Policy Constraint Violation
Daniel J Walsh
dwalsh at redhat.com
Sat Jul 20 11:03:29 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/19/2013 07:23 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
> We are getting the following constrain violation in RHEL6 based system
>
>
> type=AVC msg=audit(1374251063.832:433289): avc: denied { relabelfrom }
> for pid=6499 comm="cp" name="ld.so.conf" dev=sda1 ino=1181947
> scontext=admin_u:sysadm_r:ipsec_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:etc_t:s0 tcl
>
> ass=file
>
>
>
> Was caused by:
>
> Policy constraint violation.
>
>
>
> May require adding a type attribute to the domain or type to satisfy the
> constraint.
>
>
>
> Constraints are defined in the policy sources in policy/constraints
> (general), policy/mcs (MCS), and policy/mls (MLS).
>
>
> What would be the interface to address this?
>
>
> Thanks,
>
> Anamitra
>
>
>
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
I believe you need.
domain_subj_id_change_exemption
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHqboEACgkQrlYvE4MpobNM7ACff/x1gYWb/XlkEFLUwI2orZUJ
CGYAoItUpXWxSnhCj+nOn2B2JiXMil1s
=gLjX
-----END PGP SIGNATURE-----
More information about the selinux
mailing list