selinux and mcelog
Miroslav Grepl
mgrepl at redhat.com
Mon Feb 20 16:11:07 UTC 2012
On 02/17/2012 09:19 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/17/2012 11:43 AM, m.roth at 5-cent.us wrote:
>> I'm running CentOS 6.2, all updates. selinux-policy
>> 3.7.19-126.el6_2.6. I see
>> /usr/share/selinux/devel/include/admin/mcelog.if:
>> ######################################## ##<summary> ##
>> Execute a domain transition to run mcelog. ##</summary> ##<param
>> name="domain"> ##<summary> ## Domain allowed to
>> transition. ##</summary> ##</param> #
>> interface(`mcelog_domtrans',` gen_require(` type mcelog_t,
>> mcelog_exec_t; ')
>>
>> domtrans_pattern($1, mcelog_exec_t, mcelog_t) ')
>>
>> Yet, I'm seeing SELinux is preventing /usr/sbin/mcelog from getattr
>> access on the file /var/run/mcelog.pid.
>>
>> Now, from some googling, it *looks* as though this was fixed
>> already. Am I missing something, or has this bug been
>> reintroduced?
>>
>> mark
>>
>>
>> -- selinux mailing list selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
> Well i am not sure if it is was fixed in 6.2 policy or 6.3. I provide
> the current selinux policy prerelease in
> people.redhat.com/dwalsh/SELinux/RHEL6
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk8+xEsACgkQrlYvE4MpobPJqACeJfF5X0UW4sAeQeeTznTE5jOq
> uwoAniRES1D+aspYM3oQQrWb4D3dP0Lc
> =4SV1
> -----END PGP SIGNATURE-----
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Please, could you use the latest selinux-policy packages from
people.redhat.com/dwalsh/SELinux/RHEL6
how Dan wrote.
More information about the selinux
mailing list