Re: avc: denied { ioctl }?
On Tue, 2005-06-07 at 08:17 -0500, Hongwei Li wrote:
> After I updated the policy to this version (1.17.30-2.96), from time to time
> the system log shows a lot of error messages like this:
>
> Jun 6 17:51:04 morpheus kernel: audit(1118098264.336:0): avc: denied {
> ioctl } for pid=17395 exe=/usr/bin/perl path=/proc/loadavg dev=proc
> ino=-268435456 scontext=user_u:system_r:httpd_sys_script_t
> tcontext=system_u:object_r:proc_t tclass=file
Likely should just be dontaudit'd, e.g.
yum install selinux-policy-targeted-sources
cd /etc/selinux/targeted/src/policy
echo "dontaudit httpd_sys_script_t proc_t:file ioctl;" >>
domains/misc/local.te
make load
--
Stephen Smalley
National Security Agency
Another question. I installed selinux-policy-targeted-sources. However, I
could not find local.te under domains/misc. What I see under domain are:
misc program unconfined.te
under misc I see only a folder unused under which are:
auth-net.te fcron.te kernel.te screensaver.te startx.te
userspace_objmgr.te xclient.te
but no local.te. I don't see it under domain/program/ either. Then, what
file should I run the above command to?
Thanks!
HOngwei