On 23/05/17 13:50, Gary Tierney wrote:
CC'ing to list. Replied directly to sender by accident.
On Tue, May 23, 2017 at 01:45:12PM +0100, Gary Tierney wrote:
Try running `semodule -DB`. Looks like something might be dontaudited. After running that command reproduce your error and check the audit log using Lukas' ausearch command.
On Tue, May 23, 2017 at 12:54:43PM +0100, lejeczek wrote:
On 23/05/17 12:07, Lukas Vrabec wrote:
On 05/23/2017 12:56 PM, lejeczek wrote:
hi fellas
I don't want to disable se, I cannot find booleans, there is no domain for htcondor I think. How do I let my htcondor through? with se:
condor_submit[29217]: segfault at 0 ip (null) sp 00007ffd7dfa61c8
type=ANOM_ABEND msg=audit(1495536871.977:1484): auid=2501 uid=1177 gid=513 ses=63 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=1532 comm="condor_submit" reason="memory violation" sig=11
disable se and works.
many thanks. L. _______________________________________________ selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
Hi,
Could you reproduce the scenario and then attach output of: # ausearch -m AVC,USER_AVC -ts recent
Thanks, Lukas.
hi, ausearch as above finds nothing, with only "recent" all the grep condor finds is that one line. Should I include a few more lines before that condor one? _______________________________________________ selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
-- Gary Tierney
GPG fingerprint: 412C 0EF9 C305 68E6 B660 BDAF 706E D765 85AA 79D8 https://sks-keyservers.net/pks/lookup?op=get&search=0x706ED76585AA79D8
from html docs (would be great to have it condor_* man in default not only in devel) I see this(which makes segfault not occur):
semanage permissive -a condor_schedd_t
but would this be best practice?