Yee-HAH! 'smartd' issues 70 avc's when it tries to send mail...
Daniel J Walsh
dwalsh at redhat.com
Tue Dec 7 15:24:54 UTC 2004
Valdis.Kletnieks at vt.edu wrote:
>Running Fedora Core Rawhide as of the other night, so fairly recent.
>Using 'strict/permissive' at the moment...
>
>So I set up 'smartd' to monitor the hard drive in my laptop - I *know* there's
>one bad spot of about 10 blocks long on it, and want to be told if it decides
>to start getting bigger. And sure enough, at boot it tries to e-mail me and
>tell me there's bad blocks. Unfortunately, it seems to invoke 'sh -c mail' or
>something like that, so even the ugly hack of adding an
>exec_auto_trans(sendmail_t) doesn't look like it will help. Any good ideas on
>how to deal with this one?
>
>(And I have *NO* idea why it pops the first 5-6 while trying to find resolv.conf)
>
>Is it trying to open port 25 to send the mail, and if there's no sendmail running,
>it invokes 'sh -c mail'? If so, the solution (or part of it) would simply be to
>have smartd start after sendmail does.....
>
>Oddly curious - the failed read for pipe:[9756] - both ends appear to be fsdaemon_t ;)
>
>
>
Can you try this patch
diff fs_daemon.te~ fs_daemon.te
6c6
< daemon_domain(fsdaemon, `, fs_domain')
---
> daemon_domain(fsdaemon, `, fs_domain, privmail')
15a16
> can_exec(fsdaemon_t, { sbin_t bin_t shell_exec_t }
[root at laptop program]# diff -u fs_daemon.te~ fs_daemon.te
--- fs_daemon.te~ 2004-12-02 15:06:58.000000000 -0500
+++ fs_daemon.te 2004-12-07 10:18:53.437845410 -0500
@@ -3,7 +3,7 @@
# Author: Russell Coker <russell at coker.com.au>
# X-Debian-Packages: smartmontools
-daemon_domain(fsdaemon, `, fs_domain')
+daemon_domain(fsdaemon, `, fs_domain, privmail')
allow fsdaemon_t self:unix_dgram_socket create_socket_perms;
# for config
@@ -13,3 +13,4 @@
allow fsdaemon_t fixed_disk_device_t:blk_file rw_file_perms;
allow fsdaemon_t self:capability { sys_rawio sys_admin };
allow fsdaemon_t etc_runtime_t:file { getattr read };
+can_exec(fsdaemon_t, { sbin_t bin_t shell_exec_t }
>The messages (almost 70 of them):
>Dec 3 11:07:42 turing-police kernel: audit(1102089972.656:0): avc: denied { search } for pid=17328 exe=/usr/sbin/smartd name=/ dev=tmpfs ino=3131 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmpfs_t tclass=dir
>Dec 3 11:07:42 turing-police kernel: audit(1102089972.697:0): avc: denied { write } for pid=17328 exe=/usr/sbin/smartd name=log dev=tmpfs ino=9084 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmpfs_t tclass=sock_file
>Dec 3 11:07:42 turing-police kernel: audit(1102089974.784:0): avc: denied { read } for pid=17328 exe=/usr/sbin/smartd name=resolv.conf dev=dm-5 ino=24648 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:net_conf_t tclass=file
>Dec 3 11:07:42 turing-police kernel: audit(1102089974.784:0): avc: denied { getattr } for pid=17328 exe=/usr/sbin/smartd path=/etc/resolv.conf dev=dm-5 ino=24648 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:net_conf_t tclass=file
>Dec 3 11:07:42 turing-police kernel: audit(1102089974.839:0): avc: denied { create } for pid=17328 exe=/usr/sbin/smartd scontext=system_u:system_r:fsdaemon_t tcontext=system_u:system_r:fsdaemon_t tclass=unix_stream_socket
>Dec 3 11:07:42 turing-police kernel: audit(1102089974.839:0): avc: denied { connect } for pid=17328 exe=/usr/sbin/smartd scontext=system_u:system_r:fsdaemon_t tcontext=system_u:system_r:fsdaemon_t tclass=unix_stream_socket
>Dec 3 11:07:42 turing-police kernel: audit(1102089974.947:0): avc: denied { search } for pid=8202 exe=/usr/sbin/smartd name=bin dev=dm-5 ino=26670 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:bin_t tclass=dir
>Dec 3 11:07:42 turing-police kernel: audit(1102089974.947:0): avc: denied { read } for pid=8202 exe=/usr/sbin/smartd name=sh dev=dm-5 ino=57489 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:bin_t tclass=lnk_file
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.002:0): avc: denied { execute } for pid=8202 exe=/usr/sbin/smartd name=bash dev=dm-5 ino=26747 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:shell_exec_t tclass=file
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.002:0): avc: denied { execute_no_trans } for pid=8202 exe=/usr/sbin/smartd path=/bin/bash dev=dm-5 ino=26747 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:shell_exec_t tclass=file
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.058:0): avc: denied { read } for pid=8202 exe=/usr/sbin/smartd path=/bin/bash dev=dm-5 ino=26747 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:shell_exec_t tclass=file
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.089:0): avc: denied { read } for pid=8202 exe=/bin/bash name=meminfo dev=proc ino=-268435454 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:proc_t tclass=file
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.089:0): avc: denied { getattr } for pid=8202 exe=/bin/bash path=/proc/meminfo dev=proc ino=-268435454 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:proc_t tclass=file
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.149:0): avc: denied { search } for pid=8202 exe=/bin/bash name=sbin dev=dm-5 ino=47195 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:sbin_t tclass=dir
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.149:0): avc: denied { getattr } for pid=8202 exe=/bin/bash path=/bin/bash dev=dm-5 ino=26747 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:shell_exec_t tclass=file
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.213:0): avc: denied { getattr } for pid=17328 exe=/usr/sbin/smartd path=pipe:[9756] dev=pipefs ino=9756 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:system_r:fsdaemon_t tclass=fifo_file
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.213:0): avc: denied { read } for pid=17328 exe=/usr/sbin/smartd path=pipe:[9756] dev=pipefs ino=9756 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:system_r:fsdaemon_t tclass=fifo_file
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.280:0): avc: denied { getattr } for pid=8202 exe=/bin/bash path=/bin/mail dev=dm-5 ino=26730 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:bin_t tclass=file
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.280:0): avc: denied { execute } for pid=8202 exe=/bin/bash name=mail dev=dm-5 ino=26730 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:bin_t tclass=file
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.346:0): avc: denied { getattr } for pid=7644 exe=/bin/bash path=/tmp dev=dm-10 ino=2 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=dir
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.346:0): avc: denied { search } for pid=7644 exe=/bin/bash name=/ dev=dm-10 ino=2 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=dir
>Dec 3 11:07:42 turing-police kernel: audit(1102089975.415:0): avc: denied { write } for pid=7644 exe=/bin/bash name=/ dev=dm-10 ino=2 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.449:0): avc: denied { add_name } for pid=7644 exe=/bin/bash name=sh-thd-1102109337 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.449:0): avc: denied { create } for pid=7644 exe=/bin/bash name=sh-thd-1102109337 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.517:0): avc: denied { write } for pid=7644 exe=/bin/bash path=/tmp/sh-thd-1102109337 dev=dm-10 ino=6150 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.567:0): avc: denied { read } for pid=7644 exe=/bin/bash name=sh-thd-1102109337 dev=dm-10 ino=6150 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.610:0): avc: denied { remove_name } for pid=7644 exe=/bin/bash name=sh-thd-1102109337 dev=dm-10 ino=6150 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.610:0): avc: denied { unlink } for pid=7644 exe=/bin/bash name=sh-thd-1102109337 dev=dm-10 ino=6150 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.679:0): avc: denied { execute_no_trans } for pid=7644 exe=/bin/bash path=/bin/mail dev=dm-5 ino=26730 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:bin_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.679:0): avc: denied { read } for pid=7644 exe=/bin/bash path=/bin/mail dev=dm-5 ino=26730 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:bin_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.783:0): avc: denied { setgid } for pid=7644 exe=/bin/mail capability=6 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:system_r:fsdaemon_t tclass=capability
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.831:0): avc: denied { ioctl } for pid=7644 exe=/bin/mail path=/tmp/sh-thd-1102109337 (deleted) dev=dm-10 ino=6150 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.866:0): avc: denied { ioctl } for pid=7644 exe=/bin/mail path=pipe:[9756] dev=pipefs ino=9756 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:system_r:fsdaemon_t tclass=fifo_file
>Dec 3 11:07:43 turing-police kernel: audit(1102089975.901:0): avc: denied { getattr } for pid=7644 exe=/bin/mail path=/tmp/Rsx6eaR5 dev=dm-10 ino=6151 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089976.007:0): avc: denied { execute } for pid=13925 exe=/bin/mail name=sendmail dev=dm-1 ino=41557 scontext=system_u:system_r:fsdaemon_t tcontext=root:object_r:sbin_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089976.007:0): avc: denied { execute_no_trans } for pid=13925 exe=/bin/mail path=/usr/sbin/sendmail dev=dm-1 ino=41557 scontext=system_u:system_r:fsdaemon_t tcontext=root:object_r:sbin_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089976.091:0): avc: denied { read } for pid=13925 exe=/bin/mail path=/usr/sbin/sendmail dev=dm-1 ino=41557 scontext=system_u:system_r:fsdaemon_t tcontext=root:object_r:sbin_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089976.683:0): avc: denied { create } for pid=13925 exe=/usr/sbin/sendmail scontext=system_u:system_r:fsdaemon_t tcontext=system_u:system_r:fsdaemon_t tclass=tcp_socket
>Dec 3 11:07:43 turing-police kernel: audit(1102089976.813:0): avc: denied { search } for pid=13925 exe=/usr/sbin/sendmail name=mail dev=dm-5 ino=43015 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:etc_mail_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089976.865:0): avc: denied { getattr } for pid=13925 exe=/usr/sbin/sendmail path=/etc/mail/submit.cf dev=dm-5 ino=43033 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:etc_mail_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089976.865:0): avc: denied { getattr } for pid=13925 exe=/usr/sbin/sendmail path=/etc/mail dev=dm-5 ino=43015 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:etc_mail_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089976.947:0): avc: denied { read } for pid=13925 exe=/usr/sbin/sendmail name=submit.cf dev=dm-5 ino=43033 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:etc_mail_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.097:0): avc: denied { setuid } for pid=13925 exe=/usr/sbin/sendmail capability=7 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:system_r:fsdaemon_t tclass=capability
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.174:0): avc: denied { search } for pid=13925 exe=/usr/sbin/sendmail name=spool dev=dm-3 ino=34821 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:var_spool_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.218:0): avc: denied { search } for pid=13925 exe=/usr/sbin/sendmail name=clientmqueue dev=dm-3 ino=55307 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.218:0): avc: denied { getattr } for pid=13925 exe=/usr/sbin/sendmail path=/var/spool/clientmqueue dev=dm-3 ino=55307 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.371:0): avc: denied { getattr } for pid=13925 exe=/usr/sbin/sendmail path=/var/spool dev=dm-3 ino=34821 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:var_spool_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.466:0): avc: denied { write } for pid=13925 exe=/usr/sbin/sendmail name=clientmqueue dev=dm-3 ino=55307 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.509:0): avc: denied { add_name } for pid=13925 exe=/usr/sbin/sendmail name=dfiB3G6HJS013925 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.509:0): avc: denied { create } for pid=13925 exe=/usr/sbin/sendmail name=dfiB3G6HJS013925 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.580:0): avc: denied { getattr } for pid=13925 exe=/usr/sbin/sendmail path=/var/spool/clientmqueue/dfiB3G6HJS013925 dev=dm-3 ino=55324 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.580:0): avc: denied { lock } for pid=13925 exe=/usr/sbin/sendmail path=/var/spool/clientmqueue/dfiB3G6HJS013925 dev=dm-3 ino=55324 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.678:0): avc: denied { write } for pid=13925 exe=/usr/sbin/sendmail path=/var/spool/clientmqueue/dfiB3G6HJS013925 dev=dm-3 ino=55324 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.771:0): avc: denied { read } for pid=13925 exe=/usr/sbin/sendmail name=dfiB3G6HJS013925 dev=dm-3 ino=55324 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.809:0): avc: denied { connect } for pid=13925 exe=/usr/sbin/sendmail scontext=system_u:system_r:fsdaemon_t tcontext=system_u:system_r:fsdaemon_t tclass=tcp_socket
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.809:0): avc: denied { tcp_send } for pid=13925 exe=/usr/sbin/sendmail saddr=127.0.0.1 src=51192 daddr=127.0.0.1 dest=25 netif=lo scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:netif_lo_t tclass=netif
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.879:0): avc: denied { tcp_send } for pid=13925 exe=/usr/sbin/sendmail saddr=127.0.0.1 src=51192 daddr=127.0.0.1 dest=25 netif=lo scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:node_lo_t tclass=node
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.879:0): avc: denied { send_msg } for pid=13925 exe=/usr/sbin/sendmail saddr=127.0.0.1 src=51192 daddr=127.0.0.1 dest=25 netif=lo scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:smtp_port_t tclass=tcp_socket
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.948:0): avc: denied { tcp_recv } for pid=3 comm=ksoftirqd/0 saddr=127.0.0.1 src=25 daddr=127.0.0.1 dest=51192 netif=lo scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:netif_lo_t tclass=netif
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.948:0): avc: denied { tcp_recv } for pid=3 comm=ksoftirqd/0 saddr=127.0.0.1 src=25 daddr=127.0.0.1 dest=51192 netif=lo scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:node_lo_t tclass=node
>Dec 3 11:07:43 turing-police kernel: audit(1102089977.948:0): avc: denied { recv_msg } for pid=3 comm=ksoftirqd/0 saddr=127.0.0.1 src=25 daddr=127.0.0.1 dest=51192 netif=lo scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:smtp_port_t tclass=tcp_socket
>Dec 3 11:07:43 turing-police kernel: audit(1102089978.263:0): avc: denied { remove_name } for pid=13925 exe=/usr/sbin/sendmail name=tfiB3G6HJS013925 dev=dm-3 ino=55327 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089978.263:0): avc: denied { rename } for pid=13925 exe=/usr/sbin/sendmail name=tfiB3G6HJS013925 dev=dm-3 ino=55327 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089978.263:0): avc: denied { unlink } for pid=13925 exe=/usr/sbin/sendmail name=qfiB3G6HJS013925 dev=dm-3 ino=55326 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=file
>Dec 3 11:07:43 turing-police kernel: audit(1102089978.366:0): avc: denied { read } for pid=13925 exe=/usr/sbin/sendmail name=clientmqueue dev=dm-3 ino=55307 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:mqueue_spool_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089978.595:0): avc: denied { getattr } for pid=10722 exe=/bin/bash path=/tmp dev=dm-10 ino=2 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089978.633:0): avc: denied { search } for pid=10722 exe=/bin/bash name=/ dev=dm-10 ino=2 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=dir
>Dec 3 11:07:43 turing-police kernel: audit(1102089978.633:0): avc: denied { write } for pid=10722 exe=/bin/bash name=/ dev=dm-10 ino=2 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=dir
>Dec 3 11:07:44 turing-police kernel: audit(1102089978.701:0): avc: denied { add_name } for pid=10722 exe=/bin/bash name=sh-thd-1102111169 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=dir
>Dec 3 11:07:44 turing-police kernel: audit(1102089978.701:0): avc: denied { remove_name } for pid=10722 exe=/bin/bash name=sh-thd-1102111169 dev=dm-10 ino=6150 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmp_t tclass=dir
>Dec 3 11:36:19 turing-police kernel: audit(1102091779.951:0): avc: denied { search } for pid=16629 exe=/usr/sbin/smartd name=/ dev=tmpfs ino=3131 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmpfs_t tclass=dir
>Dec 3 11:36:20 turing-police kernel: audit(1102091780.816:0): avc: denied { write } for pid=16629 exe=/usr/sbin/smartd name=log dev=tmpfs ino=9084 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:tmpfs_t tclass=sock_file
>
>
>
>------------------------------------------------------------------------
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the fedora-selinux-list
mailing list