[Spacewalk-list] Selinux enforcing breaks rhnmd
Miroslav Suchy
msuchy at redhat.com
Wed Nov 21 07:49:59 UTC 2012
On 8.11.2012 14:19, James Hogarth wrote:
> Hi,
>
> I decided to try and make use of monitoring in Spacewalk...
>
> I'm not sure when this might not have worked from (an old 1.7 instance
> behaves this way and my new 1.8 does as well) but with selinux enforcing
> I'm getting an AVC stopping rhnmd from working properly...
The problem is that rhnmd can do anything. It can execute all probes we
have in stack and even some custom, which we do not about.
So it is IMHO impossible to write proper selinux policy for rhnmd
(beside donotaudit/unconfined).
Mirek
More information about the Spacewalk-list
mailing list