fixfile.cron added.
Ivan Gyurdiev
ivg2 at cornell.edu
Thu Jul 8 03:22:03 UTC 2004
On Wed, 2004-07-07 at 15:04 -0400, Stephen Smalley wrote:
> On Mon, 2004-07-05 at 21:44, Ivan Gyurdiev wrote:
> > > Suggestions on improvements? Comments?
> >
> > Just wondering why I have hundreds of denials
> > from sysadm_crond_t in my system log with /usr/bin/setfiles in them.
> >
> > Latest policy, permissive mode.
>
> sysadm_crond_t or system_crond_t?
sysadm is correct (audit2allow in verbose mode):
allow sysadm_crond_t adjtime_t:file { getattr };
#EXE=/usr/sbin/setfiles PATH=/etc/adjtime : getattr
#EXE=/usr/sbin/setfiles PATH=/etc/adjtime : getattr
allow sysadm_crond_t admin_passwd_exec_t:file { getattr };
#EXE=/usr/sbin/setfiles PATH=/usr/sbin/vipw : getattr
#EXE=/usr/sbin/setfiles PATH=/usr/sbin/vipw : getattr
allow sysadm_crond_t agp_device_t:chr_file { getattr };
#EXE=/usr/sbin/setfiles PATH=/dev/agpgart : getattr
#EXE=/usr/sbin/setfiles PATH=/dev/agpgart : getattr
allow sysadm_crond_t amanda_amandates_t:file { getattr };
#EXE=/usr/sbin/setfiles PATH=/etc/amandates : getattr
#EXE=/usr/sbin/setfiles PATH=/etc/amandates : getattr
...etc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20040707/b05e96eb/attachment.bin
More information about the selinux
mailing list