I have run into a problem of limted space for .strigi which was located in my home directory, so I decided to move ~/.strigi to another partition with ample space and created a symbolic link from ~/.strigi to the new location on a different partition.
Selinux is reporting: SELinux is preventing strigidaemon (unconfined_t) "mmap_zero" to <Unknown> (unconfined_t).
So, what is the proper context for .strigi and all of the files/directories contained within?
Thanks! Dan
Daniel B. Thurman wrote:
I have run into a problem of limted space for .strigi which was located in my home directory, so I decided to move ~/.strigi to another partition with ample space and created a symbolic link from ~/.strigi to the new location on a different partition.
Selinux is reporting: SELinux is preventing strigidaemon (unconfined_t) "mmap_zero" to <Unknown> (unconfined_t).
So, what is the proper context for .strigi and all of the files/directories contained within?
You'll find that bind mounts work much better than symlinks from an SELinux point of view.
This reminds me to ask though, where is homedir_template as used by genhomedircon now? I can't find it in Fedora 9 and anything I've tried editing that looks like it might be it gets overwritten when I run genhomedircon.
Paul.
On Mon, 2008-06-16 at 16:51 +0100, Paul Howarth wrote:
Daniel B. Thurman wrote:
I have run into a problem of limted space for .strigi which was located in my home directory, so I decided to move ~/.strigi to another partition with ample space and created a symbolic link from ~/.strigi to the new location on a different partition.
Selinux is reporting: SELinux is preventing strigidaemon (unconfined_t) "mmap_zero" to <Unknown> (unconfined_t).
So, what is the proper context for .strigi and all of the files/directories contained within?
You'll find that bind mounts work much better than symlinks from an SELinux point of view.
This reminds me to ask though, where is homedir_template as used by genhomedircon now? I can't find it in Fedora 9 and anything I've tried editing that looks like it might be it gets overwritten when I run genhomedircon.
genhomedircon functionality was taken into libsemanage in order to address various problems with the external implementation, and homedir_template is generated (from template entries in the .fc files) and used within the module sandbox, not made externally accessible.
/usr/sbin/genhomedircon is now just a script that invokes semodule -Bn to regenerate the policy.
Paul Howarth wrote:
Daniel B. Thurman wrote:
I have run into a problem of limted space for .strigi which was located in my home directory, so I decided to move ~/.strigi to another partition with ample space and created a symbolic link from ~/.strigi to the new location on a different partition.
Selinux is reporting: SELinux is preventing strigidaemon (unconfined_t) "mmap_zero" to <Unknown> (unconfined_t).
So, what is the proper context for .strigi and all of the
files/directories
contained within?
You'll find that bind mounts work much better than symlinks from an SELinux point of view.
Uh, ok - I'll have to look into that again. I forget how this is done.
This reminds me to ask though, where is homedir_template as used by genhomedircon now? I can't find it in Fedora 9 and anything I've tried editing that looks like it might be it gets overwritten when I run genhomedircon.
Um, dunno. I am running F8.
BTW: I am getting hammered with SELinux complaining on the above reported error. It looks like a runaway process and hammering both of my CPUs badly. How do I temporarily shutdown strigidaemon for now until I can get this issue resolved?
Thanks! Dan
On Mon, 2008-06-16 at 08:36 -0700, Daniel B. Thurman wrote:
I have run into a problem of limted space for .strigi which was located in my home directory, so I decided to move ~/.strigi to another partition with ample space and created a symbolic link from ~/.strigi to the new location on a different partition.
Selinux is reporting: SELinux is preventing strigidaemon (unconfined_t) "mmap_zero" to <Unknown> (unconfined_t).
I'm ignoring your question because I have no idea, but I can say that this denial has nothing at all to do with the location of .strigi. This denial say that the program is calling mmap with MAP_FIXED on an area of memory < 64k (usually when people ask for this they ask for NULL). This is very rarely not needed by any program. emulators like wine sometimes need this and if so I'd suggest actually writing policy around strigidaemon to allow this permission rather than twiddle the boolean or allow it in proc....
-Eric
selinux@lists.fedoraproject.org