selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te | 3 +++ 1 file changed, 3 insertions(+)
New commits: commit 257376e6b9a18ac17ac25f2249e95e4c3fa786f0 Author: Jan Pazdziora jpazdziora@redhat.com Date: Mon Oct 4 17:53:32 2010 +0200
619014 - allow monitoring to read usr files as that's where some perl module now live.
Addressing type=AVC msg=audit(1286183040.884:35472): avc: denied { open } for pid=1251 comm="MonitoringScout" name="Object.pm" dev=dm-0 ino=2383281 scontext=unconfined_u:system_r:spacewalk_monitoring_t:s0 tcontext=system_u:object_r:usr_t:s0 tclass=file
diff --git a/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te b/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te index 2a92320..febb6c5 100644 --- a/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te +++ b/selinux/spacewalk-monitoring-selinux/spacewalk-monitoring.te @@ -167,3 +167,6 @@ allow spacewalk_monitoring_t self:process setpgid; optional_policy(` samba_stream_connect_winbind(spacewalk_monitoring_t) ') +optional_policy(` + files_read_usr_files(spacewalk_monitoring_t) +')
spacewalk-commits@lists.fedorahosted.org