Ye olde "avc granted"
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 26 19:24:10 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/26/2013 03:12 PM, m.roth at 5-cent.us wrote:
> Daniel J Walsh wrote:
>> On 03/26/2013 03:08 PM, m.roth at 5-cent.us wrote:
>>> Hi, folks,
>>>
>>> Got a server that's throwing a ton of avc granted, all related to
>>> Matlab. I saw something via google from '06, for a java thing - is
> there something
>>> I can use to shut this up?
>>>
>>> CentOS 5.9, current.
>>>
>> Ask on the audit list, I am not sure there is anything you can do.
>>
>> What do the AVC's look like?
>
> type=AVC msg=audit(1364322744.335:646078): avc: granted { execheap } for
> pid=22581 comm="MATLAB" scontext=user_u:system_r:unconfined_t:s0
> tcontext=user_u:system_r:unconfined_t:s0 tclass=process
>
> mark
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
One hack to fix this would be to turn the boolean off and then write a custom
policy module to allow unconfined_t execheap.
policy_module(myunconfined, 1.0)
gen_require(`
type unconfined_t;
')
allow unconfined_t self:process execheap;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFR9doACgkQrlYvE4MpobNJCACbBR9cwGMTQ23hxrwvq5r3/zRQ
u7AAnj9YIAZ5PZYiWbks6Ie272uciwlS
=jJfz
-----END PGP SIGNATURE-----
More information about the selinux
mailing list