mrtg selinux denials in default configuration
Daniel J Walsh
dwalsh at redhat.com
Thu Apr 17 12:31:43 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Timms wrote:
> Daniel J Walsh wrote:
>> ...
>> Ok I looked at the bugzilla, looks like mrtg is execing top which is
>> reading all process /proc information. Does it need to be able to read
>> all this, or can I dontaudit it.
>
> Dan, I really don't know the answer to that - I haven't got around to
> understanding / configuring mrtg at all. I got the impression from that
> bug that the poster had a specific configuration that was causing that -
> and that he would have to create allow rules for it to work, whereas I
> don't seem to have any configuration for mrtg {except what is provided
> in the rpm - a crond */5 min run using it's default config
> /etc/mrtg/mrtg.cfg
>
> A can confirm that commenting the /etc/cron.d/mrtg command stops the
> denials, but I don't understand why my other F9Beta++ machine doesn't
> generate the same denials.
>
> As an aside: is there a way to perform an rpm -V to verify the packages
> v on-disk contexts ? I could do this for mrtg and all it's requirements.
>
> DaveT.
Not really but you can do a fixfiles -R mrtg restore to read the rpm
database and fix the labels on disk.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkgHQy8ACgkQrlYvE4MpobPPzgCfd81hsUnlz1zSSQnYhXR2r6AY
GF8An3Bmnut5i0iZtNcpcCcS6hvmXgZC
=WwPm
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list