" dev=dm-0 ino=2359430
> > > scontext=system_u:system_r:setrans_t:s15:c0.c1023
> > > tcontext=system_u:system_r:initrc_t:s0-s15:c0.c1023 tclass=fd
> > >
> > > --
> > > This message was distributed to subscribers of the selinux mailing list.
> > > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> > > the words "unsubscribe selinux" without quotes as the message.
> > Looks like you have an MLS constraint problem.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.8 (GNU/Linux)
> > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> >
> > iEYEARECAAYFAke8rEIACgkQrlYvE4MpobP0CACgqFCF2JTlJQVyHNNTpfx5pJpo
> > 8poAoJlMUL0Qp529P5+jLhpOV/yJFNUl
> > =GfHP
> > -----END PGP SIGNATURE-----
> >
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
