-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/02/2013 11:44 AM, m.roth(a)5-cent.us wrote:
Has there been some change in policy? I've got a box that's
running fc17,
updated fully, and it's spitting avc's when motion is creating files and
links on an nfs-mounted directory.
Running audit2allow gets me: #============= zoneminder_t ==============
allow zoneminder_t nfs_t:lnk_file create;
I'd rather not install that if something happened, and a bug crept into the
current policy....
mark
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Seems pretty strange.
sesearch -C -A -s zoneminder_t -c lnk_file -p create
Found 3 semantic av rules:
allow zoneminder_t zoneminder_spool_t : lnk_file { ioctl read write create
getattr setattr lock append unlink link rename } ;
allow zoneminder_t zoneminder_tmpfs_t : lnk_file { ioctl read write create
getattr setattr lock append unlink link rename } ;
DT allow zoneminder_t public_content_rw_t : lnk_file { ioctl read write create
getattr setattr lock append unlink link rename } ; [ zoneminder_anon_write ]
The only place zoneminder is allowed to create content in is zoneminder
content of public_content.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined -
http://www.enigmail.net/
iEYEARECAAYFAlDkeBMACgkQrlYvE4MpobNV/gCg3CPMuDELZ81GOD3yz9FnOl69
G8cAn2pY6OkhXCuhd7TTDo4n3g0oyJZp
=GVzw
-----END PGP SIGNATURE-----