On Mon, 26 Apr 2004 20:05, Krzysztof Mazurczyk <kmazurczyk wskiz
poznan
pl>
wrote:
> > > I have started playing with new SE Linux. I have it already
> > > running.
> > > BTW minor question: There are messages in log that
> > > /sbin/unix_verify
> > > is denied to do something. System is seemed to work well. Because
> > > /sbin/unix_verify is from libpam-modules I'm not sure what to do -
> > > ignore or add some rules to policy for /sbin/unix_verify.
> >
> > What access is denied?
>
> avc: denied { getattr } for pid=1768 exe=/sbin/unix_verify
> path=/proc/1768/mounts dev= ino=115867664 scontext=system_u:system_r:
> system_chkpwd_t tcontext=system_u:system_r:system_chkpwd_t tclass=file
Allow this. The main policy will be changed to allow this.
russell, hi,
sorry to be picking up on this from not being on this mailing list,
and breaking the thread, but:
yes i have the same issue - what policy files do i need to update,
and with what?
or, where can i obtain an updated .deb from that contains the necessary
updates?
i can quite happily read and interpret the policy files but do not yet
have enough confidence to edit them.
pointers to a document that would tell me things like:
- to add a permission, go to file X and add what the scontext says to
it. then go to file Y and add what the bit in brackets says.
etc. etc.
would be _very_ helpful.
sincerely,
l.