On Tuesday 19 April 2005 12:25, Valdis.Kletnieks(a)vt.edu wrote:
> In those cases a dontaudit rule will usually do the job. If the
> system is not mounted then there's nothing that the application can
> usefully do under the mount point and usually ENOENT and EACCESS usually
> get the same code paths in most applications that try to open files.
In my case, actually labelling the directories correctly was the better
For you maybe. In a general sense it isn't. We have no automatic system for
using umount or mount --bind to allow labelling of such mount points and we
can't expect most users to be able to do it.
Personally, I'm not thrilled by the idea of sticking in dontaudit
quiet complaints at boot time that are caused by directories that are
My NSA Security Enhanced Linux packages
Bonnie++ hard drive benchmark
Postal SMTP/POP benchmark
My home page