zoneminder & nfs
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 2 18:10:27 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/02/2013 11:44 AM, m.roth at 5-cent.us wrote:
> Has there been some change in policy? I've got a box that's running fc17,
> updated fully, and it's spitting avc's when motion is creating files and
> links on an nfs-mounted directory.
>
> Running audit2allow gets me: #============= zoneminder_t ==============
> allow zoneminder_t nfs_t:lnk_file create;
>
> I'd rather not install that if something happened, and a bug crept into the
> current policy....
>
> mark
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
Seems pretty strange.
sesearch -C -A -s zoneminder_t -c lnk_file -p create
Found 3 semantic av rules:
allow zoneminder_t zoneminder_spool_t : lnk_file { ioctl read write create
getattr setattr lock append unlink link rename } ;
allow zoneminder_t zoneminder_tmpfs_t : lnk_file { ioctl read write create
getattr setattr lock append unlink link rename } ;
DT allow zoneminder_t public_content_rw_t : lnk_file { ioctl read write create
getattr setattr lock append unlink link rename } ; [ zoneminder_anon_write ]
The only place zoneminder is allowed to create content in is zoneminder
content of public_content.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlDkeBMACgkQrlYvE4MpobNV/gCg3CPMuDELZ81GOD3yz9FnOl69
G8cAn2pY6OkhXCuhd7TTDo4n3g0oyJZp
=GVzw
-----END PGP SIGNATURE-----
More information about the selinux
mailing list