fedora policy changes
Chris Grier
grier at uiuc.edu
Wed Jun 2 16:29:28 UTC 2004
Hi, I'm using Fedora Core 2 with SELinux, and I was wondering if there
is an official place to submit (possible) policy changes. I have run
across a couple things that might need to be changed, and I would like
to submit them for the next versions of the policy packages. I can do
bugzilla if thats the right place for these things.
The main things I'm looking at right now are for dm-crypt. It seems that
there might not be correct labeling to support device mapper.
hda6 is the / partition, where the loopback file is (I'm using losetup
to setup the loop, and dm-crypt to encrypt, which is then mounted as a
user home directory)
audit(1086192065.154:0): avc: denied { read } for pid=2844
exe=/sbin/ldconfig name=libdevmapper.so.1.00 dev=hda6 ino=278879
scontext=root:sysadm_r:ldconfig_t tcontext=system_u:object_r:usr_t
tclass=file
audit(1086192065.179:0): avc: denied { read } for pid=2844
exe=/sbin/ldconfig name=libdevmapper.so dev=hda6 ino=278880
scontext=root:sysadm_r:ldconfig_t tcontext=system_u:object_r:usr_t
tclass=lnk_file
--
Chris Grier <grier at uiuc.edu>
More information about the fedora-selinux-list
mailing list