New to this list, and new to SELinux.
Dominick Grift
dominick.grift at gmail.com
Fri Jan 18 12:29:17 UTC 2013
On Fri, 2013-01-18 at 13:26 +0100, Dominick Grift wrote:
>
> > Similarly, I have a large number of other failures that I have attempted
> > to fix in a similar way, and I suspect these fixes are not going to work
> > in the long term either. Here is one:
> >
> > Jan 13 03:52:22 DellT7600 kernel: type=1400 audit(1358067142.137:38576):
> > avc: denied { write } for pid=19269 comm="wcgrid_cep2_qch"
> > name="C.33.C30H17NO2.01540956.2.bp86.svp.n.pbe0.svp.n.sp" dev=sdb7
> > ino=268394 scontext=system_u:system_r:boinc_t:s0
> > tcontext=system_u:object_r:user_home_t:s0 tclass=dir
> >
> > The names of the programs, that seem to be in the comm= parts of these
> > messages, change very frequently. Those programs are downloaded
> > automatically by a constantly running daemon program that gets updated
> > once in a while, but the programs it downloads and runs change as soon
> > as one is completed and a new one is obtained. And I just cannot monitor
> > the message file all the time to keep up with this, so I either need a
> > very different way of running those programs, a better way to run
> > SELinux, or just turning SELinux off. I would hate to turn it off.
>
> The above issue seems to me a misconfiguration. But i would need more
> information to determine that. The AVC denials gives directions as to
> were to look
>
> a command with name wcgrid_cep2_qch wants to write to a directory with
> name C.33.C30H17NO2.01540956.2.bp86.svp.n.pbe0.svp.n.sp which is located
> on device sdb7 at inode 268394
>
> Use:
>
> find / -inum C.33.C30H17NO2.01540956.2.bp86.svp.n.pbe0.svp.n.sp
Err, rather:
find / -inum 268394
> to determine that actual full path of this directory. Then determine
> whether this is a appropriate location or whether it is labeled properly
More information about the selinux
mailing list