/proc {getattr} failures
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon May 23 01:53:41 UTC 2005
On Sun, 22 May 2005 21:42:17 EDT, "James Z. Li" said:
> targeted policy on FC3
>
> /var/log/messages show lots of avcs:
> May 22 20:54:42 bengal kernel: audit(1116809682.160:0): avc: denied
> { getattr } for pid=2733 exe=/bin/ps path=/proc/1 dev=proc ino=65538
> scontext=user_u:system_r:httpd_sys_script_t
> tcontext=user_u:system_r:unconfined_t tclass=dir
Am I the only one here who thinks that this is really something that can't
be supported in the context of the 'targeted' policy, and would be much
easier to do in 'strict'?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050522/aa64dd15/attachment.sig>
More information about the fedora-selinux-list
mailing list