mlscontrain violation on dir create

Xavier Toth txtoth at gmail.com
Wed Aug 19 18:41:59 UTC 2009 

A process of type siterep_jcdx_nautilus_helper_t running at SystemHigh
is trying to create a directory at SystemLow and getting the following
mlsconstraint violation:

node=jcdx type=AVC msg=audit(1250704307.148:1143): avc:  denied  {
create } for  pid=4208 comm="processdirs" name="test7" scontext=s
iterep_u:siterep_r:siterep_jcdx_nautilus_helper_t:s15:c0.c1023
tcontext=system_u:object_r:jcdx_ml_var_t:s0 tclass=dir

The  siterep_jcdx_nautilus_helper_t policy uses the following macros:

        manage_dirs_pattern($1_jcdx_nautilus_helper_t,jcdx_ml_var_t,jcdx_ml_var_t)

        ifdef(`enable_mls',`
                 mls_file_read_all_levels($1_jcdx_nautilus_helper_t)
                 mls_file_write_all_levels($1_jcdx_nautilus_helper_t)
                 mls_file_downgrade($1_jcdx_nautilus_helper_t)
                 mls_file_upgrade($1_jcdx_nautilus_helper_t)
        ')

I've looked at the policy mlsconstaints but I'm not understanding
which one is being violated, any ideas?

Ted

More information about the fedora-selinux-list mailing list