I wrote:
I'm running CentOS 6.2, all updates. selinux-policy
3.7.19-126.el6_2.6.
I > see /usr/share/selinux/devel/include/admin/mcelog.if:
########################################
## <summary>
## Execute a domain transition to run mcelog.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`mcelog_domtrans',`
gen_require(`
type mcelog_t, mcelog_exec_t;
')
domtrans_pattern($1, mcelog_exec_t, mcelog_t)
')
Yet, I'm seeing
SELinux is preventing /usr/sbin/mcelog from getattr access on the file
/var/run/mcelog.pid.
Now, from some googling, it *looks* as though this was fixed
already.
Am I missing something, or has this bug been reintroduced?
From: Miroslav Grepl <mgrepl(a)redhat.com>
On 02/17/2012 09:19 PM, Daniel J Walsh wrote:
> Well i am not sure if it is was fixed in 6.2 policy or 6.3. I
provide
> the current selinux policy prerelease in
>
people.redhat.com/dwalsh/SELinux/RHEL6
Please, could you use the latest selinux-policy packages from
people.redhat.com/dwalsh/SELinux/RHEL6
how Dan wrote.
Are you asking me to test this policy update? I can do it on this one
machine... but it will be overwritten with the next update, and under no
circumstances will I roll it out to all our servers. We don't normally
even use CPAN - *everything's* from the repositories.
mark