mrtg selinux denials in default configuration

Daniel J Walsh dwalsh at
Thu Apr 17 12:31:43 UTC 2008

Hash: SHA1

David Timms wrote:
> Daniel J Walsh wrote:
>> ...
>> Ok I looked at the bugzilla, looks like mrtg is execing top which is
>> reading all process /proc information.  Does it need to be able to read
>> all this, or can I dontaudit it.
> Dan, I really don't know the answer to that - I haven't got around to
> understanding / configuring mrtg at all. I got the impression from that
> bug that the poster had a specific configuration that was causing that -
> and that he would have to create allow rules for it to work, whereas I
> don't seem to have any configuration for mrtg {except what is provided
> in the rpm - a crond */5 min run using it's default config
> /etc/mrtg/mrtg.cfg
> A can confirm that commenting the /etc/cron.d/mrtg command stops the
> denials, but I don't understand why my other F9Beta++ machine doesn't
> generate the same denials.
> As an aside: is there a way to perform an rpm -V to verify the packages
> v on-disk contexts ? I could do this for mrtg and all it's requirements.
> DaveT.
Not really but you can do a fixfiles -R mrtg restore to read the rpm
database and fix the labels on disk.
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -


More information about the fedora-selinux-list mailing list