-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Timms wrote:
Daniel J Walsh wrote:
> ...
> Ok I looked at the bugzilla, looks like mrtg is execing top which is
> reading all process /proc information. Does it need to be able to read
> all this, or can I dontaudit it.
Dan, I really don't know the answer to that - I haven't got around to
understanding / configuring mrtg at all. I got the impression from that
bug that the poster had a specific configuration that was causing that -
and that he would have to create allow rules for it to work, whereas I
don't seem to have any configuration for mrtg {except what is provided
in the rpm - a crond */5 min run using it's default config
/etc/mrtg/mrtg.cfg
A can confirm that commenting the /etc/cron.d/mrtg command stops the
denials, but I don't understand why my other F9Beta++ machine doesn't
generate the same denials.
As an aside: is there a way to perform an rpm -V to verify the packages
v on-disk contexts ? I could do this for mrtg and all it's requirements.
DaveT.
Not really but you can do a fixfiles -R mrtg restore to read the rpm
database and fix the labels on disk.
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org
iEYEARECAAYFAkgHQy8ACgkQrlYvE4MpobPPzgCfd81hsUnlz1zSSQnYhXR2r6AY
GF8An3Bmnut5i0iZtNcpcCcS6hvmXgZC
=WwPm
-----END PGP SIGNATURE-----