Ye olde "avc granted"
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 26 19:22:36 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/26/2013 03:12 PM, m.roth at 5-cent.us wrote:
> Daniel J Walsh wrote:
>> On 03/26/2013 03:08 PM, m.roth at 5-cent.us wrote:
>>> Hi, folks,
>>>
>>> Got a server that's throwing a ton of avc granted, all related to
>>> Matlab. I saw something via google from '06, for a java thing - is
> there something
>>> I can use to shut this up?
>>>
>>> CentOS 5.9, current.
>>>
>> Ask on the audit list, I am not sure there is anything you can do.
>>
>> What do the AVC's look like?
>
> type=AVC msg=audit(1364322744.335:646078): avc: granted { execheap } for
> pid=22581 comm="MATLAB" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>
> mark
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
Ah this is an old selinux-policy thing, to tell you that you have
allow_execheap boolean turned on and apps are using execheap.
Probably should turn this off, in policy.
Only way to turn it off is to turn off the boolean which will pribably break
MATLAB.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFR9XwACgkQrlYvE4MpobPw8QCfaMsTpg6rTIy23OcbNIusl6oy
Q1kAn2DkB7NZbS+3rmVXcOyw/QisYeGW
=ae08
-----END PGP SIGNATURE-----
More information about the selinux
mailing list