Ye olde "avc granted"
m.roth at 5-cent.us
m.roth at 5-cent.us
Tue Mar 26 19:27:10 UTC 2013
Daniel J Walsh wrote:
> On 03/26/2013 03:12 PM, m.roth at 5-cent.us wrote:
>> Daniel J Walsh wrote:
>>> On 03/26/2013 03:08 PM, m.roth at 5-cent.us wrote:
>>>> Hi, folks,
>>>>
>>>> Got a server that's throwing a ton of avc granted, all related to
>>>> Matlab. I saw something via google from '06, for a java thing - is
>>>> there something I can use to shut this up?
>>>>
>>>> CentOS 5.9, current.
<snip>
>>> What do the AVC's look like?
>>
>> type=AVC msg=audit(1364322744.335:646078): avc: granted { execheap }
>> for pid=22581 comm="MATLAB" scontext=user_u:system_r:unconfined_t:s0
>> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>
> One hack to fix this would be to turn the boolean off and then write a
> custom policy module to allow unconfined_t execheap.
>
> policy_module(myunconfined, 1.0)
> gen_require(`
> type unconfined_t;
> ')
> allow unconfined_t self:process execheap;
Could I tell it to not audit matlab? If so, what would I tell it not to
audit, the executable? The libraries?
mark
More information about the selinux
mailing list