I have a script invoked from a procmail recipe that needs to perform
actions involving searching for processes by name, playing sound through
pulseaudio, sending mail, plus a few others. When I run with enforcing=0
I get 385 AVC denials (103KB, not attached), and that's _without_
disabling the "dontaudit" rules, which would yield over 100 more
denials. The target contexts are not something I can change without
totally destroying the current policy.
Any suggestions other than the 120 "allow" rules that audit2allow would
suggest (and that's without considering the "dontaudit" denials)?
I'm getting _really_ tired of this. I'm spending more time trying to
get things to work under SELinux than it would take me to recover from a
(highly unlikely) intrusion. Sometimes the cost of insurance is just
too high.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
Show replies by thread