Issues after today's Rawhide update...
Daniel J Walsh
dwalsh at redhat.com
Thu Jul 19 15:27:57 UTC 2007
Tom London wrote:
> On 7/19/07, Tom London <selinux at gmail.com> wrote:
>> After today's update (targeted/enforcing), I get a bunch of AVCs.
>> audit.log file attached.
>>
>> tom
>>
>> [root at localhost ~]# audit2allow -i log
>>
>>
>> #============= NetworkManager_t ==============
>> allow NetworkManager_t device_t:sock_file write;
>>
>> #============= auditd_t ==============
>> allow auditd_t device_t:sock_file write;
>>
>> #============= avahi_t ==============
>> allow avahi_t device_t:sock_file write;
>>
>> #============= crond_t ==============
>> allow crond_t device_t:sock_file write;
>>
>> #============= cupsd_t ==============
>> allow cupsd_t unlabeled_t:file ioctl;
>>
>> #============= dhcpc_t ==============
>> allow dhcpc_t device_t:sock_file write;
>>
>> #============= entropyd_t ==============
>> allow entropyd_t device_t:sock_file write;
>>
>> #============= fsdaemon_t ==============
>> allow fsdaemon_t device_t:sock_file write;
>>
>> #============= gpm_t ==============
>> allow gpm_t device_t:sock_file write;
>>
>> #============= ntpd_t ==============
>> allow ntpd_t device_t:sock_file write;
>>
>> #============= rpcbind_t ==============
>> allow rpcbind_t self:capability sys_tty_config;
>> allow rpcbind_t self:udp_socket listen;
>>
>> #============= sendmail_t ==============
>> allow sendmail_t device_t:sock_file write;
>>
>> #============= setroubleshootd_t ==============
>> allow setroubleshootd_t device_t:sock_file write;
>>
>> #============= sshd_t ==============
>> allow sshd_t device_t:sock_file write;
>>
>> #============= system_chkpwd_t ==============
>> allow system_chkpwd_t device_t:sock_file write;
>>
>> #============= system_dbusd_t ==============
>> allow system_dbusd_t device_t:sock_file write;
>>
>> #============= xdm_t ==============
>> allow xdm_t device_t:sock_file write;
>>
>>
>> --
>> Tom London
>>
>>
> Fixing the labels for /sbin/rsyslogd, /sbin/rklogd, etc. appears to
> fix this...
>
> Sorry for being 'quick on the trigger'.
>
>
> tom
Ok tonights policy will have the correct context on these. I need to
crack some skulls together...
More information about the fedora-selinux-list
mailing list