On 07/06/11 08:42, Kurt.Nelson@xxxxxxxxxxxxxxx wrote:
> I’m setting up a RHEL6 box with MLS and am having issues with it
> enforcing the use of roles. Secadm_r and auditadm_r are not required to
> run setenforce or semanage and no role is able to write in /etc/audit/
> at all. The IRC channel seems to believe there is an issue with the
> ifndef(‘enable_mls’… not triggering.
[....]
> [root@hatch ~]# sesearch --allow -s sysadm_t -t semanage_exec_t -c file
> -p execute
> allow sysadm_t application_exec_type : file { ioctl read getattr lock
> execute execute_no_trans open } ;
> type_transition sysadm_t semanage_exec_t : process semanage_t;
I did some looking at Refpolicy, and it doesn't appear to have this problem.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
