F12: SeLinux denials on older Fedora version mounted filesystems
Dominick Grift
domg472 at gmail.com
Fri Mar 5 18:44:55 UTC 2010
On 03/05/2010 07:29 PM, Daniel B. Thurman wrote:
> Many other complaints are similar for mounted Fedora versions
> BELOW the current running OS (F12), such as F11, 10, 9, 8, ...
>
> How does one get around this issue?
That is updatdb, I think it only wants to get attributes.
if this is the only thing bothering you than you could implement a
dontaudit rule i guess or label the mount points with a type that
updatedb can get attributes of.
echo "policy_module(mylocate, 1.0.0)" > mylocate.te;
echo "optional_policy(\`" >> mylocate.te;
echo "gen_require(\`" >> mylocate.te;
echo "type locate_t, unlabeled_t;" >> mylocate.te;
echo "')" >> mylocate.te;
echo "dontaudit locate_t unlabeled_t:file getattr_file_perms;" >>
mylocate.te;
echo "dontaudit locate_t unlabeled_t:dir getattr_dir_perms;" >> mylocate.te;
echo "dontaudit locate_t unlabeled_t:lnk_file getattr_lnk_file_perms;"
>> mylocate.te;
echo "')" >> mylocate.te
make -f /usr/share/selinux/devel/Makefile mylocate.pp
sudo semodule -i mylocate.pp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100305/a300f32b/attachment.bin
More information about the selinux
mailing list