selinux enforcing
Richard Hally
rhallyx at mindspring.com
Fri Mar 26 02:01:31 UTC 2004
In reply to Gene C. on this list (his posting is on my other box),
This message is being sent from Mozilla running on the current
/development tree (at runlevel 5) in "enforcing mode". Below are the
three avc denied messages from when I booted in enforcing mode.
This is with the "as provided" policy with one change in the "users"
file to add my username as an "admin".
Once you have installed the policy and policy-sources and done
"make reload" in /etc/security/selinux/src/policy you must also do
"make relabel" (it can take a while) to label all the files correctly.
Richard Hally
from /var/log/messages:
Mar 25 20:17:10 old1 kernel: audit(1080263823.652:0): avc: denied {
append } for pid=1053 exe=/sbin/syslogd name=news.crit dev=hdc3
ino=196974 scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:innd_log_t tclass=file
Mar 25 20:17:10 old1 kernel: audit(1080263823.653:0): avc: denied {
append } for pid=1053 exe=/sbin/syslogd name=news.err dev=hdc3
ino=196975 scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:innd_log_t tclass=file
Mar 25 20:17:10 old1 kernel: audit(1080263823.654:0): avc: denied {
append } for pid=1053 exe=/sbin/syslogd name=news.notice dev=hdc3
ino=196973 scontext=system_u:system_r:syslogd_t
tcontext=system_u:object_r:innd_log_t tclass=file
More information about the fedora-test-list
mailing list