selinux and mcelog
Daniel J Walsh
dwalsh at redhat.com
Fri Feb 17 21:19:07 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/17/2012 11:43 AM, m.roth at 5-cent.us wrote:
> I'm running CentOS 6.2, all updates. selinux-policy
> 3.7.19-126.el6_2.6. I see
> /usr/share/selinux/devel/include/admin/mcelog.if:
> ######################################## ## <summary> ##
> Execute a domain transition to run mcelog. ## </summary> ## <param
> name="domain"> ## <summary> ## Domain allowed to
> transition. ## </summary> ## </param> #
> interface(`mcelog_domtrans',` gen_require(` type mcelog_t,
> mcelog_exec_t; ')
>
> domtrans_pattern($1, mcelog_exec_t, mcelog_t) ')
>
> Yet, I'm seeing SELinux is preventing /usr/sbin/mcelog from getattr
> access on the file /var/run/mcelog.pid.
>
> Now, from some googling, it *looks* as though this was fixed
> already. Am I missing something, or has this bug been
> reintroduced?
>
> mark
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
Well i am not sure if it is was fixed in 6.2 policy or 6.3. I provide
the current selinux policy prerelease in
people.redhat.com/dwalsh/SELinux/RHEL6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8+xEsACgkQrlYvE4MpobPJqACeJfF5X0UW4sAeQeeTznTE5jOq
uwoAniRES1D+aspYM3oQQrWb4D3dP0Lc
=4SV1
-----END PGP SIGNATURE-----
More information about the selinux
mailing list