On Wed, Aug 19, 2009 at 6:35 PM, Daniel J
Walsh<dwalsh(a)redhat.com> wrote:
> On 08/19/2009 02:41 PM, Xavier Toth wrote:
>> A process of type siterep_jcdx_nautilus_helper_t running at SystemHigh
>> is trying to create a directory at SystemLow and getting the following
>> mlsconstraint violation:
>>
>> node=jcdx type=AVC msg=audit(1250704307.148:1143): avc: denied {
>> create } for pid=4208 comm="processdirs" name="test7"
scontext=s
>> iterep_u:siterep_r:siterep_jcdx_nautilus_helper_t:s15:c0.c1023
>> tcontext=system_u:object_r:jcdx_ml_var_t:s0 tclass=dir
>>
>> The siterep_jcdx_nautilus_helper_t policy uses the following macros:
>>
>>
manage_dirs_pattern($1_jcdx_nautilus_helper_t,jcdx_ml_var_t,jcdx_ml_var_t)
>>
>> ifdef(`enable_mls',`
>> mls_file_read_all_levels($1_jcdx_nautilus_helper_t)
>> mls_file_write_all_levels($1_jcdx_nautilus_helper_t)
>> mls_file_downgrade($1_jcdx_nautilus_helper_t)
>> mls_file_upgrade($1_jcdx_nautilus_helper_t)
>> ')
>>
>> I've looked at the policy mlsconstaints but I'm not understanding
>> which one is being violated, any ideas?
>>
>> Ted
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>>
> Not an MLS constraint.
> iterep_u creating a file labeled system_u
>
>
I once was blind but now I see ... Thanks Dan.
Ted
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list No propblem. I have
looked at a few billion more of these then you have.