On 02/07/10 08:23, Michal Svoboda wrote:
Justin P. Mattock wrote:
if nothing the do a
sudo /usr/sbin/semodule -DB
(reboot)
then what does audit2allow say?
should give you some allow rules
if so add them to your policy.
This will most likely output a very large number of rules that don't
make sense, ie. they would do more bad than good.
true.. well if there's a better idea to help this person out,
then please add..(I figured the most simplest way to do so
without having to do brain surgery).
The basic problem is that the network scripts don't have their own
restricted domain in which they could run. Running them from udev on
'network hotplug event' will copy the udev context, which doesn't have
enough privileges to configure network. Giving these privileges to udev
directly would be sub-optimal.
Michal Svoboda
in this case if this is ifup, then it should be a no brainer(but could
be wrong).
Justin P. Mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
