Ye olde "avc granted"
m.roth at 5-cent.us
m.roth at 5-cent.us
Tue Mar 26 21:13:01 UTC 2013
m.roth at 5-cent.us wrote:
> Daniel J Walsh wrote:
>> On 03/26/2013 03:27 PM, m.roth at 5-cent.us wrote:
>>> Daniel J Walsh wrote:
>>>> On 03/26/2013 03:12 PM, m.roth at 5-cent.us wrote:
>>>>> Daniel J Walsh wrote:
>>>>>> On 03/26/2013 03:08 PM, m.roth at 5-cent.us wrote:
>>>>>>>
>>>>>>> Got a server that's throwing a ton of avc granted, all related to
>>>>>>> Matlab. I saw something via google from '06, for a java thing - is
>>>>>>> there something I can use to shut this up?
>>>>>>>
>>>>>>> CentOS 5.9, current.
>>> <snip>
>>>> One hack to fix this would be to turn the boolean off and then write a
>>>> custom policy module to allow unconfined_t execheap.
>>>>
>>>> policy_module(myunconfined, 1.0)
>>>> gen_require(`
>>>> type unconfined_t;
>>>>')
>>>> allow unconfined_t self:process execheap;
>>>
What a *pain*. As I said, I'm on CentOS 5.9, and
rpm -qa | grep selinux-policy\*
selinux-policy-2.4.6-327.el5
selinux-policy-targeted-2.4.6-327.el5
audit2allow doesn't seem to have a debug switch, and I've tried exactly
what you wrote, as well as the one I posted, and checkmodule chokes on
everything.
mark
More information about the selinux
mailing list