Hello,
I am trying to allow the following audit message through, but it says
that there is a violation. Can anyone explain what exactly is going on?
Thank you,
Ioannis
# cat messages.audit
May 27 01:51:13 streamer012 kernel: audit(1243381873.876:60): avc:
denied { mmap_zero } for pid=3155 comm="glusterfs2"
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:system_r:mount_t:s0 tclass=memprotect
# cat selinuxglusterfs.te
module selinuxglusterfs 1.0;
require {
type mount_t;
class memprotect mmap_zero;
}
#============= mount_t ==============
allow mount_t self:memprotect mmap_zero;
# semodule -i selinuxglusterfs.pp
libsepol.check_assertion_helper: assertion on line 0 violated by allow
mount_t mount_t:memprotect { mmap_zero };
libsepol.check_assertions: 1 assertion violations occured
libsemanage.semanage_expand_sandbox: Expand module failed
semodule: Failed!
begin:vcard fn:Ioannis Aslanidis n:Aslanidis;Ioannis org:Flumotion Services S.A.;Infrastructure Department adr:Edifici Nord Planta 2;;World Trade Center;Barcelona;Barcelona;08039;Spain email;internet:iaslanidis@xxxxxxxxxxxxx title:System and Network Administrator tel;work:+34935086359 tel;cell:+34672204575 note;quoted-printable:PGP Key: 0xBEAC0800 (pgp.rediris.es)=0D=0A= Key fingerprint =3D 73FE B836 D116 1EF1 D580 C06E 16AF BCC3 BEAC 0800 url:http://www.flumotion.com version:2.1 end:vcard
Attachment:
signature.asc
Description: OpenPGP digital signature
