On Tuesday 22 February 2005 12:15, Valdis.Kletnieks(a)vt.edu wrote:
At least at one point in time, I was seeing random avc errors on
points that made absolutely no sense - I'd do an 'ls -Z' and it would look
OK. Finally twigged in that I needed to unmount the file system, relabel
the *directory*, and then remount. Seem to remember /usr/share and
/usr/local biting me that way (/, /usr, /usr/local, and /usr/share are 4
different file systems on my box).
In those cases a dontaudit rule will usually do the job. If the file system
is not mounted then there's nothing that the application can usefully do
under the mount point and usually ENOENT and EACCESS usually get the same
code paths in most applications that try to open files.
grep dontaudit.*file_t.dir policy.conf
The above grep command will show you some of the dontaudit rules that have
already been put in place to deal with this. If there are more domains that
may get used early in the boot process to get such errors then let us know
and we'll write dontaudit rules.
My NSA Security Enhanced Linux packages
Bonnie++ hard drive benchmark
Postal SMTP/POP benchmark
My home page