[Freeipa-devel] [PATCH] fix segfault in password change
Jan-Frode Myklebust
janfrode at tanso.net
Wed Jul 2 17:04:09 UTC 2008
On Mon, Jun 30, 2008 at 02:16:53PM -0400, Simo Sorce wrote:
> > >
> > >
> > > Ok, attached patch tries to avoid memory leaks too.
> > >
> > ack
>
> pushed
Great, got it today, and it's working fine. Only issue so far is that
I've had a couple of avc denials :
type=1400 audit(1215017904.493:17): avc: denied { read } for pid=2925 comm="ipa_kpasswd" name="net" dev=proc ino=4026531867 scontext=unconfined_u:system_r:ipa_kpasswd_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=lnk_file
type=1400 audit(1215017904.494:18): avc: denied { read } for pid=2925 comm="ipa_kpasswd" name="unix" dev=proc ino=4026533123 scontext=unconfined_u:system_r:ipa_kpasswd_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file
That's for
/proc/net
/proc/net/unix
And ipa_kpasswd_t might need these:
#============= ipa_kpasswd_t ==============
allow ipa_kpasswd_t proc_net_t:file read;
allow ipa_kpasswd_t proc_net_t:lnk_file read;
-jf
More information about the Freeipa-devel
mailing list