Re: SE Linux policy
by Luke Kenneth Casson Leighton
> On Mon, 26 Apr 2004 20:05, Krzysztof Mazurczyk <kmazurczyk wskiz poznan
> pl>
> wrote:
> > > > I have started playing with new SE Linux. I have it already
> > > > running.
> > > > BTW minor question: There are messages in log that
> > > > /sbin/unix_verify
> > > > is denied to do something. System is seemed to work well. Because
> > > > /sbin/unix_verify is from libpam-modules I'm not sure what to do -
> > > > ignore or add some rules to policy for /sbin/unix_verify.
> > >
> > > What access is denied?
> >
> > avc: denied { getattr } for pid=1768 exe=/sbin/unix_verify
> > path=/proc/1768/mounts dev= ino=115867664 scontext=system_u:system_r:
> > system_chkpwd_t tcontext=system_u:system_r:system_chkpwd_t tclass=file
>
> Allow this. The main policy will be changed to allow this.
>
russell, hi,
sorry to be picking up on this from not being on this mailing list,
and breaking the thread, but:
yes i have the same issue - what policy files do i need to update,
and with what?
or, where can i obtain an updated .deb from that contains the necessary
updates?
i can quite happily read and interpret the policy files but do not yet
have enough confidence to edit them.
pointers to a document that would tell me things like:
- to add a permission, go to file X and add what the scontext says to
it. then go to file Y and add what the bit in brackets says.
etc. etc.
would be _very_ helpful.
sincerely,
l.