Enabling SELinux Alert notification
Daniel J Walsh
dwalsh at redhat.com
Mon Oct 8 17:23:27 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dylan Graham wrote:
> Daniel J Walsh wrote:
>> What avc's are you seeing in your audit.log? Sounds like an
>> execstack/execmem error.
>
> type=AVC msg=audit(1191835751.169:39): avc: denied { write } for
> pid=4885 comm="X" path="/var/log/nvidia-installer.log" dev=dm-0
> ino=3507028 scontext=root:system_r:xdm_xserver_t:s0-s0:c0.c1023
> tcontext=root:object_r:var_log_t:s0 tclass=file
>
> type=AVC msg=audit(1191835798.942:40): avc: denied { write } for
> pid=6285 comm="ldconfig" path="/var/log/nvidia-installer.log" dev=dm-0
> ino=3507028 scontext=root:system_r:ldconfig_t:s0-s0:c0.c1023
> tcontext=root:object_r:var_log_t:s0 tclass=file
>
>
So when X starts up it writes to a nvida log files?
You can label these as xserver_log_t and this should work.
# semanage fcontext -a -t xserver_log_t /var/log/nvidia-installer.log
# restorecon -v /var/log/nvidia-installer.log
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHCmeOrlYvE4MpobMRAlGmAJwLU417H3lJO5X8ciuxa4+uih5MqwCfVNaQ
TPyUlpapBr73FpWR8fr9Jt0=
=RbZ7
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list