mlscontrain violation on dir create
Daniel J Walsh
dwalsh at redhat.com
Thu Aug 20 17:00:27 UTC 2009
On 08/20/2009 10:00 AM, Xavier Toth wrote:
> On Wed, Aug 19, 2009 at 6:35 PM, Daniel J Walsh<dwalsh at redhat.com> wrote:
>> On 08/19/2009 02:41 PM, Xavier Toth wrote:
>>> A process of type siterep_jcdx_nautilus_helper_t running at SystemHigh
>>> is trying to create a directory at SystemLow and getting the following
>>> mlsconstraint violation:
>>>
>>> node=jcdx type=AVC msg=audit(1250704307.148:1143): avc: denied {
>>> create } for pid=4208 comm="processdirs" name="test7" scontext=s
>>> iterep_u:siterep_r:siterep_jcdx_nautilus_helper_t:s15:c0.c1023
>>> tcontext=system_u:object_r:jcdx_ml_var_t:s0 tclass=dir
>>>
>>> The siterep_jcdx_nautilus_helper_t policy uses the following macros:
>>>
>>> manage_dirs_pattern($1_jcdx_nautilus_helper_t,jcdx_ml_var_t,jcdx_ml_var_t)
>>>
>>> ifdef(`enable_mls',`
>>> mls_file_read_all_levels($1_jcdx_nautilus_helper_t)
>>> mls_file_write_all_levels($1_jcdx_nautilus_helper_t)
>>> mls_file_downgrade($1_jcdx_nautilus_helper_t)
>>> mls_file_upgrade($1_jcdx_nautilus_helper_t)
>>> ')
>>>
>>> I've looked at the policy mlsconstaints but I'm not understanding
>>> which one is being violated, any ideas?
>>>
>>> Ted
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>
>>>
>> Not an MLS constraint.
>> iterep_u creating a file labeled system_u
>>
>>
>
> I once was blind but now I see ... Thanks Dan.
>
> Ted
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
No propblem. I have looked at a few billion more of these then you have.
More information about the fedora-selinux-list
mailing list