/proc {getattr} failures

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon May 23 01:53:41 UTC 2005

On Sun, 22 May 2005 21:42:17 EDT, "James Z. Li" said:
> targeted policy on FC3
> /var/log/messages show lots of avcs:
> May 22 20:54:42 bengal kernel: audit(1116809682.160:0): avc:  denied 
> { getattr } for  pid=2733 exe=/bin/ps path=/proc/1 dev=proc ino=65538
> scontext=user_u:system_r:httpd_sys_script_t
> tcontext=user_u:system_r:unconfined_t tclass=dir

Am I the only one here who thinks that this is really something that can't
be supported in the context of the 'targeted' policy, and would be much
easier to do in 'strict'?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050522/aa64dd15/attachment.sig>

More information about the fedora-selinux-list mailing list