[policy-1.9-11] ssh-agent takes all the CPU in enforcing mode.
Aleksey Nogin
aleksey at nogin.org
Wed Mar 24 21:31:18 UTC 2004
On 24.03.2004 04:54, Russell Coker wrote:
> On Wed, 24 Mar 2004 21:50, Aleksey Nogin <aleksey at nogin.org> wrote:
>
>>What I see in the logs is
>>
>>audit(1080124752.283:0): avc: denied { write } for pid=2885
>>exe=/usr/bin/ssh-agent path=/home/aleksey/.xsession-errors dev=hda2
>>ino=310712 scontext=aleksey:staff_r:staff_ssh_agent_t
>>tcontext=aleksey:object_r:staff_home_t tclass=file
>
>
> Try using the attached ssh_agent_macros.te.
>
I added the following two lines to my ssh_agent_macros.te and the
problem went away, thanks!
> allow $1_ssh_agent_t { home_root_t $1_home_dir_t }:dir search;
> allow $1_ssh_agent_t $1_home_t:file { getattr write append };
--
Aleksey Nogin
Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907
More information about the fedora-selinux-list
mailing list