-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jan-Frode Myklebust wrote: | On Wed, May 14, 2008 at 4:58 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: |> The one to be concerned about is mounting of the unlabeled_t file |> system. This looks like you have a file system that SELinux does not |> know about? | | | Yes, GPFS doesn't support the selinux extended attributes, so the | filesystems has to be mounted with f.ex. "-o | "fscontext=user_u:object_r:httpd_var_run_t" for static labelling. | | | -jf The other ones are just leaked file descriptors and can be ignored. The third party provider should close the file descriptors on exec C code do to this is: fcntl(fd, F_SETFD, FD_CLOSEXEC) Or you can add a custom policy module to either donataudit or allow this. ausearch -M avc | audit2allow -M mypol semodule -i mypol.pp will create and install a policy package. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkgrZDQACgkQrlYvE4MpobO5gACfQovDnbkKerk3zA+WyD5TcKOK 9q4AoNlf8Mzq9igLo+0BiBNqZk10uBj1 =iJTZ -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
