Hi Daniel,
On Mon, Apr 15, 2013 at 08:56:56AM -0700, Daniel J Walsh wrote:
Does your application work? If yes then no reason to allow this avc.
It takes a while to start, but my application does work. Is it then
possible to just ignore the alerts for this particular case. I would
also prefer not to mess with my policies, lack of understanding being
the main reason.
That said, I do have another similar problem with a game in steam:
SELinux is preventing /home/user/.local/share/Steam/ubuntu12_32/steam
from using the execheap access on a process.
Raw Audit Messages:
type=AVC msg=audit(1365646731.47:8579): avc: denied { execheap } for
pid=6561 comm="steam"
scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=process
type=SYSCALL msg=audit(1365646731.47:8579): arch=i386 syscall=capget
success=no exit=EACCES a0=a937000 a1=c000 a2=7 a3=ffbe844c items=0
ppid=1804 pid=6561 auid=500 uid=500 gid=500 euid=500 suid=500
fsuid=500 egid=500 sgid=500 fsgid=500 ses=2 tty=pts9 comm=steam
exe=/home/jallad/.local/share/Steam/ubuntu12_32/steam
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
Hash: steam,unconfined_t,unconfined_t,process,execheap
This time however, the application does not work. Again, adding the
custom policy fails in exactly the same manner.
Looks like you have an old policy module that has crufted up your
system.
This is up to date F18: selinux-policy-3.11.1-87.fc18.noarch.
locate passanger.pp
This does not return anything.
semodule -r passanger
libsepol.scope_copy_callback: qpidd: Duplicate declaration in module:
type/attribute qpidd_var_lib_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file
or directory).
semodule: Failed!
The only time I messed with SELinux was when I installed a few custom
file contexts for a change root environment I use for my work.
# semanage -o fcontext
boolean -D
login -D
login -a -s unconfined_u -r 's0-s0:c0.c1023' __default__
login -a -s unconfined_u -r 's0-s0:c0.c1023' root
login -a -s system_u -r 's0-s0:c0.c1023' system_u
user -D
port -D
interface -D
node -D
fcontext -D
fcontext -a -f 'directory' -t root_t '/home/slc5'
fcontext -a -f 'directory' -t mnt_t '/home/slc5/afs'
fcontext -a -f 'directory' -t lib_t '/home/slc5/lib64'
fcontext -a -f 'all files' -t lib_t '/home/slc5/lib64.*'
fcontext -a -f 'directory' -t usr_t '/home/slc5/local'
fcontext -a -f 'all files' -t usr_t '/home/slc5/local.*'
fcontext -a -e /home/slc5/media /media
fcontext -a -e /home/slc5/tmp /tmp
fcontext -a -e /home/slc5/proc /proc
fcontext -a -e /home/slc5/root /root
fcontext -a -e /home/slc5/dev /dev
fcontext -a -e /home/slc5/sys /sys
fcontext -a -e /home/slc5/selinux /selinux
fcontext -a -e /home/slc5/srv /srv
fcontext -a -e /home/slc5/opt /opt
fcontext -a -e /home/slc5/etc /etc
fcontext -a -e /home/slc5/var /var
fcontext -a -e /home/slc5/home /home
fcontext -a -e /home/slc5/mnt /mnt
fcontext -a -e /home/slc5/boot /boot
fcontext -a -e /home/slc5/bin /bin
fcontext -a -e /home/slc5/sbin /sbin
fcontext -a -e /home/slc5/lib /lib
fcontext -a -e /home/slc5/usr /usr
What OS is this? rhel6?
F18.
Thanks in advance.
--
Suvayu
Open source is the future. It sets us free.