I am trying to write an SELinux policy to confine a simple service that
I have written in Python, and I'm trying to decide whether to allow or
dontaudit various denials.
To start, I've reduced my service to the simplest case:
#!/usr/bin/python
import sys
sys.exit()
Running this program in a confined domain generated the following
denial:
avc: denied { read } for pid=2024 comm="denatc" name="meminfo"
dev="proc" ino=4026532028 scontext=system_u:system_r:denatc_t:s0
tcontext=system_u:object_r:proc_t:s0 tclass=file
The program does continue on and exit cleanly, so it doesn't seem to
strictly require the access.
Does anyone know why Python is trying to access this file, or what
functionality I might be missing if I don't allow the access?
--
========================================================================
Ian Pilcher arequipeno@xxxxxxxxx
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
