unconfined domains and Dan Walsh's article
Daniel J Walsh
dwalsh at redhat.com
Mon Apr 4 20:08:30 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/04/2011 02:53 PM, Klaus Lichtenwalder wrote:
> Am 04.04.2011 20:49, schrieb Daniel J Walsh:
>> On 04/04/2011 02:22 PM, Klaus Lichtenwalder wrote:
>>> Dan,
>>
>>> it does not show up in normal operation. It just showed up when I
>>> undefined all unconfined domains, as per your post, for tests. For
>>> normal operations this bug is fixed, I was more or less following on
>>> your plans to move along with a more stricter targeted policy...
>>
>>> Klaus
>>
>> Could you send me your audit.log?
>
> Sure, it's in the attachment. I did the following commands:
>
> 1004 semodule -d unconfined
> 1005 setenforce 0
> 1006 kpartx -av /dev/vg00/lv_fc15lxde
> 1007 vgchange -a y vg_fc15lxde
> 1008 vgchange -a n vg_fc15lxde
> 1009 kpartx -dv /dev/vg00/lv_fc15lxde
> 1010 setenforce 1
>
> Klaus
>
>
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I have added these rules and they should be available in
selinux-policy-3.9.16-12.fc15
You can add them for now using audit2allow -M mylvm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk2aJT4ACgkQrlYvE4MpobMdOQCePhAc+nfPDlGqq2MYCpAmHzDE
0oYAoJ98E6MVzWOgqjg+KRJwJNZPsMjz
=Z4Nj
-----END PGP SIGNATURE-----
More information about the selinux
mailing list