fixfile.cron added.

Ivan Gyurdiev ivg2 at cornell.edu
Thu Jul 8 03:22:03 UTC 2004


On Wed, 2004-07-07 at 15:04 -0400, Stephen Smalley wrote:
> On Mon, 2004-07-05 at 21:44, Ivan Gyurdiev wrote:
> > > Suggestions on improvements?  Comments?
> > 
> > Just wondering why I have hundreds of denials
> > from sysadm_crond_t in my system log with /usr/bin/setfiles in them.
> > 
> > Latest policy, permissive mode.
> 
> sysadm_crond_t or system_crond_t?

sysadm is correct (audit2allow in verbose mode):

allow sysadm_crond_t adjtime_t:file { getattr };
        #EXE=/usr/sbin/setfiles  PATH=/etc/adjtime   :  getattr
        #EXE=/usr/sbin/setfiles  PATH=/etc/adjtime   :  getattr
                                                                                
allow sysadm_crond_t admin_passwd_exec_t:file { getattr };
        #EXE=/usr/sbin/setfiles  PATH=/usr/sbin/vipw   :  getattr
        #EXE=/usr/sbin/setfiles  PATH=/usr/sbin/vipw   :  getattr
                                                                                
allow sysadm_crond_t agp_device_t:chr_file { getattr };
        #EXE=/usr/sbin/setfiles  PATH=/dev/agpgart   :  getattr
        #EXE=/usr/sbin/setfiles  PATH=/dev/agpgart   :  getattr
                                                                                
allow sysadm_crond_t amanda_amandates_t:file { getattr };
        #EXE=/usr/sbin/setfiles  PATH=/etc/amandates   :  getattr
        #EXE=/usr/sbin/setfiles  PATH=/etc/amandates   :  getattr

...etc


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20040707/b05e96eb/attachment.bin 


More information about the selinux mailing list