On Thu, 1 Apr 2004 14:38, Dax Kelson <dax(a)gurulabs.com> wrote:
I have a fresh FC2T2 install. I did the following to make up2date
work:
/usr/bin/setfilecon system_u:object_r:rpm_exec_t /usr/sbin/up2date
Then I ran "up2date-nox kernel"
The following appeared. It seems the kernel did install OK.
audit(1080787992.351:0): avc: denied { search } for pid=20375
exe=/bin/bash name=root dev=hda8 ino=179873
scontext=root:sysadm_r:bootloader_t
tcontext=root:object_r:staff_home_dir_t tclass=dir
/bin/bash: /root/.bashrc: Permission denied
What was the working directory at the time you ran up2date? Was
it /home/something?
We don't want to grant such domains wide access, and we also don't want large
dontaudit rules (they increase the size of the policy, increase kernel memory
use, etc).
Is it acceptable that sometimes if you run something from an unusual directory
then it will cause an audit message?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page