-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/01/2012 04:26 PM, m.roth(a)5-cent.us wrote:
Since I posted about a week and a half ago, I haven't seen any
response.
This is an example of what I think Dan was asking about.
time->Thu Nov 1 16:00:01 2012 type=SYSCALL
msg=audit(1351800001.262:133107): arch=c000003e syscall=2 success=yes
exit=18 a0=7ffea2fdde22 a1=0 a2=1b6 a3=0 items=0 ppid=20709 pid=20713
auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48
tty=(none) ses=5118 comm="httpd" exe="/usr/sbin/httpd"
subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC
msg=audit(1351800001.262:133107): avc: denied { open } for pid=20713
comm="httpd" name="pcscd.pid" dev=sda3 ino=81412261
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:pcscd_var_run_t:s0 tclass=file type=AVC
msg=audit(1351800001.262:133107): avc: denied { read } for pid=20713
comm="httpd" name="pcscd.pid" dev=sda3 ino=81412261
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:pcscd_var_run_t:s0 tclass=file
And just to clarify, I believe what's doing this is that the webserver for
svn is checking the user's smart card before allowing them to check files
out.
mark
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Miroslav please back port
f67143c4d6f6cff20cdc3aa432c56faa37a2ac99
to Fedora 17 and RHEL6.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://www.enigmail.net/
iEYEARECAAYFAlCT0D0ACgkQrlYvE4MpobMB8QCgv3fassTQ+4zckEGMT6sFEEgp
GkcAoIN8KhZgbCr0AqIxC5SI9yQwxqQV
=SGGe
-----END PGP SIGNATURE-----