On Thu, 2008-03-27 at 10:44 +0000, Martin Orr wrote:
> crytpsetup, for setting up encrypted volumes, runs shell scripts during this
> process which gives me:
>
> Mar 27 10:16:41 caligula kernel: audit(1206612989.635:4): avc: denied {
> execute } for pid=2929 comm="cryptsetup" name="dash" dev=dm-0 ino=470542
> scontext=system_u:system_r:lvm_t:s0
> tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Sorry for the delay; merged.
> plain text document attachment (113_cryptsetup_shell)
> Written by: Martin Orr
>
> Allow cryptsetup to run shell scripts
>
> Mar 27 10:16:41 caligula kernel: audit(1206612989.635:4): avc: denied { execute } for pid=2929 comm="cryptsetup" name="dash" dev=dm-0 ino=470542 scontext=system_u:system_r:lvm_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
>
> Index: policy/modules/system/lvm.te
> ===================================================================
> --- policy/modules/system/lvm.te.orig
> +++ policy/modules/system/lvm.te
> @@ -247,6 +247,7 @@
> term_list_ptys(lvm_t)
>
> corecmd_exec_bin(lvm_t)
> +corecmd_exec_shell(lvm_t)
>
> domain_use_interactive_fds(lvm_t)
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
